Skip to content

Onboard

MeshLens Vendor Insights

MeshLens fully integrates with AWS Vendor Insights. With Vendor Insights, you can:

  1. Validate Zymera as a vendor faster.
  2. Continually monitor MeshLens as a product for risk management and compliance.
  3. Get security profile notifications.

To access the security profile for MeshLens, follow the instructions in AWS Marketplace product page at Vendor Insights section.

Set up product

When you click “Set up your account” from AWS Marketplace subscriptions page, you will be directed to MeshLens SaaS Setup page. Use the information here to complete onboarding.

Registration

Submit your contact information using the form in the setup page.

Single Sign-on (SSO)

Assuming you are already using AWS SSO with your workforce identities, please follow the setups below to create a Custom SAML 2.0 application.

  1. Go to your AWS SSO dashboard.
  2. Navigate to Applications | Add Application | Custom Application | Next
  3. Enter the following information
    1. Display Name: Zymera MeshLens
    2. Description: MeshLens application
    3. Application ACS URL: [Copy from the setup page]
    4. Application SAML audience: [Copy from the setup page]
  4. From IAM Identity Center metadata section, download the “IAM Identity Center SAML metadata file”.
  5. Update session duration or leave it at default.
  6. Click Submit.
  7. Upload the metadata file using the form in the setup page.

  8. Navigate to Applications | Zymera MeshLens | Actions | Edit attribute mapping.

  9. For Subject attribute mapping enter ${user:email}

  10. Add another attribute named email, maps to: ${user:email}, format: unspecified
  11. Click “Save changes”.
  12. Navigate to Applications | Zymera MeshLens | Assign users
  13. Choose users and groups in your organization you want to grant access to Zymera MeshLens application.

Tip

You can learn more about SSO application user access assignment here, and attribute mappings here.

Account Integration

MeshLens pulls metadata across your different account and regions and unifies into the catalog as consolidated entities. We use cross account role to query metadata APIs. Please follow the steps below to list the account-region pairs you want to integrate and set up the necessary permissions. You can see the cross account role permissions here.

Note

You need to have permissions for stack operations to deploy the stack.

  1. Decide which account and region you would like to register with MeshLens. This account should have Glue tables, jobs, workflows, quality checks enabled to provide the necessary metadata. You can either use an empty account with a sample stack or use an existing account. If this is the first time you are integrating with MeshLens, it is highly recommended using the former.

  2. Log on to the account/region you have chosen.

  3. In the setup page, copy Launch Stack URL to navigate or click on the “Launch Stack” button to deploy the permissions.

  4. Repeat steps 2 & 3 for all accounts.

  5. Navigate to the setup page and submit the comma separated account_region pairs e.g., 11111_us-west-2, 22222_us-east-2.

Note

It is recommended to start with a single account and region and extend to others after completing all the steps.

Tip

You can add more accounts later by running the stack and submitting the information in the setup page.

Application Access

While your dedicated MeshLens environment is being created, you will see the status “In Progress” in this section. When completed, you will see the URL of the web app. To initiate the login follow the steps below.

  1. Go to the AWS SSO start URL of your organization.
  2. Click on the app named “Zymera MeshLens” to be directed to the web app.
  3. Congratulations! You completed the setup steps for MeshLens. Continue on simulation account or existing account to add MeshLens metadata.

Simulation Account [Optional]

The stack here helps you set up a basic data stack and necessary resources, tagging to create MeshLens entities and relations. You can deploy this stack in any of the account-region pair you listed in the Account Integration step.

Note

You can view the deployed stack template file here.

  1. As a prerequisite, deploy the AWS Glue Tagger SAR(GitHub) which allows us to tag Glue resources in the Cloud Formation templates.

  2. Deploy the sample stack. Image

  3. When deployment of the stack is complete, navigate to Glue Workflow and run it.

  4. MeshLens web app will show the entities, insights, and relations from the metadata. You can find more information on different components and their functionality in the use section.

  5. Review the deployed stack and the information on resource groups and tagging sections to learn about configuration needed for MeshLens metadata.

  6. Clean up the sample stack when you are done.

Existing Account

If you are using and existing account where you have Glue environment ready all you need to do deploy resource groups and add some tagging. See the resource groups and tagging sections on how to configure these.

AWS Marketplace Cost and Vendor Tagging

MeshLens SaaS application provides vendor tagging while reporting the costs associated with the usage. To view these as cost allocation tags, they need to be enabled using the instructions here.