Amazon Web Services

Rumble Enterprise integrates with Amazon Web Services to provide better visibility across your cloud environment. This integration imports data from the AWS EC2 API as well as the AWS ELB APIs (Elastic Load Balancing - Version 1/Elastic Load Balancing - Version 2), adding detailed information to your asset inventory. Syncing with AWS allows you to quickly identify the number of EC2 instances and elastic load balancers you have running, their region, account, and more.

This integration supports the import of all running EC2 instances and active application, network, gateway, or classic load balancers. It can be configured to connect to a single AWS account or to all accounts in your organization and imports data across multiple regions. It sets the AWS-specific attributes and updates asset-level attributes as well. Rumble is able to merge existing assets with AWS data when the MAC address is the same. AWS devices can also be manually merged into Rumble assets using the Merge button on the Asset Inventory screen.

Getting Started

To set up the AWS integration, you’ll need to:

  1. Configure AWS to allow API access through Rumble.
  2. Add the AWS credential to Rumble, which includes the access key and secret key.
  3. Activate the AWS EC2 connection to sync your data with Rumble.

Requirements

Before you can set up the AWS EC2 integration:

  • Verify that you have Rumble Enterprise.
  • Make sure you have access to the AWS console.
  • Make sure you are using AWS Organizations if you want to connect to multiple accounts.

Step 1: Configure AWS to allow API access through Rumble

To connect to a single AWS account:

  1. Log into the AWS console.
  2. Go to Identity and Access Management (IAM) > Users and select the user that will provide API access to Rumble.
  3. Click Add permissions > Attach existing policies directly. Search for and attach the AmazonEC2ReadOnlyAccess policy.
  4. From the user summary screen, open the Security credentials tab and click on Create access key.
  5. Save the Access key ID and Secret access key.

To connect to all accounts in your organization:

  1. Log into the AWS console.
  2. For each account in your organization, create a role and assign the AmazonEC2ReadOnlyAccess policy. You can do this one at a time for each account or use StackSets to deploy the role if you have a large number of accounts:
    1. Using StackSets:
      1. While logged into your organization’s management account, go to CloudFormation > StackSets and click Create StackSet.
      2. Select Template is ready and upload a file with the following JSON template. Replace <accountID> with the account ID where the role was created and <roleName> with the name of the role. Click next.
        {
            "Resources": {
                "IAMRumbleRole": {
                    "Type": "AWS::IAM::Role",
                    "Properties": {
                        "AssumeRolePolicyDocument": {
                            "Statement": [
                                {
                                    "Action": "sts:AssumeRole",
                                    "Effect": "Allow",
                                    "Principal": {
                                        "AWS": "arn:aws:iam::<accountID>:user/<roleName>"
                                    }
                                }
                            ],
                            "Version": "2012-10-17"
                        },
                        "ManagedPolicyArns": [
                            {
                                "Fn::Join": [
                                    "",
                                    [
                                        "arn:",
                                        {
                                            "Ref": "AWS::Partition"
                                        },
                                        ":iam::aws:policy/AmazonEC2ReadOnlyAccess"
                                    ]
                                ]
                            }
                        ],
                        "RoleName": "<roleName>"
                    }
                }
            }
        }
        
      3. Enter a name for the StackSet. Click next.
      4. Optionally set tags. Click next.
      5. Set the deployment options. Click next.
      6. Review and create the StackSet.
    2. Using IAM:
      1. Go to Identity and Access Management (IAM) > Roles and click Create role.
      2. Choose Another AWS Account for the type of trusted entity.
      3. For Account ID, enter the ID for your organization’s management account.
      4. Click Next: Permissions.
      5. Attach the AmazonEC2ReadOnlyAccess policy.
      6. Click Next: Tags and add tags optionally.
      7. Click Next: Review and provide a name for the role. (The role must be named the same for all accounts)
      8. Click Create role.
  3. For your organization’s management account, create an inline policy to allow the STS AssumeRole action.
    1. Go to Identity and Access Management (IAM) > Users and select the user that will provide API access to Rumble.
    2. Click Add inline policy.
    3. In the JSON tab, enter the following, replacing <rolename> with the role name:
      {
         "Version": "2012-10-17",
         "Statement": [
             {
                 "Effect": "Allow",
                 "Action": "sts:AssumeRole",
                 "Resource": "arn:aws:iam::*:role/<rolename>"
             }
         ]
      }
      
