Role-based Access Overview

Role-based access requires you to configure the proper roles for NetBrain to assume for data retrieval. The following diagrams demonstrate the high-level concepts of role-based access deployment:

There are two types of accounts:

1. Gateway Account: Gateway account delegates access to other accounts. It is typically the account for monitoring, security, and auditing purposes in multi-account architecture.
2. Monitored Accounts: Accounts that host infrastructure data and need to be discovered.

The solution requires the NetBrain Front Server to run on an EC2 instance in a gateway account. In the account to be monitored, a role needs to be created to delegate and authorize access from the EC2 instance in the gateway account.

Once the proper role and policy have been configured, NetBrain Front Server can read the network configurations and run statistics from the monitored accounts.

The following diagram shows a detailed structure of this deployment.

Note: You only need to install the Front Server within an EC2 instance to assume proper roles. You can still have other NetBrain components in your on-prem Data Centers for communication purposes if you have IPSec or direct connections to the cloud environment.