Oomnitza supports AWS Direct Role Assumption (DRA) to easily access single or multiple accounts using a single credential.
You can use DRA, a single credential, to access multiple accounts.
And, you can use DRA, a single credential, to access a single account.
You create a single, read-only role that is deployed to a single or all AWS accounts which Oomnitza can assume to collect data for the following supported integrations:
- AWS RDS instance load (DRA)
- AWS S3 bucket load (DRA)
- AWS Workspaces Asset Load (DRA)
- AWS Redshift Cluster Asset Load (DRA)
- AWS EBS Snapshot Load (DRA)
- AWS Reserved EC2 Asset Load (DRA)
- AWS EC2 Asset Load (DRA)
About direct role assumption
Oomnitza assumes a read‑only role that exists in each of your AWS accounts. It is used to sync AWS data with Oomnitza. AWS resources can't be created, modified, or deleted.
Prerequisites for multiple-account access
Access to the AWS management/administrator account or an admin delegated account
that will own the StackSet.
You require the following permissions to create and validate standard StackSets roles:
-
AWSCloudFormationStackSetAdministrationRolein the administrator account -
AWSCloudFormationStackSetExecutionRolein each target account. Created automatically if you choose service‑managed mode. Otherwise, created by the StackSet template provided by Oomnitza.
Prerequisites for single account access
For single account access, you must have an AWS account with admin privileges to create roles, permission policies, and trust policies.
Comments
0 comments
Please sign in to leave a comment.