Enable access to your AWS accounts with AWS IAM Identity Center
For comprehensive AWS infrastructure monitoring, Site24x7 needs to automatically discover all instances of various supported services currently running in your account. For this, you need to authenticate and authorize Site24x7 to access your resources. You can achieve this by manually creating IAM user roles or cross-account IAM roles. You can also automatically create an IAM role using a AWS CloudFormation template and Control Tower lifecycle events.
The AWS IAM Identity Center provides one place where you can create or connect workforce users and centrally manage their access across all their AWS accounts and applications. Site24x7's integration with IAM Identity Center provides you with a consistent single sign-on experience to all your AWS accounts with no additional configurations.
You cannot add all the AWS accounts at one time to Site24x7 using the IAM Identity Center. You have to choose the IAM Identity Center method each time while adding new accounts to Site24x7. However, Site24x7 can auto-discover all the AWS accounts and add them at once using AWS Control Tower.
Use case
If you have multiple AWS accounts that you need to integrate with Site24x7, integrating each AWS account can be challenging and time-consuming. The IAM Identity Center helps you to setup all your AWS accounts with a single sign-on and enables a smooth integration. Using this approach, you can integrate multiple AWS accounts with Site24x7 simultaneously.
Prerequisites
Make sure you have the following before you begin:
- An AWS Management account
- Accounts Managed using IAM Identity Center.
- The following permissions for all the AWS accounts that you wish to integrate:
- iam:CreateRole
- iam:AttachRolePolicy
- iam:PutRolePolicy
Benefits of using IAM Identity Center for integration
Integrating your AWS account using IAM Identity Center provides these benefits:
- Seamlessly add multiple AWS accounts from an organization to Site24x7 with single sign-on.
- Manage all integrated AWS accounts from a single location.
- Enhance productivity and user satisfaction with a set of AWS IAM Identity Center user credentials that integrate multiple AWS accounts into Site24x7.
Integrate your AWS accounts with Site24x7 using IAM Identity Center
To integrate all your AWS accounts with Site24x7 using IAM Identity Center, follow the steps below:
- Log in to the Site24x7 web console.
- Navigate to Cloud > AWS > Integrate AWS Account.
- Select the AWS Account Type.
- Select Register using AWS Identity Center.
- Select the AWS Identity Center Region where the IAM role needs to be created.
- Enter the Access Portal URL.
- Click Access Portal URL. You will be redirected to the AWS console.
- Enter your credentials and click Sign-in. An authorization message pops-up.
- Click Allow to authorize Site24x7 to use your credentials to create the IAM roles.
- Go back to the Site24x7 page and select the preferred Permissions to be attached with IAM role. Site24x7 provides two options for IAM role permissions:
- AWS Managed ReadOnlyAccess Policy: The IAM role will be created with the ReadOnlyAccess policy, which is managed by AWS for all services.
- Site24x7 Custom Policy: The IAM role will be created with the in-line policy formulated with read-only permissions required for Site24x7-supported services.
- The Integrate All Accounts option will be toggled to Yes by default. This enables you to integrate all your AWS accounts using IAM Identity Center. When you toggle the Integrate All Accounts option to No, a list of the available AWS accounts will be displayed. You can search or select the required AWS accounts to integrate using the IAM Identity Center.
- Click Create Roles.
- Click Next.
NoteIf the IAM role creation failed for any accounts, Site24x7 lists them in the Failed Accounts section. You can verify the permission settings for the failed accounts and start the role creation process from the beginning. However, you can also proceed to integrate your accounts that have successfully created IAM roles.
- All the AWS accounts to be integrated will be displayed in the Accounts to be Integrated section. Once the role ARNs details are fetched, you can configure settings (such as the default threshold profiles for each supported AWS service), mute resource termination alerts, and customize the Guidance Report using the Advanced Configuration option.
- Choose the services you wish to integrate with Site24x7 from the Services to be discovered list in the Discovery Options section. You can view all the integrated accounts inside the management account integrated with Site24x7.
- Click Discover AWS Resources to add the accounts.
When using the IAM Identity Center method to re-add new Amazon accounts, only the accounts that have not been integrated before, or any new accounts that you wish to integrate, will be listed in the Accounts to be Integrated section. Thus, you can easily identify and add previously un-added accounts or new accounts for integration.