HomeDocumentationAPI Reference
Log In
These docs are for v16. Click to read the latest docs for v33.

Importing Hosts from AWS

Suggest Edits

You can set up PrivX to automatically add existing hosts from cloud platforms. Such hosts can later be connected to via PrivX.

For example, to add hosts from Amazon Web Services (AWS):

  1. In your AWS, add a policy to allow host scans. To do this, access your AWS and navigate to ​IAM→Policies​​, then create a policy with the following JSON:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:Describe*",
            "Resource": "*"
        }
    ]
}

  2. Create an IAM user with permissions to use the host-scan policy. This can be done on the ​IAM→Users​​ page.

    The IAM user must have ​Programmatic access​​, and be attached with the host-scan policy.

    Note the ​Access key ID​ and the ​Secret access key​​ of the user. These are required later for configuring PrivX against AWS.

  1. Configure PrivX to scan and add the AWS hosts.

    Log into PrivX as ​superuser​ (or other privx-admin user). On the ​Settings→Directories​ page, click ​Add Directory​​.

    Fill in the basic information of the directory. To allow PrivX to detect AWS hosts, add the ​Access key ID​ and the ​Secret access key​​ of the IAM user.

    You can selectively filter hosts using the ​Fetch hosts with tag​ option found under the ​Advanced directory settings​​.

    ​​ Save​​ the directory settings. PrivX begins importing hosts from AWS.

    After a moment, you may verify the directory status back on the ​Settings→Directories​ page. The ​Connection​​ should be in the OK state, and list the number of instances found on AWS.

    To list the imported hosts, click ​List Hosts​​.

    You may then ​Edit​ hosts to add services and account mappings to them, similarly as in​​ Adding Hosts.

For using AWS role federation features, see Configuring ephemeral credential access for AWS API

Updated over 3 years ago