milirose.blogg.se - Asset inventory manager

#Asset inventory manager software
#Asset inventory manager license

This post assumes that you are setting up the environment as part of the following walkthrough in a fresh AWS account.A VPC endpoint enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an Internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. This can be achieved using an internet gateway attached to your Amazon VPC and a NAT gateway (for instances in a private subnet). For this solution to work, the managed instances require connectivity to the AWS Systems Manager APIs and Amazon S3 APIs.The AWS IAM role attached to Amazon EC2 instances would need access to Amazon S3 bucket where inventory data will be stored.

Refer to AWS Systems Manager Managed Instances and Systems Manager Prerequisites for configuring Amazon EC2 instances or on-premises machines in a hybrid environment as managed instances.

AWS Systems Manager Inventory collection works for instances configured as managed instances.

IAM access to create / modify AWS resources such as Amazon S3 bucket, IAM roles and policies, AWS Systems Manager, etc.

Amazon EC2 instances for collecting and analyzing inventory information.

Please note that you can also use a single account to conduct a proof-of-concept following the same steps.

#Asset inventory manager software

Resource account – account where the Amazon EC2 instances from which software inventory needs to be governed are running.

Central Operations account – account with an Amazon S3 bucket where inventory would be stored and analyzed using AWS services such as AWS Glue, Amazon Athena.

However, the concept can be extended to large number of resource account scenarios.

To demonstrate the power of the platform, we have used two AWS accounts in this post: a Central Operations account and 3 Resource accounts.

Amazon QuickSight – to create dashboards and provide visualization of below mentioned use cases.

Amazon Athena – to query the inventory data stored in Amazon S3 using standard SQL.

table definition and schema) in the AWS Glue Data Catalog.

AWS Glue – to discover the inventory data and store the associated metadata (e.g.

AWS S3 – to store the collected inventory information in a centralized manner.

AWS System Manager – to collect the details around software installations on Amazon EC2 instances.This post assumes that you are familiar with the following AWS services used in the solution:.Top three accounts with the most occurrences of issues 1-4 above.Total number of application instances, by account.Number of instances that have blacklisted applications (such as Nmap) installed, by account.Number of instances that have mandatory application installed but that are not in a running state, by account.Number of instances that don’t have mandatory applications installed, by account.Number of instances running an old version of SSM Agent, by account.The solution covers the following use / abuse cases, but is generic and can be extended to support other use cases as well. The solution uses a simple account structure where AWS Systems Manager is configured in each child account and pushes the inventory information to a master account as shown below.įigure 1: Sample AWS account structure for the setupįor simplicity in this post, four accounts are used for demonstration purposes. The Software Asset Governance solution presented in this post uses a set of AWS services to identify security and compliance issues arising out of enterprise deployments of server instances. Once the inventory is collected from all accounts into a central location, we build dashboards that help customers visualize security and compliance issues in their environment arising out of the use / abuse cases that we most commonly see in the field. In this blog post, we walk you through some of AWS services that can be used to build an inventory of software running on AWS EC2 instances. A robust Software Asset Governance program starts with an Inventory of (Authorized and Unauthorized) Software.

#Asset inventory manager license

The subject goes beyond cyber-security to encompass license compliance issues as well as IT cost management. Different aspects of Software Asset Governance find notable mentions in renowned security frameworks and standards such as SANS CIS Critical Security Controls, NIST Special Publication 800-53, and Cloud Security Alliance’s Cloud Control Matrix.

Software Asset Governance or Software Asset Management is a key component of an organization’s cyber security strategy.