Automatic setup (recommended)
To allow Overmind to access your AWS infrastructure safely, you need to first setup a read-only source. You can Overmind's AWS CloudFormation template to quickly create a source with the correct read-only permissions.
Click 'Deploy with Cloud Formation' to be taken to the AWS console. You may need to sign in and reload the page.
Once you are in the AWS console, you don't need to change anything. It has already been configured with the correct details via our template which can be found here for further details:
After click create wait a couple minutes for your stack to create. Once it is created the information will be poulated in the right hand menu. Select 'Outputs' and then copy the value.
Navigate back to the Overmind app. Give your source a unique name of your choosing. Select the regions you would like to discover assets in. Before finally pasting in your value copied from the AWS cloud formation stack.
Click 'Save' and check the source creates successfully. If you do not see the above message recheck that you have filled out all boxes.
Your new source should appear in available sources in the left hand menu. It will take around 30 seconds to finish configuring. After that you are free to start discovering your AWS infrastructure.
(AWS Console) Configure AWS Third Party access for Overmind
To allow Overmind to access your infrastructure safely, you need to first configure a role and trust relationship that the Overmind AWS account can assume.
This role will be protected by an external ID following the AWS recommendations on how to set up such a role and trust relationship.
Delegate permissions to the Overmind IAM user by following the official AWS user guide, with the following notes:
- Select "Another AWS Account" and provide 944651592624 as the account that is allowed to use this role.
- Select "Require external ID" and provide 784ed602-d385-4bb3-b28a-4fee8ce3cfeb as value.
- When adding permissions, create a new trust policy with the following contents, to allow Overmind read-only access to the supported services. After the role is created, provide the ARN of the role below and save the form.
- Finish creating your source by giving it a name and description. You can now find your ARN number by clicking into the role's summary page.
(Overmind) Update source
Give the source a name
Copy your policy ARN from your roles summary page.
Select which regions you require.
Thats it! Your source should now be ready to use.