As a cloud administrator you can onboard multiple AWS accounts into your organization. You can automate the onboarding of the AWS accounts in the Carbon Black Cloud with a single click in the Carbon Black Cloud console UI.

Prerequisites

  • If not present, use the AWS Management Console to create the IAM ARN role for each of the AWS accounts you are about to onboard. For more details, see Set Up a Trust Relationship.
  • Make sure that you have the IAM role ARN of the AWS account available. You can access the Role ARN from the role's Summary page in the AWS Management Console.

Procedure

  1. On the left navigation pane, click Settings > AWS Accounts.
  2. In the top right corner of the console, click Import Accounts.
    The Import AWS Accounts window appears.
  3. Download a Carbon Black Cloud CSV template.
  4. Update the CSV file with all the AWS accounts to onboard in the Carbon Black Cloud.
    Note: The Environment and Regions columns require a specific format:
    • The accepted values that you can use for the environment are DEV, STAGING, TEST, and PROD.
    • List AWS regions as comma-separated IDs.
  5. Upload the CSV file and select Import.
  6. Set up AWS services monitoring for all of the onboarded AWS accounts by running the curl command: 
    curl <ScriptURL> --output setup-cbc-event-stream.sh && bash setup-cbc-event-stream.sh --CBInventoryApiHost <value> --CBInventoryOrgKey <value> --CBInventoryApiKey <value> --region <value>
    For more details, see Setting Up AWS Services.

Results

The AWS accounts display at the top of the AWS accounts list. Refresh the page to see the status change from In Progress to Active after validation for each of the accounts completes. All EC2 instances that are associated with these accounts are available in the Inventory > AWS page.