Configure Linux subscription discovery in License Manager
You can configure discovery of Linux subscriptions through the License Manager console, the AWS CLI, the License Manager Linux subscription API, or the associated SDKs. When you activate discovery of Linux subscriptions for the AWS Regions you specify, you can optionally extend discovery to your accounts in AWS Organizations. If you no longer want to track subscription utilization, you can also deactivate discovery.
Note
You can discover and display up to 5,000 resources per account per AWS Region by default.
To request an increase to these limits, use the
limit increase form
Topics
Configure Linux subscription discovery
To configure Linux subscription discovery from the Settings page in the License Manager console, follow these steps:
Open the License Manager console at https://console.aws.amazon.com/license-manager/
. -
In the navigation pane, choose Settings. This opens the Settings page.
-
Open the Linux subscriptions tab, and choose Configure. This opens the Configure Linux subscriptions settings panel.
-
Select the Source AWS Regions where Linux subscription discovery should run.
-
To aggregate subscription data across your accounts in AWS Organizations, select Link AWS Organizations. This option only appears if AWS Organizations is configured for your account.
-
Review and acknowledge the option that grants AWS License Manager permission to create a service-linked role for Linux subscriptions.
-
Choose Save configuration.
Activate Red Hat Subscription Manager subscription discovery
To retrieve subscription information from Red Hat Subscription Manager (RHSM) on your behalf, License Manager must provide your Red Hat customer account API credentials.
Prerequisites
Before you activate subscription discovery, make sure that you've met the following prerequisites.
-
Default discovery for Linux subscriptions must be activated for your AWS account before you can configure RHSM subscription discovery. If default discovery is Not activated, see Configure Linux subscription discovery.
-
If you use a corporate Red Hat login provided by your Organization Administrator, ensure that your login ID has the following roles and permissions assigned:
-
Role: Manage your subscriptions
-
Permissions:
View All
, orView/Edit All
If your login ID doesn't have the required roles and permissions, contact your Red Hat portal Organization Administrator and request to add them to your login. For more information about Red Hat roles and permissions, see Roles and Permissions for Red Hat Customer Portal
. For more information about how to contact your Red Hat Portal Organization Administrator, see How do I know who my Organization Administrator is? in the Red Hat Customer Portal Knowledgebase. -
-
To activate RHSM subscription discovery, you must provide the Red Hat customer account API offline token, or an AWS Secrets Manager secret that contains the offline token. To get your offline token, follow the steps described in Generating a new offline token
on the Red Hat Documentation website. Important
Your security is important to us. Your Red Hat offline access token is stored securely in Secrets Manager. License Manager uses your secret to generate a temporary access token each time it requests subscription details from Red Hat.
Activation
To activate RHSM discovery from the Settings page in the License Manager console, follow these steps:
Open the License Manager console at https://console.aws.amazon.com/license-manager/
. -
In the navigation pane, choose Settings.
-
On the Settings page, open the Linux subscriptions tab.
-
Choose Edit to update your Linux subscription settings. This opens the Configure Linux subscriptions discovery page.
-
To begin the activation process, select the Activate Red Hat Subscription Manager (RHSM) discovery check box. This displays the Link RHSM account panel.
-
Select the Secret (Token) option that applies for your secret, and follow remaining steps that depend on which option you choose.
-
Option: Create a new secret – recommended
Provide the Red Hat offline access token and let License Manager create the access secret in Secrets Manager on your behalf.
-
Enter a name for your secret in Secret name.
-
Paste your Red Hat offline access token into the Offline token box. Make sure that there are no extra spaces or line breaks before or after your token value. You can generate your Red Hat offline access token on the Red Hat Subscription Manager API Tokens
page.
Option: Select a secret
Select an existing secret in Secrets Manager that contains your Red Hat offline access token.
-
-
(optional) Add tags for your secret.
-
Select the check box at the bottom of the page to acknowledge that by activating Red Hat Subscription Manager discovery, you grant access to the AWS License Manager service to collect data that relates to Red Hat subscriptions used on Amazon EC2 instances.
-
Choose Activate.
Resource discovery status reasons
AWS License Manager will display a status and a corresponding status reason for each AWS Region you choose to enable discovery for Linux subscriptions. The status reason will vary if you have linked Linux subscriptions with AWS Organizations:
-
In progress
-
Successful
-
Failed
The status reason that displays for each Region you choose will show up to two status reasons at a time. The following table provides more detail:
Status reason action | Description |
---|---|
Account-onboard |
Onboarding a single account. |
Account-offboard |
Offboarding a single account. |
Org-onboard |
Onboarding an entire organization. |
Org-offboard |
Offboarding an entire organization. |
You can call the UpdateServiceSettings
API and subsequently call the
GetServiceSettings
API to monitor the progress of enabling Linux subscriptions.
Each status and status reason can apply to multiple Regions at once. The follow table provides
more detail on the status and status reason:
Status | Status reason | Description |
---|---|---|
In Progress | "Region": "Account-Onboard: Pending" |
Enabling Linux subscriptions for a single account is in progress. |
"Region": "Org-Onboard: Pending" |
Enabling Linux subscriptions for an organization is in progress. | |
"Region": "Account-Offboard: Pending |
Disabling Linux subscriptions for a single account is in progress. | |
"Region": "Org-Offboard: Pending |
Disabling Linux subscriptions for an organization is in progress. | |
Successful | "Region": "Account-Onboard: Successful" |
Enabling Linux subscriptions for a single account was successful. |
"Region": "Org-Onboard: Successful" |
Enabling Linux subscriptions for an organization was successful. | |
"Region": "Account-Offboard: Successful |
Disabling Linux subscriptions for a single account was successful. | |
"Region": "Org-Offboard: Successful |
Disabling Linux subscriptions for an organization was successful. | |
Failed | "Region": "Account-Onboard: Failed - Service-linked role not
present" |
Enabling Linux subscriptions for a single account has failed due to the required service-linked role not being created. Create the required role, and try again. |
"Region": "Account-Onboard: Failed - An internal error occurred" |
Enabling Linux subscriptions for a single account has failed due to an internal error. | |
"Region": "Org-Onboard: Failed - Account isn't the management
account" |
Enabling Linux subscriptions for an organization has failed due to the account performing the operation not being the organization's management account. Log in to the management account, and try again. | |
"Region": "Org-Onboard: Failed - Account isn't part of an
organization" |
Enabling Linux subscriptions for an organization has failed due to the account performing the operation not being in an organization. Try the operation from an account in the organization, or add this account to the organization, and try again. | |
"Region": "Org-Onboard: Failed - Linux subscriptions can't access the
organization" |
Enabling Linux subscriptions for an organization has failed due to License Manager not having permissions to access the organization. Create the service-linked role for Linux subscriptions, and try again. |
Deactivate discovery of Linux subscriptions
You can deactivate discovery of Linux subscriptions from the AWS License Manager settings page. However, if you have activated discovery for
Warning
If you disable discovery, all of your data previously discovered for Linux subscriptions will be removed from AWS License Manager.
To disable discovery for Linux subscriptions
Open the License Manager console at https://console.aws.amazon.com/license-manager/
. -
In the left navigation pane, choose Settings.
-
On the Settings page, choose the Linux subscriptions tab and choose Disable Linux subscription discovery.
-
Enter
Disable
and then choose Disable to confirm deactivation. -
(Optional) Remove the service-linked role used for Linux subscriptions. For more information, see Delete a service-linked role for License Manager.
-
(Optional) Disable trusted access between License Manager and your organization. For more information, see AWS License Manager and AWS Organizations.