Importing Hosts from AWS
You can set up PrivX to automatically add existing hosts from cloud platforms. Such hosts can later be connected to via PrivX.
For example, to add hosts from Amazon Web Services (AWS):
-
In your AWS, add a policy to allow host scans. To do this, access your AWS and navigate to IAM→Policies, then create a policy with the following JSON:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" } ] }
-
Create an IAM user with permissions to use the host-scan policy. This can be done on the IAM→Users page.
The IAM user must have Programmatic access, and be attached with the host-scan policy.
Note the Access key ID and the Secret access key of the user. These are required later for configuring PrivX against AWS.
-
Configure PrivX to scan and add the AWS hosts.
Log into PrivX as superuser (or other privx-admin user). On the Settings→Directories page, click Add Directory.
Fill in the basic information of the directory. To allow PrivX to detect AWS hosts, add the Access key ID and the Secret access key of the IAM user.
You can selectively filter hosts using the Fetch hosts with tag option found under the Advanced directory settings.
Save the directory settings. PrivX begins importing hosts from AWS.
After a moment, you may verify the directory status back on the Settings→Directories page. The Connection should be in the OK state, and list the number of instances found on AWS.
To list the imported hosts, click List Hosts.
You may then Edit hosts to add services and account mappings to them, similarly as in Adding Hosts.
For using AWS role federation features, see Configuring ephemeral credential access for AWS API
Updated over 3 years ago