Amazon Web Services

Rumble Professional and Rumble Enterprise integrate with Amazon Web Services (AWS) to provide better visibility across your cloud environment. This integration imports data from each applicable API to add detailed information to your asset inventory:

Syncing with AWS allows you to quickly identify the number of EC2 instances elastic load balancers, and relational database services you have running, as well as their region, account, and more.

This integration supports the import of all running EC2 instances, RDS instances, and active application, network, gateway, or classic load balancers. It can be configured to connect to a single AWS account or to all accounts in your organization, and imports data across multiple regions. It sets the AWS-specific attributes and updates asset-level attributes as well. Rumble is able to merge existing assets with AWS data when the MAC address is the same. AWS devices can also be manually merged into Rumble assets using the Merge button on the Asset Inventory screen.

Getting started

To set up the AWS integration, you’ll need to:

  1. Configure AWS to allow API access through Rumble.
  2. Add the AWS credential to Rumble, which includes the access key and secret key.
  3. Activate the AWS connection to sync your data with Rumble.

Requirements

Before you can set up the AWS integration:

  • Verify that you have Rumble Enterprise.
  • Make sure you have access to the AWS console.
  • Make sure you are using AWS Organizations if you want to connect to multiple accounts.

Step 1: Configure AWS to allow API access through Rumble

To connect to a single AWS account:

  1. Log into the AWS console.
  2. Go to Identity and Access Management (IAM) > Users and select the user that will provide API access to Rumble.
  3. Click Add permissions > Attach existing policies directly. Search for and attach the AmazonEC2ReadOnlyAccess and AmazonRDSReadOnlyAccess policies.
  4. From the user summary screen, open the Security credentials tab and click on Create access key.
  5. Save the Access key ID and Secret access key.

To connect to all accounts in your organization:

  1. Log into the AWS console.

  2. For each account in your organization, create a role and assign the AmazonEC2ReadOnlyAccess and AmazonRDSReadOnlyAccess policies. You can do this one at a time for each account or use StackSets to deploy the role if you have a large number of accounts:

    Option 1: Create a role using IAM

    1. Go to Identity and Access Management (IAM) > Roles and click Create role.
    2. Choose Another AWS Account for the type of trusted entity.
    3. For Account ID, enter the ID for your organization’s management account.
    4. Click Next: Permissions.
    5. Attach the AmazonEC2ReadOnlyAccess policy.
    6. Attach the AmazonRDSReadOnlyAccess policy.
    7. Click Next: Tags and add tags optionally.
    8. Click Next: Review and provide a name for the role. (The role must be named the same for all accounts)
    9. Click Create role.

    Option 2: Create and deploy a role to multiple accounts using StackSets

    1. While logged into your organization’s management account, go to CloudFormation > StackSets and click Create StackSet.
    2. Select Template is ready and upload a file with the JSON template for the stackset provided below. Replace <accountID> with the account ID where the role was created and <roleName> with the name of the role. Click next.
    3. Enter a name for the StackSet. Click next.
    4. Optionally set tags. Click next.
    5. Set the deployment options. Click next.
    6. Review and create the StackSet.
  3. For your organization’s management account, create an inline policy to allow the STS AssumeRole action.

    1. Go to Identity and Access Management (IAM) > Users and select the user that will provide API access to Rumble.
    2. Click Add inline policy.
    3. In the JSON tab, enter the inline policy text from below, replacing <rolename> with the role name.
  4. From the user summary screen, open the Security credentials tab and click on Create access key.

  5. Save the Access key ID and Secret access key.

  6. From the user summary screen, open the Permissions tab and click Add permissions. Attach the AWSOrganizationsReadOnlyAccess policy.

  7. (Optional) Attach the AmazonEC2ReadOnlyAccess policy to your organization’s management account if it has EC2 instances you would like to sync.

  8. (Optional) Attach the AmazonRDSReadOnlyAccess policy to your organization’s management account if it has RDS instances you would like to sync.

StackSet template
{
 "Resources": {
   "IAMRumbleRole": {
     "Type": "AWS::IAM::Role",
     "Properties": {
       "AssumeRolePolicyDocument": {
         "Statement": [ {
             "Action": "sts:AssumeRole",
             "Effect": "Allow",
             "Principal": {
               "AWS": "arn:aws:iam::<accountID>:user/<roleName>"
             }
           } ],
         "Version": "2012-10-17"
       },
       "ManagedPolicyArns": [ 
          { "Fn::Join": [ "",
             [
               "arn:",
               { "Ref": "AWS::Partition" },
               ":iam::aws:policy/AmazonEC2ReadOnlyAccess"
             ]
           ] },
         { "Fn::Join": [
             "",
             [
               "arn:",
               { "Ref": "AWS::Partition" },
               ":iam::aws:policy/AmazonRDSReadOnlyAccess"
             ]
           ] }
       ],
       "RoleName": "<roleName>"
     }
   }
 }
}
Inline policy template
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sts:AssumeRole",
      "Resource": "arn:aws:iam::*:role/<rolename>"
    }
  ]
}

Step 2: Add the AWS credential to Rumble

  1. Go to the Credentials page in Rumble and click Add Credential.
  2. Provide a name for the credential, like AWS EC2.
  3. Choose AWS Access & Secret from the list of credential types.
  4. Provide the following information:
    • AWS access key - Access key ID obtained from User > Security credentials > Create access key.
    • AWS secret access key - Secret access key obtained from User > Security credentials > Create access key.
    • AWS role - Assumed role used to connect to other accounts in your organization. It should be named the same across accounts.
    • Select the region(s) that you want to sync.
  5. If you want other organizations to be able to use this credential, select the Make this a global credential option. Otherwise, you can configure access on a per organization basis.
  6. Save the credential. You’re now ready to set up and activate the connection to bring in data from AWS.

Step 3: Set up and activate the AWS EC2 connection to sync data

After you add your AWS credential, you’ll need to set up a connection to sync your data from AWS. A connection requires you to set a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where the data is organized.

  1. Activate a connection to AWS. You can access all available third-party connections from your inventory or tasks page.
  2. Choose the credential you added earlier. If you don’t see the credential listed, make sure the credential has access to the organization you are currently in.
  3. Enter a name for the task, like AWS sync.
  4. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
  5. Under Task configuration, choose the site you want to add your assets to. All newly discovered assets will be stored in this site. You can also choose to Automatically create a new site per VPC, and Rumble will take care of creating the sites for newly discovered assets.
  6. Under Service options, select the services you would like to sync data from. You must choose at least one.
  7. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.

Step 4: View AWS assets

After a successful sync, you can go to your inventory to view your AWS assets. These assets will have an AWS icon listed in the Source column.

To filter by AWS assets, consider running the following queries:

Click into each asset to see its individual attributes. Rumble will show you the attributes returned by the AWS APIs.