As a cloud administrator or a cloud account owner, you can onboard a single standalone (not managed by AWS Organizations) AWS account using the Add Account option from the Carbon Black Cloud console.

Prerequisites

  • If it is not present, use the AWS Management Console to create the IAM ARN role for establishing a trust relationship between your Carbon Black Cloud account and the AWS account.
  • Make sure that you have the IAM role ARN of the AWS account available. You can access the Role ARN from the role's Summary page in the AWS Management Console.
  • Have the 12-digit account ID available for the AWS account that you are about to onboard. To access the account ID, see Find your AWS account ID (external link).

Procedure

  1. On the left navigation pane, go to Settings > Public Cloud Accounts.
  2. On the Public Cloud Accounts page, click Add Account.
    The Add Public Cloud Account window displays.
  3. Select AWS under Cloud Provider. Select Single Account under Method and then click Next.
  4. Populate all required fields for the AWS account details and the account connectivity credential attributes.
  5. To enable AWS services monitoring, copy the command from the AWS services field, populate the required parameters, and run the script in the AWS CLI of the account to be onboarded.
  6. To save the account information and connect to the account, click Add Account.

Results

The newly added AWS accounts display at the top of the list of accounts on the Public Cloud Accounts page. Refresh the page to see the status change from In Progress to Active after validation completes. All EC2 instances that are associated with these accounts are available at Inventory > Public Cloud > AWS.

What to do next

You can manage the AWS account details, connectivity, and regions from the details pane. To access it, click the > symbol in the selected account row.