This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS Integration with FNMS 2021R1

azam_tajammul
By
Level 3

Hello All,

 

I need a help!

I am planning to integrate AWS Portal with FNMS On Prem 2021 solution and there are questions from the AWS team:

We have multiple AWS accounts in the portal  and each EC2 instance has separate IAM role. We have over 100 EC2 instance and would take us a long time to setup the IAM roles. DO we somehow have a central account where we can provide the required roles or do we need to one by one setup roles in all EC2 instance.

‎Apr 04, 2022 07:41 AM

(2) Replies

tmullin
By Level 3 Flexeran
Level 3 Flexeran

Hi @azam_tajammul,

Having or configuring a separate role for each EC2 instance is not required to set up the FNMS AWS adapter. If you would like to inventory multiple AWS accounts using a single connection then you do need one role in each account giving the necessary permissions. If there are a large number of accounts, it is possible to deploy the roles to each account automatically if they are part of an organization using the AWS organization account.

If your beacon is installed on an EC2 instance then you can see this page for more information on set up:

https://docs.flexera.com/FlexNetManagerSuite2021R1/EN/WebHelp/index.html#tasks/IB-ConnectAWSfib.html

If your beacon is not on an EC2 instance then this page has more information:

https://docs.flexera.com/FlexNetManagerSuite2021R1/EN/WebHelp/index.html#tasks/IB-ConnectAWSroles.html

 

‎Apr 11, 2022 06:11 AM

cdubs76
By
Level 6

The references that @tmullin give are what i followed when connecting to our customer's AWS presence.   It can be a little hard to follow just reading, but makes more sense once you complete the set up.

Having a Beacon on an EC2 is the preferred method (from a security standpoint) and seems to work a little more seamlessly.  We worked with our cloud ops team and they were able to stand up the connectivity into a fairly large # of accounts with relative ease once we provided them the necessary policies and roles needed.  If you have a large number of accounts, this process can be very time consuming.  I know the recommended schedule is every 30 minutes to catch terminated instance---however, ours only completes once a day.

‎Apr 11, 2022 10:03 AM