The following document captures the different ways that Oomnitza integrates with Amazon Web Services (AWS) and provides links to more detailed setup and configuration of these.
Before you can configure any of the available integrations with Amazon Web Services (AWS), you need to add credentials in the vault. AWS requires an AWS Auth based authentication by entering the Access Key Id and Secret Access Key into the vault. In order to get these credentials, you need to log in to your AWS management console and there go to Identity and Access Management (IAM). Within the list of users, you can go to the user detail screen and there access the tab Security credentials which will allow you to create a new access key. Once created, these are the values you will use to create the credential within Oomnitza.
For the integration user within the Oomnitza side, we typically recommend creating a separate user for each type of integration, like a user called "Amazon Service User" rather than referencing an existing named user.
Asset Load for AWS ec2 instances
This integration pulls in the ec2 instances (running and stopped ones, but not terminated ones) from one AWS region into Oomnitza. In case you have multiple regions deployed with AWS, you need to create one integration per region. You can find more details on the ec2 integrations and the API presets available for ec2 here.
User Load from AWS IAM
With this integration you can upload some basic information about a given user from AWS IAM into Oomnitza. This allows you to get a more complete picture of a user and which users across your organization also exist inside AWS. Using the user load in combination with the various presets around it allows you to get security relevant details about this user, like last login time as well as age of password or security token. Details about the AWS IAM User Load and presets for it can be found here.
Asset Load for AWS RDS instances