Adding Cloud

Note: AppViewX SSH+ currently supports addition of only AWS cloud EC2 servers.
  1. Go to (Menu) icon > SSH+ > Administration > Device Management.
    The Device::Server page is displayed.
  2. Click the Cloud tab.
    The Device::Cloud page is displayed.
  3. On the command bar, click + (Add) icon to add a new cloud device.
    The Device::Cloud > Add page is displayed. By default, AWS is selected from the Vendors list.
  4. Enter the following fields:
    Table 1. Field description for AWS Device Details section
    Field Description
    Basic Information
    *Account Type Select Cross or Federated to authenticate using the assumed role.
    *Account Name Enter a unique name. It cannot be an account name that is already in the cloud inventory. Name can be alphanumeric and contain hyphen (-) and period (.).
    *Account Number Enter a valid AWS account number.
    Account Description Enter a description that helps identify your account from the cloud inventory.
    Proxy Required Select the checkbox if you want to create it as a proxy.
    *Default Region Select the region from the dropdown list for API communication.
    *Data Center Select a datacenter to connect to the host.
    Credentials
    *Credential type Select one of the options:
    • Manual Entry: Enter username and password.
    • Credential List: Select the credential details that are already stored in the credential inventory page.
    *Access Key ID Enter the access key ID.
    *Secret Access Key Enter the secret access key.
    Note: To authenticate requests, use both the access key ID and the secret access key.
    Discover resources
    Auto Discover Resources By default, this is turned off. Turn on the toggle button to discover all cross or federated/child accounts of the provided master account details.
    Advanced Settings By default, this is turned off. Turn on the toggle button to customize the auto-discovery process.
    *Auto Discovery Mode Select one or both of the options.
    *Service Select EC2 (EC2 instance) from the dropdown list.
    *Service Region Click Fetch Region to fetch the service regions for the provided account information.
    Cert Sync Select one of the options:
    • Managed: AppViewX connects to the customer’s server account and discovers host and user keys. These keys are added to the host and key inventory. Users with the relevant permissions can then perform the required keys-related actions.
    • Monitored: AppViewX connects to the customer’s server account and discovers host and user keys. These keys are added to the host and key inventory where the users are allowed to only view the keys.
    • Ignored: Certificate discovery is ignored.
    Note: The Cert Sync option is applicable only if the CERT+ license is active; otherwise, it can be ignored.
    Auto Sync By default, this is turned off. Turn on the toggle button to auto sync based on trigger or schedule.
    EC2 Services
    Communication mode Keep the default selection.
    Certificate Discovery Mode Keep the default selection.
    *S3 Deployment Type Enter the S3 deployment type that can be a centralized S3 bucket.
    *S3 Bucket Name Click the Settings icon and fill out the mandatory fields in the ARN Advanced Settings window that pops up.
    Note: Fields indicated with red asterisk (*) symbol are mandatory.
  5. Scroll down to the SSH Details section. By default, the SSH Sync Enable toggle button is turned off.
  6. Click the SSH Sync Enable toggle button to enable SSH sync.
  7. Click Customise to modify the default settings.
  8. Enter the following fields:
    Table 2. Field description for SSH Details section
    Field Description
    *Inventory Action Select one of the options:
    • Do Not Move: To avoid the movement of newly discovered keys in the inventory.
    • Manage: To allow the system to manage the newly discovered keys, which are moved to the inventory with Managed status.
    • Monitor: To allow the system to monitor the newly discovered keys, which are moved to the inventory with Monitored status.
    *Host Compliance Group Groups with RW permission will be visible in the Host Compliance Group field.

    Select the required Host Compliance Group to which you want to map the discovered hosts and host keys. The discovered hosts and host keys are associated with the selected host compliance group.

    *Key Compliance Group Groups with RW permission will be visible in the Key Compliance Group field.

    Select the required Key Compliance Group to which you want to map the discovered keys. The discovered keys are associated with the selected key compliance group.

    The key group selection simplifies the grouping of the discovered keys and checks the discovered keys for key compliance. The keys are checked for compliance based on the policy of the key group it is associated with.
    Scan Type Select one of the options:
    • Default: The system scans the default ssh folders.
    • Full: The system scans the entire location. You can enter the files name/path that you want to exclude from the discovery for non-standard location.
    • Directory: The system performs default scan along with directory scan in the specified directory. Enter the file name/path you want to exclude/include for non-standard location.
    Note: Changing the scan type clears the File Path table.
    *Discover Select one or both of the options:
    • User Keys: To discover user keys.
    • Host Keys: To discover host keys.
    File Path This field appears if you select Full or Directory as your Scan Type.

    Enter the file/s name/path that you want to exclude/include scan (only for directory scan) from the discovery for non-standard location.

    File path should always start with '/'.
    Operation This field appears if you select Full or Directory as your Scan Type.
    Select one of the options:
    • Exclude: Disables the scan in the file/s name/path location entered in File Path.
    • Include: Enables the scan only in the file/s name/path location entered in File Path.
    Note: Multiple folder/path entries can be entered for scan, which are displayed in the consecutive table with respect to File Path and Operation.
    Note: Fields indicated with red asterisk (*) symbol are mandatory.
    What to do next:
    • To add credentials to the cloud device, see Adding Credentials.
    • To perform any of the actions such as export, import, manage, unmanage, or delete a server, or fetch configuration from a server, see Actions.