Has anyone had success with inventorying AWS across multiple accounts using a Beacon deployed in AWS?
I have an on-prem FNM server, and beacon that is an EC2 deployed in a main account in AWS. We configured the roles and policies according to this:
https://docs.flexera.com/FlexNetManagerSuite2020R2/EN/WebHelp/index.html#tasks/IB-ConnectAWSfib.html
We get the full instance information for the account that the beacon lives in...but configured the IAM role in another account we own and assigned it to the other account per the instructions---however, it doesn't pull any instance information for that account.
Wanted to check here first before i submit a ticket and rope in support. Testing this method before we go to production at a customer that has "a lot of" accounts, so would prefer to use this method and avoid creating IAM Users...which is preferred anyway.
Thanks.
Nov 17, 2021 01:21 PM
We have succeeded to have inventories for multiple accounts. However it took some time for me as a non-aws guy to explain to the AWS team how they should setup the accesses. The instruction in the manual is a bit complicated to understand since it doesn't have any visualisations.
One thing I remember that the AWS team did configure wrong was that they tried to use wildcards in the Resource ARN's which is not supported.
You might get a better understanding whats going wrong if you run the compliance importer in verbose mode.
Nov 17, 2021 01:37 PM - edited Nov 17, 2021 01:39 PM
Thanks mag00 for letting me know there's hope. I'll double check the things you mention and turn on verbose. Much appreciated.
Nov 17, 2021 06:45 PM
I'm not sure this will be directly related to what you're working through, but for reference here is another thread discussing working with multiple AWS accounts: AWS to FNMS connector
Nov 17, 2021 07:32 PM