- An AWS account
- Any S3, EC2, RDS, Lambda services active on AWS for adding to UpGuard
- The integration saves the credentials that you supply to UpGuard securely in the database
- A synchronization occurs every two hours (see the Scheduled Jobs page to alter this interval)
- The Sync event calls out to AWS using the credentials supplied to return a list of nodes and their details
- The information captured is then stored as a node either for processing in the Detected page
- Alternatively, if ‘Automatically add’ is checked, the nodes will be added directly to the ‘All Nodes group’.
The AWS integration settings form is shown in the following screenshot.
If the AWS integration is not available to you on the "Integrations" page, please contact your account manager to have your instance updated
|Integration Name||The name of the integration within UpGuard|
|Connection Manager Group||The default group that will be used to scan AWS EC2 nodes|
|AWS Access Key||The AWS account access key that is found in the AWS console|
|AWS Secret Key||The secret key for your AWS user; emailed when account was first created|
|AWS IAM Role ARN (Optional)||If filled, uses the access key’s user to assume the role of ARN provided|
|Instance Types||If checked, indicates which types of nodes are of interest for adding|
|Automatically add nodes||If checked, adds new nodes discovered automatically to ‘All Nodes’ group|
Bulk Add Nodes via AWS
Another way to set up an AWS integration is by performing a bulk add of nodes through the Add Nodes flow, selecting AWS as an option to perform the bulk add.
The information captured on that page will match those in the integration setup flow, and is subsequently used to create an AWS integration which you can then view in the list of Integrations.
Security Group Permissions
The following permissions are required to sync nodes from AWS.
|VPS Flow Logs||
|VPC Peering Connections||
For a list of permissions required to scan nodes in each of these node types refer to this page.
- Verify that the account credentials supplied for the AWS integration are correct
- Ensure that the nodes synced are either on the Discover > Detected page or on the Monitored page
- Check the Events page for AWS Sync events to confirm the status of the sync