AWS AVM (Amazon Account Vending Machine)
The AWS AVM software helps AWS customers set up a secure, multi-account AWS environment. AVM creates a baseline of AWS accounts, networks, and security policies.
AWS Lambda SDK connects to the data source and crawls the users. It also performs Access Cart operations like creating a role, assigning a role to a user, and assigning policies to the role.
This connector document should be used along with the Generic Features of Connectors document which covers the generic features and settings (Establishing Connection, Connector Parameters, Connector Settings, etc.) of the OvalEdge connectors that are common. This document outlines the specific connector information only.
Connector Characteristics
Connector Category
Integration type
Connectivity
AWS Lambda SDK connects to the client AVM.
Connector Version
Every Version
AVM Versions Supported
All Versions
OvalEdge Releases Supported (Available from)
7.0 onwards
Supported Features
Crawling of Metadata Objects
Users and Roles
Metadata Source
From the AVM, we will fetch the Users and Roles
Profiling
Not Supported
Crawling of Query Logs
Not Supported
Data Preview
Not Supported
Data Lineage
Not Supported
RDAM (Remote Data Access Management) Support
More info: RDAM
Not Supported
Bridge Support
Supported
Query Sheet Support
(Run simple queries)
Not Supported
Crawl of Usage Statistics (Source System)
Not Supported
Certifications at Source (Source System)
Not Supported
Prerequisites (Prepare AVM Environment)
The following are the prerequisites required for establishing a connection:
AVM User Account and Permissions
The minimum permissions required for OvalEdge to validate the AVM connection are the Getfunction and InvokeFunction on the Lambda function provided.
Note: Only crawling of Users and roles from the source creates roles and assigns existing users to the roles.
Configure Environment Variables (Optional)
This section describes the settings or instructions you should know before establishing a connection. If your environments have been configured, skip this step.
For more information, refer to the "Generic Features of Connectors" document.
Establish Connection
In the OvalEdge application, the AVM connector allows you to crawl the buckets and file data objects using IAM User Authentication and Role-Based Authentication.
IAM User Authentication: AWS Identity and Access Management(IAM) authentication is used to get and invoke the lambda function. You can create and configure IAM user policies to control user access to Lambda. An IAM user belongs to one particular user. Building a connection successfully requires a secret key and an access key.
Role-Based Authentication: Amazon Resource Name(ARN) is a unique identification name for AWS resources such as buckets, folders, users, and roles. In AWS, roles are identified using ARN, and no Secret Key or Access Key is required. Resource ARNs can include a path.
IAM User Authentication
Fields
Details
Account*
It is the name of the AWS account.
Organization Unit*
It is the name of the Organization Unit. Organization Unit (OU) is a logical grouping within AWS Organizations that helps manage and organize AWS accounts.
Lambda Function*
It is the name of the Lambda Function. The Lambda Function is used to automate and manage various aspects of AWS account provisioning and maintenance.
Access key*
Unique identifier for AWS authentication.
Ex: AKIAIOSXXXNN7EXAMPLE
Secret key*
The confidential key is paired with the access key for secure access.
Ex: wJalrXUtnFEMI/K7MDENG/bPxXxXCYEXAMPLEKEY
Database region*
Specifies the AWS region for your data and ETL jobs.
Ex: us-west-2
Role Based Authentication
Fields
Details
Cross-Account Role ARN
Amazon Resource Name (ARN) of an IAM role in another AWS account that grants permissions for cross-account access.
Ex: arn:aws:iam::1234567XXXXXX:role/CrossAccountAccessRole
Connector Settings
The AVM connector doesn’t have any connector settings.
Errors & Resolution
S.No.
Error Message(s)
Description / Resolution
1
Failed to establish a connection. Please check the credentials.
Error Description: Invalid credentials are provided or the user or role does not have access.
Resolution: Provide valid credentials and ensure the user or role has access.
2
Connection Timeout
Error Description: Invalid credentials are provided or the server is not running.
Resolution: Provide valid credentials and ensure the server is running.
3
403: Access denied
Error Description: The user or role is unauthorized to perform specific operations like GetFunction and InvokeFunction.
Resolution: Provide access to the user or role with GetFunction and InvokeFunction on the Lambda Function.
4
404: No Such Key
Error Description: The Function FunctionName trying to invoke does not exist.
Resolution: Provide a valid function name in the connection fields and retry.
FAQs
Q1: How does OvalEdge connect to AVM?
A: OvalEdge uses the Lambda Function and connects to the AVM.
Was this helpful?