    4. From the user summary screen, open the Security credentials tab and click on Create access key.
    5. Save the Access key ID and Secret access key.
    6. From the user summary screen, open the Permissions tab and click Add permisions. Attach the AWSOrganizationsReadOnlyAccess policy.
    7. (Optional) Attach the AmazonEC2ReadOnlyAccess policy to your organization’s management account if it has EC2 instances you would like to sync.

Step 2: Add the AWS credential to Rumble

  1. Go to the Credentials page in Rumble and click Add Credential.
  2. Provide a name for the credential, like AWS EC2.
  3. Choose AWS Access & Secret from the list of credential types.
  4. Provide the following information:
    • AWS access key - Access key ID obtained from User > Security credentials > Create access key.
    • AWS secret access key - Secret access key obtained from User > Security credentials > Create access key.
    • Click the Use cross-account access for my AWS organization checkbox if you want to connect to all accounts in your organization.
    • AWS role - the name of the role to assume for all accounts. It should be named the same across accounts.
    • Select the region(s) that you want to sync.
  5. If you want other organizations to be able to use this credential, select the Make this a global credential option. Otherwise, you can configure access on a per organization basis.
  6. Save the credential. You’re now ready to set up and activate the connection to bring in data from AWS.

Step 3: Set up and activate the AWS EC2 connection to sync data

After you add your AWS credential, you’ll need to set up a connection to sync your data from AWS. A connection requires you to set a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where the data is organized.

  1. Activate a connection to AWS. You can access all available third-party connections from your inventory or tasks page.
  2. Choose the credential you added earlier. If you don’t see the credential listed, make sure the credential has access to the organization you are currently in.
  3. Enter a name for the task, like AWS sync.
  4. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
  5. Under Task configuration, choose the site you want to add your assets to. All newly discovered assets will be stored in this site. You can also choose to Automatically create a new site per VPC, and Rumble will take care of creating the sites for newly discovered assets.
  6. Under Service options, select the services you would like to sync data from. You must choose at least one.
  7. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.

Step 4: View AWS assets

After a successful sync, you can go to your inventory to view your AWS assets. These assets will have an AWS icon listed in the Source column.

To filter by AWS assets, consider running the following queries:

Click into each asset to see its individual attributes. Rumble will show you the attributes returned by the AWS APIs.

AWS EC2 instance attributes

Rumble will enrich your assets with the following attributes, if the information is available:

id
instanceID
privateIP
privateDNS
publicIP
publicDNS
subnetID
vpcID
architecture
bootMode
hypervisor
imageID
instanceLifecycle
instanceType
ipv4
ipv6
kernelID
keyName
launchTimeTS
macs
outpostARN
platform
ramdiskID
rootDeviceName
rootDeviceType
spotInstanceRequestID
state
affinity
availabilityZone
groupName
hostID
hostResourceGroupArn
spreadDomain
tenancy
virtualizationType

AWS ELB attributes

Rumble will enrich your assets with the following attributes, if the information is available:

accountID
availabilityZones
canonicalHostedZoneId
canonicalHostedZoneName
createdTimeTS
customerOwnedIpv4Pool
dnsName
healthCheck.healthyThreshold
healthCheck.interval
healthCheck.target
healthCheck.timeout
healthCheck.unhealthyThreshold
instances
ipAddressType
ipv4
ipv6
loadBalancerArn
loadBalancerName
macs
privateIPs
publicIPs
region
scheme
securityGroups
sourceSecurityGroup.groupName
sourceSecurityGroup.ownerAlias
state
subnets
tags
type
vpcID