topic Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys in HPE Morpheus Enterprise Software

Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

RJ12 — Tue, 06 Feb 2024 04:38:54 GMT

Hi Experts,

We would like to avoid using IAM user (access key / secret key) when integrating. as there are more than 30 accounts, it will be a challenge when we need to cycle our key later. i saw we can use assume role, but there’s no detailed instruction on how to setup the assume role and external id.

Thanks

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Ryan2025 — Mon, 01 Apr 2024 04:23:04 GMT

Hello @Tyler_Boyd ,

I understood that it has enhanced to support Assume IAM Role and External ID at 6.0.2.

But the customer is asking if can use Assume IAM Role and External ID only instead of using AWS Access Key and Secret Key for AWS integration?

I assume this is not supported? Am I correct?

Thank you.

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

tyboyd — Mon, 01 Apr 2024 12:40:21 GMT

To assume into an AWS role you need to be authenticated into the account that has been granted access to assume into the role specified.

If Morpheus is hosted in AWS you can apply the IAM to the EC2 instance directly, that way an access key and secret key is not required.

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

tyboyd — Wed, 27 Mar 2024 12:29:20 GMT

Should work now

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Ryan2025 — Wed, 27 Mar 2024 06:34:41 GMT

Hello @kgawronski

Thank you for your information.

I think you may miss pasting the hyperlink for “needed permissions” in your reply. could you please re-share the link for any needed permission of assumerole for Morpheus?

Thank you.

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

tyboyd — Thu, 28 Mar 2024 13:22:57 GMT

That idea is closed and is marked to have been added in version 6.0.2

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

RJ12 — Thu, 28 Mar 2024 04:54:14 GMT

Hi @Tyler_Boyd - I believe Morpheus has not implemented this function where customers can use only the Assume Role & External ID option and not using the access & secret key. Because we cannot move forward without providing IAM user’s security credentials. Please check below idea raised for the same.

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

KoreyG — Tue, 06 Feb 2024 05:07:23 GMT

Hello @ranujain,

When configuring your AWS account as a cloud in Morpheus, you will enter the credentials of the user that is allowed to assume into the roles in the other accounts. As well, you’ll enter the Role ARN for the target Cloud you are connecting to, which should have the needed permissions for Morpheus. If your role requires an external ID, enter that as well.

Below is an example of an account I have added using credentials from my management account and the Role ARN from a child account in AWS Organizations. I don’t use the external ID in my example but you can populate that as well, if that is a requirement. If successful, and the proper permissions are on the assumed role, the VPCs should populate for the cloud or at least not mention an error about your credentials.

Hope that helps!