Alibaba Cloud

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• ECS VMs
• ECS Load Balancers
• ECS Security Groups
• DNS Zones
• DNS Records

Nota bene: the mainland China Alibaba regions are not currently supported, due to unreliability when they are accessed from outside China.

How do I obtain access credentials?

Alibaba Cloud uses an AccessKey ID and an AccessKey secret as credentials. To create them, follow these steps:

• Login to the Alibaba Cloud console at https://homenew-intl.console.aliyun.com/
• From your profile menu (top right corner), select AccessKey Management, then Use AccessKey pair of RAM user.
• Select the Create user button.
• Enter scarlet for the Logon name and Display name, then select the Access Mode as Open API Access.
• Select the Ok button.
• Select the new user then the Add permissions button.
• Select the ReadOnlyAccess permission.
• Select the Ok button.
• If everything works as expected, the new AccessKey ID and AccessKey secret will now be displayed.

Amazon AWS

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• EC2 Instances
• EC2 Load Balancers
• EC2 Security Groups
• EC2 Interfaces
• EKS Kubernetes clusters
• Lambda Functions
• Route 53 Zones
• Route 53 Records

How do I obtain access credentials?

Amazon AWS uses an API key and a secret as credentials. To create them, follow these steps:

• Login to the AWS IAM console at https://console.aws.amazon.com/iam/
• From the menu, select Dashboard, Access Management, then Users.
• Select the Add user button.
• Enter scarlet for the Username, and select the Access type as Programmatic access.
• Select the Next button.
• Select the Attach existing policies directly button.
• Select the ReadOnlyAccess permission.
• Select the Next button.
• Add any tags you wish to, then select the Next button.
• Review the configuration, then select the Create user button.
• If everything works as expected, the new API key and secret will now be displayed.

What should I do if the source gets rate-limited?

The Amazon AWS rate limits are calculated per API key, so the first thing to do is to make sure that you aren't sharing the API key you use for scarlet with any other tools. Once you have confirmed this, then the next step is to request an increase to the API throttling limits via the AWS Support Centre.

Microsoft Azure

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• VMs
• Load Balancers
• Kubernetes Clusters
• Function Apps
• Logic Apps
• Security Groups
• Public IPs
• DNS Zones
• DNS Records

How do I obtain access credentials?

Microsoft Azure uses a Directory (tenant) ID, Application (client) ID, and a client secret as credentials. To create them, follow these steps:

• Login to the Azure portal at https://portal.azure.com/
• From the search bar, select Azure Active Directory.
• Then from the menu, select App Registrations, then New registration.
• Enter scarlet for the User display name, and select the Supported account type as Accounts in this organizational directory only (Default Directory only - Single tenant).
• Select the Register button.
• If everything works as expected, the Directory (tenant) ID and new Application (client) ID will now be displayed.
• From the menu, select Certificates & secrets.
• Select the New client secret button.
• Select a value for Expires (and add a note to your diary to renew it in plenty of time).
• Select the Add button.
• If everything works as expected, the new Client secret will now be displayed.
• From the search bar, select Subscriptions.
• For each of your subscriptions you need to add access privilleges, using the following process.
• From the menu, select Access control (IAM).
• Select Add, then Add custom role.
• Enter scarlet for the Custom role name, select the JSON tab, then the Edit button.
• Replace the actions array with:
  "actions": [ "*/read" ],
  
• Select the Review and create button.
• Select the Create button.
• From the menu, select Access control (IAM).
• Select Add, then Add role assignment.
• Select the scarlet role, and the scarlet service principal, then select the Save button.
• If everything works as expected, the credentials should be created.

Cloudflare

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• DNS Zones
• DNS Records
• Proxies

How do I obtain access credentials?

Cloudflare uses an API token as credentials. To create one, follow these steps:

• Login to the Cloudflare dashboard at https://dash.cloudflare.com/profile
• From your profile menu (top right corner), select Api Tokens.
• Select the Create Token button.
• Select the Get started button, next to the Create custom token option.
• Enter scarlet for the Token name.
• Under Permissions, select Zone, DNS, and Read.
• Select the Continue to summary button.
• Review the configuration, then select the Create token button.
• If everything works as expected, the new API token will now be displayed.

DigitalOcean

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• Droplets
• Kubernetes
• Apps
• Load Balancers
• Firewalls
• Floating IPs
• DNS Zones
• DNS Records

How do I obtain access credentials?

DigitalOcean uses an Access token as credentials. To create one, follow these steps:

• Login to the DigitalOcean console at https://cloud.digitalocean.com/
• From the menu, select API, then Tokens/Keys.
• Select the Generate new token button.
• Enter scarlet for the Token name, and under Select scopes, uncheck Write (leaving only Read selected).
• Select the Generate token button.
• If everything works as expected, the new Access token will now be displayed.

DNS Made Easy

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• DNS zones
• DNS records

How do I obtain access credentials?

DNS Made Easy uses an API key and Secret key as credentials. Only one set of credentials can be active at a time though, so if they already exist and you create a new set, any services using the existing keys will fail. To create them, follow these steps:

• Login to the DNS Made Easy control panel at https://cp.dnsmadeeasy.com/
• From the menu, select Config, then Account Information.
• Select the Generate New API Credentials checkbox.
• Select the Save button.
• If everything works as expected, the new API key and Secret key will now be displayed.

Google GCP

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• Instances
• Load Balancers
• Kubernetes Clusters
• Functions
• Firewalls
• Public IPs
• DNS Zones
• DNS Records

How do I obtain access credentials?

Google GCP uses a key pair as credentials. To create one, follow these steps:

• Login to the GCP console at https://console.cloud.google.com/
• From the menu, select APIs and services, then Enabled APIs and services.
• Select and enable the Compute Engine API, the Cloud DNS API, the Cloud Resource Manager API, the Kubernetes Engine API, the Cloud Build API, and the Cloud Pub/Sub API.
• From the menu, select IAM & Admin, then Service Accounts.
• Select the Create service account button.
• Enter scarlet for the Service account name.
• Select the Create and continue button.
• Select the Viewer role.
• Select the Continue button.
• Select the Done button.
• Select the new service account that you just created, then from the Actions menu select Manage keys.
• Select Add key, then Create key.
• Select JSON, then the Create button.
• If everything works as expected, a file containing the key pair will now be saved to your computer.

OVHcloud

Where do you import assets from?

The approach that we use to obtain asset information is always evolving, but currently we use:

• VPS
• Load Balancers
• Firewalls
• Public IPs
• DNS Zones
• DNS Records

How do I obtain access credentials?

OVHcloud uses an Application key, Application secret and Consumer key as credentials. To create them, follow these steps:

• Browse to the API key creation form at https://eu.api.ovh.com/createToken/
• Enter your Account ID and Password.
• Enter scarlet for the Script name and Description.
• Set the Validity to Unlimited.
• Add the following rights:
  GET /
  GET /*
  
• Select the Create keys button.
• If everything works as expected, the new Application key, Application secret and Consumer key will now be displayed.