In the Hyperglance Admin Panel i.e https://IP_address/#/admin, select the 'Amazon' Collector under the 'Collectors' section. Click on 'Add Record' button which brings up a pop up with the necessary fields (shown below).


Note: Hyperglance Admin Panel is visible only to admin users of Hyperglance.




1. Account Alias

You can enter in multiple user accounts into the AWS integration so you need a distinguishing keyword. Enter in a unique identifying keyword.

If you plan to use Role-Based Access Control then your choice of Account Alias will decide the roles that you need to assign to your users in order for them to access this account's topology.


2. Access Key

An access key associated to a user with the required permissions for Hyperglance to read the Amazon environment (see AWS permissions below).

This field is optional when Hyperglance is running as an AWS Instance, if left blank Hyperglance will rely on the EC2 Metadata service to retrieve credentials associated with the IAM policy assigned to the instance. This field is not displayed for Hyperglance taken from Amazon Marketplace.


3. Secret Key

A secret access key that is used to sign programmatic requests that Hyperglance makes to AWS.

This field is optional when Hyperglance is running as an AWS Instance, if left blank Hyperglance will rely on the EC2 Metadata service to retrieve credentials associated with the IAM policy assigned to the instance. This field is not displayed for Hyperglance taken from Amazon Marketplace.


4. Role ARN

The ARN of an account trusted role to use for STS AssumeRole. Use this when you want Hyperglance to make use of STS temporary security credentials.


5. Regions

The regions you wish to visualize. Only select the regions that you use, increasing the  number of regions increases the API calls to AWS and therefore slows down the collection unnecessarily. 


When you finish to fill the form please press on the "Submit" button. If the account was added successfully, the popup disappears and the newly added record will be listed under the records for Amazon collector.


It is important to understand that the connection technique used by Hyperglance varies depending on where Hyperglance appliance is running and which connection details you have supplied to the credential form.

Refer to the following table which describes how the role, Access and Secret keys are used in different scenarios:


Where is Hyperglance runningInformation suppliedConnection method used by Hyperglance
In EC2 with an Instance Policy attached
Role ARNSTS role assumption performed from the account that Hyperglance instande resides within.
Access Key & Secret KeyDirect connection to the base account associated with those keys.
Role ARN + Access Key + Secret KeySTS AssumeRole assumption performed from the base account associated with those keys.
In EC2 without any Instance Policy
Role ARNN/A
Access Key & Secret Key
Direct connection to the base account associated with those keys.
Role ARN + Access Key + Secret Key
STS AssumeRole assumption performed from the base account associated with those keys.
Outside of AWSRole ARN
N/A
Access Key + Secret Key
Direct connection to the base account associated with those keys.
Role ARN + Access Key + Secret Key
STS AssumeRole assumption performed from the base account associated with those keys.



AWS IAM Policy permissions needed

When Hyperglance runs as an EC2 Instance with an IAM user policy attached, the policy must have certain rights in order to allow Hyperglance to poll the relevant information from the API.

See our AWS IAM Policy Requirements for the required policy config.

Note:  'Access key' and 'Secret key' fields will not be displayed in the 'Add record' popup when Hyperglance runs as an EC2 Instance.