Importing AWS Resources into Assets in Jira Assets Management

The ability to manage and track AWS resources within Jira Service Management provides organizations with enhanced visibility and control over their cloud infrastructure. In this blog we walk you through importing various AWS resources into Assets in JSM.

Setting Up AWS for Integration

Before importing AWS resources into Assets in Jira Service Management, we need to establish proper connectivity to AWS through IAM permissions and policies. Here are the steps to set up the connection:

1. Create an IAM User for Importing

First, create an IAM user in AWS that will be used for importing data into Assets:

• Navigate to the AWS Management Console
• Go to the IAM service
• Create a new user dedicated for the Assets import process
• Obtain the IAM key and secret which will be used in the Assets configuration

2. Create an Import Policy

To ensure the IAM user has the proper permissions to access AWS resources for import:

• In the IAM console, create a new policy
• Select JSON and paste the necessary permissions from the Assets_Import-Policy-Permissions.json file
• Save the policy with an appropriate name (e.g., “Assets import permissions”)

Here’s a sample policy structure (note: this is a simplified example):

{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “AssetsImportPermissions20250318”, “Effect”: “Allow”, “Action”: [ “ec2:Describe*”, “s3:List*”, “s3:Get*”, “lambda:List*”, “lambda:Get*”, “ecr:Describe*”, “ecr:List*”, “rds:Describe*”, “config:List*”, “ssm:Describe*”, “ssm:Get*” ], “Resource”: “*” } ] }

3. Assign the Policy to the IAM User

After creating the policy, assign it to the IAM user:

• In the IAM console, locate the user you created
• Attach the import policy to this user

4. Create an SSM Policy and Role (for Detailed EC2 Information)

To get detailed attributes for EC2 instances, we need to have the SSM-Agent installed on the EC2 instances and create an SSM role:

• Create a new policy in IAM
• Select JSON and paste the contents of SSM-Role-Policy-Permissions.json
• Save the policy (e.g., as “Assets SSM role”)
• Create a role and attach this policy
• Modify the Trusted Relationships for the role to match the contents of SSM-Role-Trust-relationships.json

This step is crucial for collecting detailed instance information. If the SSM Agent isn’t available or the role isn’t assigned, certain detailed information about EC2 instances won’t be available.

Resource Attributes

Here are sample resources attributes that an pulled from the API to be imported into Assets.

EC2 Resources (Hosts and Instances)

EC2 instances are a primary resource type imported from AWS. With proper configuration, you can import:

• EC2 host information
• Instance details including instance type, state, and launch time
• Detailed system information (when SSM is configured) including:
• Operating system details
• CPU information
• Memory utilization
• Disk space and configuration

The SSM-Agent enables collection of detailed attributes from EC2 instances. Without this agent and the appropriate role configuration, you’ll still import basic EC2 information, but detailed system specifications won’t be available.

AWS ECR Repositories

For container registry resources, the import can include:

• Repository name and ARN
• URICreation date
• Image count
• Tags

AWS VPC and Network Resources

Network infrastructure components that can be imported include:

• VPC ID and CIDR blocks
• Subnets
• Route tables
• Internet gateways
• NAT gateways
• Network ACLs

AWS Tags

Tags are key-value pairs attached to AWS resources that provide metadata about those resources. During import, these tags are captured and can be:

• Used for filtering and organizing assets
• Mapped to custom fields in your Assets schema
• Leveraged for reporting and analytics

Operating Systems & CPU Information

When SSM is properly configured, detailed operating system and hardware information can be imported:

• OS type and version
• Kernel details
• CPU model and specifications
• Number of cores and threads
• CPU utilization metrics

Databases (RDS)

Database resources that can be imported include:

• Database instance identifier
• Engine type and version
• Instance class
• Storage allocation
• Multi-AZ configuration
• Backup retention period

S3 Buckets

For S3 storage resources, the import can include:

• Bucket name and ARN
• Creation date
• Region
• Storage class information
• Versioning status
• Public access settings

Security Groups

Security group information that can be imported includes:

• Security group ID and name
• Associated VPC
• Inbound and outbound rules
• Protocol details
• Port ranges
• Source/destination IP ranges

Using OnLink for AWS Resource Import (Beta)

We recently launched support for AWS integration in OnLink. Please note this is a beta release and we will add full support with additional field mapping soon.

Connection to AWS

Retrieve your AWS Access Key and Secret Access Key from AWS Console and use it to establish the connection.

Asset Schema Mapping

Map API fields to Jira Asset attributes(Sample Below):

key:InstanceId=Instance ID
map:InstanceType=Instance Type
map:Region=AWS Region
map:OS=Operating System
map:CPU=CPU Information

Reference Blogs

Here are a few past blogs that you might find useful:

• Importing Ivanti data to Assets in Jira Service Management
• Assets in JSM: Why Synchronizing Employee, User Governance, and Device Data Matters
• Integrating Apple MDM Data from Kandji with Assets in Jira Service Management

We want to hear your feedback

If you have a requirement to import AWS Resources to Assets, we’d like to hear from you on the resource objects and field mapping. Please give OnLink a try and we’d love to hear your feedback.