2 weeks ago
Good day all.
My team and I have been trying to setup Cloud Asset Discovery with some mixed results. We are using AWS for our cloud environment. The first thing we tried to do was the Organization Unit ID or Root ID. We entered our Role ARN, then our OU / r-xxxx (tried both ways) and clicked List Accounts. All of our accounts were listed. We did not make any changes to the workloads (asset types) which I will get to in a minute. We selected our region and created a new trigger. We watched and waited for the scan to start at the desired start time we chose, and nothing happened. We assume that since our accounts were listed, that we should have received something back from the scan. Any thoughts?
Next, we went the Standalone account method. We entered our Role ARN, clicked list accounts. the account showed up and we clicked the radio button selecting it. (this is where my next problem happens) For the filters, we did NOT make any changes, leaving all workloads selected. (do not recommend this). Next we selected our region and created a new trigger. We waited and watched for the scan to kick off.. And BOY did it. It found over 1,300 items. To me that was a bit over whelming. So with that being said, this was not our intended outcome. We were simply looking for the Account VPC, the ec2 Instances in the VPCs along with their S3 buckets.
I then went into inventory and selected all the new AWS items that came in with the intentions of deleting them from inventory. However, it turns out that I was not able to do so. The delete option was grayed out and when hovered over gave a message stating "this action cannot be executed on cloud asset types". This caught me totally off guard.... No matter where I tried to bulk delete, it would not let me delete these Items. However, if I went into each record one at a time, I would be able to delete them. This is not really a viable option.
So for that issue, does anyone have any suggestions on how I can get rid of the 1,300 items that came in with that scan so I can clean up my cloud environment before I try any other testing.
Thanks in advance...
2 weeks ago
Hello @Dave_LaFleur71,
Apologies, I focused on the most urgent request (deleting unwanted assets).
About AWS scanning, we currently have an issue with multi-account scanning since AWS works differently than the other platforms (Azure, GCP): each AWS account must have a role to allow reading the assets, and a "main" account must have a role to assume these reading roles. Documentation will be published as soon as the fix is pushed in production (code also needs to be updated to handle these roles). We are targeting beginning of next week. I'll update this discussion when it's ready.
Patrick
Thursday
Hello and Good Morning Patrick. I was wondering if there were any updates on multi-account scanning mentioned above?
Sunday
Hello @Dave_LaFleur71 ,
We're currently finalizing the testing phase. Staging environment lets us scan multiple AWS accounts in one cloud action.
Regards
2 weeks ago
Hi @Dave_LaFleur71 ,
To remove ALL your cloud assets, delete all your cloud actions. When deleting the last cloud action, the interface will ask you if you want to keep or remove your cloud assets: you will need to delete them all.
After they have been deleted from the inventory (it may take some time if you have many cloud assets), you can recreate a cloud action and select only the workloads you want to see in the inventory.
Hope this helps.
2 weeks ago
Hello Patrick. Did you happen to read over the first half of my post? Any thoughts on why the Organization scan did not work? I would think that if it sees all the accounts, and all are chosen, that it would scan them Unless something is missing or being blocked?
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now