AWS Protocol

Parameter

Description

Username

Access Key ID. An alphanumeric text string that uniquely identifies the owner of the account.

Password

Secret Access Key, performing the role of a password.

Connection Timeout

Time-out in milliseconds after which the Probe stops trying to connect to the database.

EC2 Endpoint

The AWS endpoint for Amazon Elastic Compute Cloud (Amazon EC2). If this field is left empty, all available regions are discovered. For more details about this endpoint, see Amazon EC2.

Note You can type at most six EC2 endpoints in this field, separated by commas.

Http Proxy Host The hostname, or address, of the proxy server.
Http Proxy Port The port number of the proxy server.
IAM Endpoint The AWS endpoint for AWS Identity and Access Management (IAM). If this field is left empty, all available regions are discovered. For more details about this endpoint, see AWS Identity and Access Management (IAM).
RDS Endpoint The AWS endpoint for Amazon Relational Database Service (Amazon RDS). If this field is left empty, all available regions are discovered. For more details about this endpoint, see Amazon Relational Database Service (Amazon RDS).

Note The EC2 Endpoint, Http Proxy Host, Http Proxy Port, IAM Endpoint, and RDS Endpoint parameters only appear in the Edit Protocol Parameter dialog box. To open this dialog box, right-click the protocol that you created, and then select Edit using previous interface.

You can use the EC2 Endpoint, IAM Endpoint, and RDS Endpoint parameters for the following scenarios:

  • Regular AWS discovery: Leave these parameter empty – defaults are used and for regular AWS credentials, all regions are discovered.
  • Discovery of GovCloud: Set these parameters to the endpoints used by GovCloud.
  • Discovery of a specific region in AWS: Set these parameters to the corresponding endpoints used by a specific region.

Note When the CyberArk integration is enabled, two radio buttons (Regular Credential and External Vault) are enabled. The existing Username and Password parameters are grouped under the Regular Credential radio button, and CyberArk integration specific parameters Type and Reference are enabled and grouped under the External Vault radio button, as described in the table below.

CyberArk-related Parameters

Parameter

Description

Regular Credential

Enabled when CyberArk integration is enabled. Select this radio button to use regular credential as before.

  • Username. See description above.
  • Password. See description above.

External Vault

Enabled when CyberArk integration is enabled. Select this radio button to use an external credential vault.

  • Type. The external vault type. Currently only CyberArk is supported.
  • Reference. Click to open the Configure dialog box.

    • Reference. Select this option to configure the Reference ID that will be used by UCMDB/UD to retrieve the passwords from the CyberArk Enterprise Password Vault when they are needed.

      Set the reference ID in the CyberArk Enterprise Password Vault in the following format: <Safe Name>\<Folder Path>\<Reference ID>.

      Where <Safe Name> is the Safe value in CyberArk, <Folder Path> is the folder where the Safe belongs to, and <Reference ID> is the name of the CyberArk account you specified or auto-generated in CyberArk.

      For example, NancySafe\Root\nancy-cyberark-testing-refid.

    • Parameter. Select this option to enable configuring a list of editable CyberArk properties as a query string for UCMDB/UD to retrieve passwords from the CyberArk Enterprise Password Vault.

      To configure a CyberArk property value, click in the Value column for the property, and specify the value in string.

      The CyberArk properties values must not contain any of the following characters: \/:*?"<>|'.;

      The out-of-the-box list of CyberArk properties displayed in the Configure dialog box is editable. You can set selected CyberArk properties as the default list using JMX method setGlobalSettingVaule. For instructions, see "How to Set a Default List of CyberArk Properties Using JMX" in the Universal CMDB Data Flow Management section of the UCMDB Online Help.

      • Regex. Enables configuring CyberArk properties values in regular expressions.

        For examples of how to use regular expression syntax, see "Regular Expression Examples" in the Universal CMDB Modeling section of the UCMDB Online Help.

        The CyberArk properties values in regular expression must not contain any of the following characters: : ;