2.4.1 Amazon Web Services device import

importing devices from amazon web services the amazon web services (aws) device import configurations allow single connect to automatically detect active instances in a given region and assign the discovered instances to relevant device groups based on their custom aws tags the following configuration is required in order to add/discover devices from aws cloud integration configuration for aws device import log in to the single connect web gui navigate to cloud integration set the following fields account name set a desired account name for the aws account to be used for importing devices api key aws api access key id secret key aws secret key regions aws regions where the devices are located (multiple regions should be added with a comma (,) ex us west 2, us east 1, cn north 1, ap south 1) note the user who has the aws api access key should have the “amazonec2readonlyaccess” permission to import devices add/edit element type properties for aws devices define the "element type" properties as shown below, so that single connect can identify the os of the discovered instances log in to the single connect web gui navigate to device management > element type click the “options” button of the related element type and click “show properties” set the “device import aws element type pattern”, “device import aws access protocol”, and “device import aws ssh username” properties parameter name parameter value device import aws element type pattern mandatory the pattern can be defined as multiple in one element this pattern is checked against the “ami id” description of the instance in order to determine the os type device import aws access protocol mandatory this property is used to determine the default access method for the discovered instance device import aws ssh username mandatory this username is used as the default login credential note it is necessary to define the new element type for each os type for single connect to be able to auto detect ex centos linux, ubuntu linux, etc follow the following steps to import aws devices having a specific os to a specific element type created for that os (the figures given in the below example are for centos) log in to the single connect web gui navigate to device management > element type create new element type 4\ click the “options” button of the related element type and click “show properties” 5\ set the “device import aws element type pattern”, “device import aws access protocol”, and “device import aws ssh username” properties add aws devices to specific device groups according to their tags single connect imports aws instances based on their tags if an aws instance is to be imported into single connect, that instance must have all the tags specified in at least one device group to create a group with aws tags log in to the single connect web gui navigate to device management > device groups create a new device group, or use an existing device group right click on the device group, and select “show properties” select the aws tag property that is matched with devices to be imported note tag values can be written in the regex format enable aws device import job importing aws instances requires a single connect job for synchronization the job will update the information on single connect periodically depending on the cron expression log in to the single connect web gui navigate to device administration > job scheduler click “fire job” select “awsdeviceimportjob” as the job fill the fields, “trigger name”, “fire date”, “cron expression” click on the “fire job” button to trigger the job manually, after the job has fired follow the steps below log in to the single connect web gui navigate to device administration > job scheduler click “trigger list” and then click on “trigger as simple trigger” for the defined “awsdeviceimport” job aws device list to list imported devices navigate to device management > device inventory aws devices with specified tags will appear inside the device group recently created note aws instances are automatically synchronized on single connect but the device realm and the policy realm should be set manually for user accessibility to the devices as well as for policy enforcement (see also managing devices and policy management) configurations for ssh aws devices by default, aws instances are created with an ssh key in the aws console management if devices imported from aws are configured to log in with an ssh key, single connect can provide seamless connection to the devices with the ssh keys otherwise, the global username and password needs to be defined for each device group to use an ssh key for aws devices, follow the steps below get the ssh key name that is stored in the device properties of each device log in to the single connect web gui navigate to device management > device inventory right click on an aws device and select “show properties” (the ssh key name of the device is stored in the “sshkeyname” property ) write down the value of this property to be used for secret data vault module enable ssh key connection to device groups log in to the single connect web gui navigate to device management > device groups right click on the device group in which the aws devices are imported to and select “show properties” select the “adddevicesshkeytouserselection” property and set the value as “true” uploading an ssh key to single connect will enable connection to the device log in to the single connect web gui navigate to secret data vault > secret data vault fill the required fields the “name” field must be exactly equal to the value of “sshkeyname” in the device property select “ssh key” for the type field copy the contents of your ssh key into secret data field note ssh keys must be in an openssh key format this means that the value put into the secret data field should start with the “ begin ssh2 public key ” and end with the “ end ssh2 public key ” indicators ssh proxy tag configuration please ask consultation from kron technical support https //sc support\@kron com epdestek\@kron com tr