HPE Community
HPE Morpheus Enterprise Software
1856288 Members
18038 Online
104111 Solutions
New Discussion

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

 
RJ12
Frequent Advisor

‎02-05-2024 08:38 PM

‎02-05-2024 08:38 PM

Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Hi Experts,

We would like to avoid using IAM user (access key / secret key) when integrating. as there are more than 30 accounts, it will be a challenge when we need to cycle our key later. i saw we can use assume role, but there’s no detailed instruction on how to setup the assume role and external id.

Thanks

0 Kudos
Reply
7 REPLIES 7
Ryan2025
Frequent Advisor

‎03-31-2024 09:23 PM

‎03-31-2024 09:23 PM

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Hello @Tyler_Boyd ,

I understood that it has enhanced to support Assume IAM Role and External ID at 6.0.2.

But the customer is asking if can use Assume IAM Role and External ID only instead of using AWS Access Key and Secret Key for AWS integration?

I assume this is not supported? Am I correct?

Thank you.

0 Kudos
Reply
tyboyd
HPE Pro

‎04-01-2024 05:40 AM

‎04-01-2024 05:40 AM

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

To assume into an AWS role you need to be authenticated into the account that has been granted access to assume into the role specified.

If Morpheus is hosted in AWS you can apply the IAM to the EC2 instance directly, that way an access key and secret key is not required.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
tyboyd
HPE Pro

‎03-27-2024 05:29 AM

‎03-27-2024 05:29 AM

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Should work now :slight_smile:



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
Ryan2025
Frequent Advisor

‎03-26-2024 11:34 PM

‎03-26-2024 11:34 PM

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Hello @kgawronski

Thank you for your information.

I think you may miss pasting the hyperlink for “needed permissions” in your reply. could you please re-share the link for any needed permission of assumerole for Morpheus?

Thank you.

0 Kudos
Reply
tyboyd
HPE Pro

‎03-28-2024 06:22 AM

‎03-28-2024 06:22 AM

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

That idea is closed and is marked to have been added in version 6.0.2

7f3f8988017bab845b078219b599c4a1698dd1fd.png



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
RJ12
Frequent Advisor

‎03-27-2024 09:54 PM

‎03-27-2024 09:54 PM

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Hi @Tyler_Boyd - I believe Morpheus has not implemented this function where customers can use only the Assume Role & External ID option and not using the access & secret key. Because we cannot move forward without providing IAM user’s security credentials. Please check below idea raised for the same.

0 Kudos
Reply
KoreyG
HPE Pro

‎02-05-2024 09:07 PM

‎02-05-2024 09:07 PM

Re: Morpheus Integration with AWS using Role ARN without Access Key & Secret Keys

Hello @ranujain,

When configuring your AWS account as a cloud in Morpheus, you will enter the credentials of the user that is allowed to assume into the roles in the other accounts. As well, you’ll enter the Role ARN for the target Cloud you are connecting to, which should have the needed permissions for Morpheus. If your role requires an external ID, enter that as well.

Below is an example of an account I have added using credentials from my management account and the Role ARN from a child account in AWS Organizations. I don’t use the external ID in my example but you can populate that as well, if that is a requirement. If successful, and the proper permissions are on the assumed role, the VPCs should populate for the cloud or at least not mention an error about your credentials.

df4f96d40547b102a59a2b3ea63c07bfb4e4754d.png

Hope that helps!

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.