AWS inventory scanning (multi-account)

The AWS Multi-Account Inventory integration enables FireTail to automatically scan and discover API and AI resources across multiple AWS accounts within your organization. By utilizing AWS Organizations, CloudFormation templates, and IAM role assignments, FireTail can access and retrieve API and AI resources across your entire AWS infrastructure. The discovered APIs and AI resources are then populated into your selected FireTail application.

AWS Organizations must be configured with a Management account.

Setup instructions

1. Navigate to Integrations in the FireTail platform.
2. Click AWS Inventory Scanning (Multi-Account).
3. In the Name of Integration field, enter a name for the integration. The integration is Enabled by default. Toggle off to make inactive.

Option 1: Launch CloudFormation in the Organization Management account

1. Log into the AWS Console. Make sure this is the Organization Management account.
2. Click the Launch CloudFormation button to open the stack setup in your AWS Console.
3. The Stack name must be unique. If you have previously created a stack, enter a new one.
4. In CloudFormation, check I acknowledge that AWS CloudFormation might create IAM resources, then click Create.
5. When the stack status shows CREATE_COMPLETE, go to the Outputs tab, copy the value for FireTailRoleARN, and paste it into the AWS Management Role ARN field in the FireTail platform.

Option 2: Launch CloudFormation for each account through a Stack Set

1. Log into the AWS Console. Make sure this is the Organization Management account.
2. Click the Go to CloudFormation Stack Sets button to navigate to the CloudFormation Stack Sets console.
3. Click the Create StackSet button.

4. In the Specify template section, select Amazon S3 URL and paste the template URL, as displayed in the integration form on the FireTail platform, into the Amazon S3 URL field.
5. Click Next.
6. In the Specify StackSet details section, enter a name for the stack set.
7. In the Parameters section, enter the following values:
   • OrganisationUUID: Your organization UUID (displayed in the integration form in the FireTail platform)
   • RolePrefix: firetail
8. Click Next.
9. In the Execution configuration section, select Active.
10. In the Capabilities section, check the box for I acknowledge that AWS CloudFormation might create IAM resources with customised names.

11. Click Next.
12. In the Deployment targets section, select either Deploy to organization (to deploy the IAM role to all accounts) or Deploy to organizational units (to select specific organizational units and account IDs you want to deploy the stack set to).
13. In the Specify Regions section, choose US East (N. Virginia) us-east-1. Only choose a single region.
14. Click Next.
15. In the Review section, review your settings and click Submit.

Complete integration setup

1. Return to the FireTail platform and complete the remaining fields.
2. Select an Application from the dropdown, or click Create to create a new application. This is the application that will be associated with the integration. When you complete the integration this adds the discovered APIs from AWS under the FireTail application that you choose. Learn more about applications here.
3. Enter the AWS Management Role ARN obtained from the CloudFormation stack outputs.
4. Specify the Role Name (prepopulated with "firetail").
5. Configure your AWS Regions by selecting which regions should be scanned for resources.
6. Set the Scan Frequency in hours (minimum is 24 hours).
7. Configure Filter on AWS resource tags (optional). Click Add key to specify which AWS resources should be included in the scan based on their tags.
8. Toggle Delete resources from FireTail if you want resources that are no longer found in AWS to be automatically removed from FireTail during subsequent scans.
9. Click Submit to complete the setup.

Viewing discovered resources

The discovered APIs can be viewed by navigating to the Inventory and selecting the APIs or Applications tab in the FireTail platform. The discovered AI resources can be viewed by navigating to the Inventory and selecting from the AI tabs.