AWS Satellite
Connect securely to AWS organizations and accounts, with the AWS Automation Satellite providing 600+ runbooks.
Amazon Web Services
AWS resources brought into the CMDB
- EC2 instances, EBS volumes, snapshots & AMIs
- VPCs, subnets, route tables & built-in IPAM
- Elastic Load Balancers — ALB, NLB & GLB
- AWS Config & CloudTrail history
- Secrets Manager (with CMDB Vault & automation)
- CloudWatch metrics — compute, network & load balancers
- Cost & usage and AWS Backup
- Organization & account structure
Watch the AWS Satellites
Run AWS actions straight from the CMDB
Pair the discovery Satellite with the AWS Automation Satellite to act on what you find. It executes AWS Systems Manager (SSM) Commands and Automation Documents against your managed resources — directly from the CMDB-360 portal.
Hundreds of ready-to-run runbooks
Execute AWS-provided SSM runbooks against EC2, S3, VPC and more with a point-and-click from the portal — resource IDs are inherited automatically from the discovered CMDB record, so there’s nothing to look up. Bring your own custom SSM documents too.
Secured by CMDB-360 Vaults
Credentials for automation are stored in AWS Secrets Manager and accessed through CMDB-360 Vaults at run-time — so client secrets are never stored on the automation server or your team’s desktops, and a single key can serve many client accounts.
Deploy in minutes from the AWS Marketplace
The preferred path is the AWS-validated Marketplace appliance — a pre-built Ubuntu ARM AMI with the Satellite and all of its tools already installed. You can also launch it through CMDB-360 LaunchPad or install it on any supported Linux host.
AWS Marketplace appliance
AWS-validated AMI maintained in the Marketplace catalog. Search “CMDB-360,” choose your region, and deploy — the simplest, preferred option.
CMDB-360 LaunchPad
Launch one or many satellites as Docker containers from a single LaunchPad host that integrates automatically with the Base Station portal.
Linux installer
Install on any Oracle Linux 9+ or Ubuntu 22.04+ host (ARM or x86_64) with the graphical Installer or the non-interactive AutoInstaller. The public Docker image is also available.
We recommend deploying the Satellite inside the customer’s AWS account so sensitive data stays within their environment. Minimum footprint: 1 vCPU, 4 GB RAM, 20 GB disk. The Satellite needs only outbound HTTPS (443) to your Base Station and control server — no inbound ports are required.
A simple two-step setup
When you deploy with the Installer or AutoInstaller, configuration is handled for you. Otherwise the on-instance tools walk you through two steps.
1 · Connect to the Base Station
Using the AdminTool, point the Satellite at your MSP’s CMDB-360 Base Station with the host (SSL port 443 by default) and the unique access token issued for the Satellite, then save and restart services.
2 · Grant read-only AWS access
In AWS IAM, create a user (we suggest cmdb360), attach the AWS-managed ReadOnlyAccess policy, generate an access key, and configure the Satellite with those keys. Scope it down with a custom policy if you only want to expose part of the account.
The access keys are read-only and can be rotated at any time, and discovery of any resource type can be disabled from the Satellite scheduler — so the Satellite only ever sees what you choose to expose.
How the AWS Satellite protects data
The AWS Satellite runs inside the Amazon Web Services environment and sends only non-sensitive resource rosters and metadata to the CMDB-360 Base Station. Detailed information is streamed on demand and only while a user is viewing a record — nothing sensitive is stored outside the environment.