AWS Environment

    This chapter describes what needs to be prepared in the AWS Identity and Access Management to be able to perform an inventory with Docusnap.

    Within the Inventory Wizard, the following information is required:

    • Display Name
    • Access Key ID
    • Secret Access Key
    • Region

    Please make sure to use a sufficiently authorized user. This user must be allowed to make the following changes:

    • Create policies
    • Creating a user and assigning the created guidelines

    Create policy

    This paragraph uses EC2 as an example to describe how to create a dedicated policy for inventorying AWS in Docusnap. This procedure must then be carried out for the other AWS core areas (RDS, S3, IAM, Batch, Lambda and SQS).

    Open the services and select IAM.

    Docusnap Inventory AWS Preparations Register Policy

    Afterwards, a new policy can be created under Policies by clicking the Create Policy button.

    Docusnap Inventory AWS Preparations Create Policy

    The Service, Actions and Resources areas are then defined one after the other using the visual editor.

    • Service With Choose a Service, you then search for the service for which you want to create the policy, in this case EC2.
    • Actions The actions permitted in EC2 are set at Access Level List and Read.
    • Resources Here it is recommended to authorize the actions via All resources of the services.
    • Request conditions This item is optional and is not required for a successful inventory.

    Docusnap Inventory AWS Preparations Check Policy

    Check policy

    Assign a unique name for the created policy (e.g. Docusnap_EC2_Inventory) and an optional description. The configuration is completed via Create policy.

    Docusnap Inventory AWS Preparations Complete Policy

    The previously described steps for creating the policy using the EC2 service as an example must now be repeated for the other services that are to be inventoried with Docusnap.

    Configure User

    The previously created policies are now assigned to a user. The next step is to select the User item in Services - IAM.

    Docusnap Inventory AWS Preparations User Mangement

    Important: The arrangement of the displayed data in the Docusnap tree structure is based on the inventorying user, this has the region binding described at the beginning as background. Please select the relevant usernames for different regions here in order to assign them unambiguously.

    Create User

    Use Add user to create a new user. A user name and AWS access type are required.

    As AWS access type select Programmatic access, open the next step via the button Next: Permissions.

    Docusnap Inventory AWS Preparations Create User

    Define authorizations

    Here you have two different possibilities to authorize your user for inventory.

    • Add user to group This option can be selected if you want to assign the created policies to a group. However, it is advisable to always carry out the inventory with the same user.

    • Attach existing policies directly This option is described in this chapter to bind the pre-created policies directly to a user.

    Select Add existing policies directly and navigate to the Filter Policies option and set the filter to Customer Managed. Now select the created policies and add them to this user.

    Docusnap Inventory AWS Preparations User Assign Policy

    The information entered can then be checked again. Click the Create User button to create the user.

    Docusnap Inventory AWS Preparations User Completed

    Receive User Keys for Inventory

    Important: The final data created (user, access key ID and secret access key) are required for the inventory in Docusnap and can be downloaded as CSV. These can only be viewed once after configuration!

    Docusnap Inventory AWS Preparations User CSV