AWS Cloud Connector Resources

Through USM Anywhere you can generate the Amazon Web Service (AWS) Suite of cloud computing services from Amazon that make up an on-demand computing platform. CloudFormation template that you need to begin gathering data from your AWS account, either from your Amazon Simple Storage Service (S3) buckets, or your Amazon EC2 and RDS instances and AWS IAM users. See Downloading an Existing AWS Cloud Connector Template for more information about how to download a CloudFormation template.

After uploading a CloudFormation template, some resources will be created depending on the connector deployed.

AWS S3 Cloud Connector Resources

These are the created resources:

  • s3AttRole: The role enables USM Anywhere the access to your account to read the configured buckets.

  • snsTopic: It enables you to receive notifications when there are new files in the bucket.

  • snsTopicPolicy: The access policy that enables the configured Amazon S3 bucket to publish notifications, and the USM Anywhere account that has permissions to subscribe to that Amazon Simple Notification Service (SNS).
    AWS CloudFormation, created resources

AWS Inventory Cloud Connector Resources

These are the created resources:

  • AWS Config:

    • ConfigBucket: Amazon S3 bucket to receive a configuration snapshot on request and configuration history.

    • ConfigRecorder: Specify the resource types you want AWS Config to record. We only support Amazon EC2, RDS and IAM users. Modify this if you do not want to send some type of resource to the Inventory Connector.

    • ConfigRole: Internal role in your AWS account to provide all the necessary access to the AWS Config service.

    • DeliveryChannel: Channel that allows you to control where AWS Config sends configuration updates. The delivery channel is required to use AWS Config.

    EventBridgeRule: Rule to send AWS Config events to the Inventory Topic.

  • InventoryAttRole: Role that enables USM Anywhere the access to your account to read the AWS Inventory (Amazon EC2, RDS, and IAM users).

  • InventoryTopic: Topic that enables you to receive events related to the AWS Config service when some configuration item changes.

  • InventoryTopicPolicy: Access policy that enables the configured EventBridgeRule to publish notifications, and the USM Anywhere account that has permissions to subscribe to that Amazon SNS.