Amazon EC2

Rumble Enterprise integrates with Amazon Web Services to provide better visibility across your cloud environment. This integration imports data from the AWS EC2 API, adding detailed information to your asset inventory. Syncing with AWS allows you to quickly identify the number of EC2 instances you have running, their region, account, SSH keys, AMIs and more.

This integration imports all running EC2 instances across multiple regions. It can be configured to connect to a single AWS account or to all accounts in your organization. It sets the AWS-specific attributes and updates asset-level attributes including the virtual machine type, hardware platform, hostname, and MAC address. Rumble is able to merge existing assets with AWS data when the MAC address is the same. AWS devices can also be manually merged into Rumble assets using the Merge button on the Asset Inventory screen.

Getting Started

To set up the AWS integration, you’ll need to:

  1. Configure AWS to allow API access through Rumble.
  2. Add the AWS credential to Rumble, which includes the access key and secret key.
  3. Activate the AWS EC2 connection to sync your data with Rumble.

Requirements

Before you can set up the AWS EC2 integration:

  • Verify that you have Rumble Enterprise.
  • Make sure you have access to the AWS console.
  • Make sure you are using AWS Organizations if you want to connect to multiple accounts.

Step 1: Configure AWS to allow API access through Rumble

To connect to a single AWS account:

  1. Log into the AWS console.
  2. Go to Identity and Access Management (IAM) > Users and select the user that will provide API access to Rumble.
  3. Click Add permissions > Attach existing policies directly. Search for and attach the AmazonEC2ReadOnlyAccess policy.
  4. From the user summary screen, open the Security credentials tab and click on Create access key.
  5. Save the Access key ID and Secret access key.

To connect to all accounts in your organization:

  1. Log into the AWS console.
  2. For each account in your organization, create a role and assign the AmazonEC2ReadOnlyAccess policy.
    1. Go to Identity and Access Management (IAM) > Roles and click Create role.
    2. Choose Another AWS Account for the type of trusted entity.
    3. For Account ID, enter the ID for your organization’s management account.
    4. Click Next: Permissions.
    5. Attach the AmazonEC2ReadOnlyAccess policy.
    6. Click Next: Tags and add tags optionally.
    7. Click Next: Review and provide a name for the role. (The role must be named the same for all accounts)
    8. Click Create role.
  3. For your organization’s management account, create an inline policy to allow the STS AssumeRole action.
    1. Go to Identity and Access Management (IAM) > Users and select the user that will provide API access to Rumble.
    2. Click Add inline policy.
    3. In the JSON tab, enter the following, replacing <rolename> with the role name:
      {
         "Version": "2012-10-17",
         "Statement": [
             {
                 "Effect": "Allow",
                 "Action": "sts:AssumeRole",
                 "Resource": "arn:aws:iam::*:role/<rolename>"
             }
         ]
      }
      
    4. From the user summary screen, open the Security credentials tab and click on Create access key.
    5. Save the Access key ID and Secret access key.
    6. From the user summary screen, open the Permissions tab and click Add permisions. Attach the AWSOrganizationsReadOnlyAccess policy.
    7. (Optional) Attach the AmazonEC2ReadOnlyAccess policy to your organization’s management account if it has EC2 instances you would like to sync.

Step 2: Add the AWS credential to Rumble

  1. Go to the Credentials page in Rumble and click Add Credential.
  2. Provide a name for the credential, like AWS EC2.
  3. Choose AWS Access & Secret from the list of credential types.
  4. Provide the following information:
    • AWS access key - Access key ID obtained from User > Security credentials > Create access key.
    • AWS secret access key - Secret access key obtained from User > Security credentials > Create access key.
    • Click the Use cross-account access for my AWS organization checkbox if you want to connect to all accounts in your organization.
    • AWS role - the name of the role to assume for all accounts. It should be named the same across accounts.
    • Select the region(s) that you want to sync.
  5. If you want other organizations to be able to use this credential, select the Make this a global credential option. Otherwise, you can configure access on a per organization basis.
  6. Save the credential. You’re now ready to set up and activate the connection to bring in data from AWS.

Step 3: Set up and activate the AWS EC2 connection to sync data

After you add your AWS credential, you’ll need to set up a connection to sync your data from AWS. A connection requires you to set a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where the data is organized.

  1. Activate a connection to AWS. You can access all available third-party connections from your inventory or tasks page.
  2. Choose the credential you added earlier. If you don’t see the credential listed, make sure the credential has access to the organization you are currently in.
  3. Enter a name for the task, like AWS sync.
  4. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
  5. Under Task configuration, choose the site you want to add your assets to. All newly discovered assets will be stored in this site. You can also choose to Automatically create a new site per VPC, and Rumble will take care of creating the sites for newly discovered assets.
  6. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.

Step 4: View AWS assets

After a successful sync, you can go to your inventory to view your AWS assets. These assets will have an AWS icon listed in the Source column.

To view all your AWS assets, run the following query:

Click into each asset to see its individual attributes. Rumble will show you the attributes returned by the AWS EC2 API.

AWS attributes

Rumble will enrich your assets with the following attributes, if the information is available:

id
instanceID
privateIP
privateDNS
publicIP
publicDNS
subnetID
vpcID
architecture
bootMode
hypervisor
imageID
instanceLifecycle
instanceType
ipv4
ipv6
kernelID
keyName
launchTimeTS
macs
outpostARN
platform
ramdiskID
rootDeviceName
rootDeviceType
spotInstanceRequestID
state
affinity
availabilityZone
groupName
hostID
hostResourceGroupArn
spreadDomain
tenancy
virtualizationType