AWS server discovery

Early Access release

AWS server discovery automates the process of discovering, managing, and removing Amazon Web Services (AWS) cloud servers from an Advanced Server Access project. This functionality provides the following benefits:

  • Helps you identify newly provisioned AWS servers that aren’t yet protected by Advanced Server Access
  • Syncs your AWS inventory in near real-time so can always locate available servers

Server discovery

AWS server discovery requires a team to connect one or more AWS accounts to an Advanced Server Access project. A daily server discovery job then runs for each cloud account and synchronizes the list of servers with AWS. These jobs run at the time that the cloud account was originally connected. For example, if a cloud account was connected at 12:30, the job would run every day at the same time. If multiple cloud accounts are connected, multiple jobs would run at different times for each account.

If an unknown EC2 instance is found, a new server is added to the connected Advanced Server Access project. After the server is discovered, admins must still install the Advanced Server Access server agent. During this installation, admins can use an enrollment token to add the server to a different project.

While a team can add multiple AWS accounts to a single project, a single AWS account can't be shared between multiple projects. After being connected to a project, the AWS account can't be associated with any other Advanced Server Access teams or projects.

Servers can’t belong to multiple projects. If a server is already enrolled in a project, the server discovery job skips adding the server to the current project. Also, if Advanced Server Access can’t locate a previously discovered server, it’s removed from the available project inventory.

An Amazon Resource Name (ARN) is required for server discovery and cloud auto-enrollment to work correctly.

To get started, see Connect an AWS account.

Real-time sync

Real-time sync allows Advanced Server Access to subscribe to compute instance events generated by AWS. These events commonly occur when a compute instance is launched or terminated. Normally, server discovery happens daily, but real-time sync can add or remove when Advanced Server Access receives a notification.

It may take up to ten minutes before server changes are synchronized with Advanced Server Access.