To index and profile network assets in a cloud infrastructure or in a combination of cloud and traditional infrastructure, Lumeta has introduced in Lumeta 3.3.2, Cloud Discovery.  This new discovery type will enable you to monitor a Cloud network in as much detail as a typical corporate network. Lumeta Cloud Discovery leverages the cloud service provider's APIs to create devices for all running instances. Cloud Discovery findings are reported in the same manner as all other Lumeta discovery types.

Cloud credentials are encrypted within Lumeta 3.3.2, yet are accessible to the cloud provider.  This means that all APIs that return a cloud-discovery configuration, including those that export a collector configuration or system configuration, do not include cloud credential "secrets." Rather, clientSecrets and secretKeys are reported as "null" or left empty.

Currently, Cloud Discovery uses the Scout you configure, yet the particular Scout's interface cannot be specified.

Within AWS, users must be, at a minimum, AWS IAM group members with the AWS Policy of AmazonEC2ReadOnlyAccess.

Prerequisites before Configure Azure Cloud Scanner. 
1. Follow this link to create the App Registration in the Azure Portal.
2. Copy the secret Key (Not secret ID) somewhere safe. You will need it for the below steps & It won't show up again when you leave the AZ Portal. 
3. Browse to the Overview blade of your newly created App Registration.
4. Copy the Application (client) ID & Directory (tenant) ID to a Notepad.
5. Follow below “Configuring CLoud Discovery” instructions to enter the creds. 

Configuring Cloud Discovery

 To configure Cloud Discovery:

  1. Browse to SettingsZones.

  2. Select the zone and collector you want to perform Cloud discovery.

  3. Click the Cloud tab.
    Cloud discovery is initially disabled.

  4. Click Edit and the Enable Cloud Discovery checkbox.

  5. Click Update.
    The configuration is saved.

  6. Click Credentials.

  7. You can copy & paste your credentials or Upload your cloud credentials as a plain text file, ordered as you would have them read by Lumeta (i.e., top will be read first). You may download a sample file to see the formatting. Note: Copy & Paste only work for versions or higher.  

    1. Cloud Alias -aws
    2. Cloud Version -aws
    3. Access Key - AKIAI7BP7YKJPIFKAM4A
    4. Regions - us-east-1
    5. Service Name -aws
    6. Subscription -
    7. Resource Group -
    8. Client ID
    9. Tenant ID

  8. Save your results and exit. Cloud Discovery starts immediately. 

    To use the cloud collector configuration, within AWS, make sure you are in an a user AWS IAM group with a minimal AWS Policy of AmazonEC2ReadOnlyAccess.