Configuring Organization Based Discovery

  1. In the Organization based discovery popup window, under Organisation Accounts, enter/select the following details:
    Field Description
    Role Name* Enter the IAM role name for the target account here.
    Account Number*

    By default, the AWS account number is automatically fetched from the value entered in the Account Number field in the Basic information section.

    To enter a different account number:

    1. From the Account Number field in the Organization based discovery popup window, click Self.
    2. Enter the required account number.
    Role Session Name

    Role Session Name is an identifier for the assumed role session.

    Use the Role Session Name to uniquely identify a session when the same rule is assumed by different principals or for different reasons.
    Duration Seconds

    Enter the duration, in seconds, for which the credentials should remain valid.

    Acceptable durations for IAM user sessions:
    • Minimum: 900 seconds (15 minutes)
    • Maximum: 129,600 seconds (36 hours)
    • Default: 3600 seconds (1 hour)
    External Id External Id is a unique identifier that might be required when you assume a role in another account.
    Source Identity The source identity is specified by the principal that is calling the AssumeRole operation.
    Session Tags

    Session Tags are key-value pairs that you pass when you assume an IAM role or federate a user in AWS STS.

    To create a session tag:
    1. In the Enter Key field, enter a key for the key-value pair.
    2. In the Enter Value field, enter a value for the key-value pair.
    3. Click Add.

    The added key-value pair is shown in the table below the fields.
  2. In the Child Accounts section, enter/select the following details:
    Field Description
    Role Name* Enter the IAM role name for the target account here.
    Role Session Name

    Role Session Name is an identifier for the assumed role session.

    Use the Role Session Name to uniquely identify a session when the same rule is assumed by different principals or for different reasons.
    Duration Seconds

    Enter the duration, in seconds, for which the credentials should remain valid.

    Acceptable durations for IAM user sessions:
    • Minimum: 900 seconds (15 minutes)
    • Maximum: 129,600 seconds (36 hours)
    • Default: 3600 seconds (1 hour)
    External Id External Id is a unique identifier that might be required when you assume a role in another account.
    Source Identity The source identity is specified by the principal that is calling the AssumeRole operation.
    Session Tags

    Session Tags are key-value pairs that you pass when you assume an IAM role or federate a user in AWS STS.

    To create a session tag:
    1. In the Enter Key field, enter a key for the key-value pair.
    2. In the Enter Value field, enter a value for the key-value pair.
    3. Click Add.

    The added key-value pair is shown in the table below the fields.
  3. Click Save.
    The Organization based discovery popup window is closed and you will be navigated back to the Discover resources section.
    Note:
    • If the popup is closed without values entered for at least one field, then the Organization based discovery checkbox will be unchecked.
    • Values once saved in the popup will be stored and made available on the screen always, regardless of the number of times the Organization based discovery checkbox is checked or unchecked, unless the values are updated.