Performing a cloud discovery run
Before you can perform a cloud discovery run, you must:
- Create a credential or access key in the tool you use to access the cloud provider. For Amazon Web Services (AWS), this is the AWS Identity and Access Management (IAM) console.
- Create a cloud credential in BMC Discovery using the credential or access key you just created.
- Test the credential.
These steps are described in greater detail in Discovering Amazon Web Services. The following procedure describes performing the cloud discovery run once you have configured ad tested your credentials.
Run a cloud scan
To perform cloud discovery, from the Discovery Status page, use the Add New run control.
- Click Add New run.
The Add a Cloud Run dialog is displayed.
- Enter a Label for the cloud discovery run.
- To add a scheduled cloud run, select Scheduled and fill in the scheduling information as with normal scheduled discovery runs.
- Select Cloud.
- Select the provider from the drop-down list. Select Amazon Web Services
- Select the appropriate cloud credential. If none are available, you must add one.
- Select the region to scan, for example, for Amazon Web Services, US East (N. Virginia). You can also select all regions by clicking the All button.
- Click OK.
Once you have scanned, you can examine the results. The screen below shows a discovered VM running in AWS.
Scan the hosts running the VMs in the cloud
Perform a normal scan on the hosts running the VMs discovered in the cloud scan. Use the Unscanned Cloud Hosts report on the Cloud Overview dashboard to find these.
Scanning the hosts assumes that the appliance or proxy has network access to hosts running in the cloud, for example, using a VPN.
Public IP addresses do not respond to ICMP pings. You must disable "Ping before scanning", otherwise all scans are dropped reporting no response.