Setting up Application Discovery Service
Before you use AWS Application Discovery Service for the first time, complete the following tasks:
Sign up for Amazon Web Services
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
Open https://portal.aws.amazon.com/billing/signup
. Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.
When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access.
Create IAM users
When you create an AWS account, you get a single sign-in identity that has complete access to all of the AWS services and resources in the account. This identity is called the AWS account root user. Signing in to the AWS Management Console using the email address and password that you used to create the account gives you complete access to all of the AWS resources in your account.
We strongly recommend that you not use the root user for everyday tasks, even the administrative ones. Instead, follow the security best practice Create Individual IAM Users and create an AWS Identity and Access Management (IAM) administrator user. Then securely lock away the root user credentials and use them to perform only a few account and service management tasks.
In addition to creating an administrative user you'll also need to create non-administrative IAM users. The following topics explain how to create both types of IAM users.
Creating an IAM Administrative User
By default, an administrator account inherits all of the policies required for accessing Application Discovery Service.
To create an administrator user
-
Create an administrator user in your AWS account. For instructions, see Creating Your First IAM User and Administrators Group in the IAM User Guide.
Creating an IAM Non-Administrative User
When creating non-administrative IAM users, follow the security best practice Grant Least Privilege, granting users minimum permissions.
Use IAM managed policies to define the level of access to Application Discovery Service by non-administrative IAM users. For information about Application Discovery Service managed policies, see AWS managed policies for AWS Application Discovery Service.
To create a non-administrator IAM user
-
In AWS Management Console, navigate to the IAM console.
-
Create a non-administrator IAM user by following the instructions for creating a user with the console as described in Creating an IAM user in your AWS account in the IAM User Guide.
While following the instructions in the IAM User Guide:
-
When on the step about selecting the type of access, select Programmatic access. Note, while not recommended, only select AWS Management Console access if you plan to use the same IAM user credentials for accessing the AWS console.
-
When on the step about the Set permission page, choose the option to Attach existing policies to user directly. Then select a managed IAM policy for Application Discovery Service from the list of policies. For information about Application Discovery Service managed policies, see AWS managed policies for AWS Application Discovery Service.
-
When on the step about viewing the user's access keys (access key IDs and secret access keys), follow the guidance in the Important note about saving the user's new access key ID and secret access key in a safe and secure place.
-
Sign in to the Migration Hub console and choose a home Region
You need to choose an AWS Migration Hub home Region in the AWS account that you're using for the AWS Application Discovery Service.
To choose a home Region
-
Using your AWS account, sign in to the AWS Management Console and open the Migration Hub console at https://console.aws.amazon.com/migrationhub/
. -
In the Migration Hub console navigation pane, choose Settings and the choose a home Region.
Your Migration Hub data is stored in your home Region for purposes of discovery, planning, and migration tracking. For more information, see The Migration Hub Home Region.
