NetBrain uses API (more specifically, Boto3 SDK) to retrieve the data from AWS.

There are several ways to configure access to AWS, and each method will be explained in detail.

1. Key-based Access: Set up public and private keys so the NetBrain System can use static key(s) to discover AWS resources.
2. Role-based Access: Set up different roles for the NetBrain System to access AWS accounts, and it doesn’t require any static key.  
3. Combined Access: Configure the key-based access for one master account and then access the monitored accounts via the role-based access method.

Select one of the above options to set up API server for AWS resources discovery based on real need. NetBrain will use the configured credentials to send HTTP requests via Front Server. Therefore, Front Server is required to access the Amazon AWS websites from an Internet access perspective:  *.amazonaws.com. The minimum resource unit for an API Server scope is an Account that includes all the resources under it. Therefore, NetBrain does not recommend separating resources under one Account to a different API Server. One API Server is associated with an Account. Use IAM to control the account level of resources API discovery. If you have multiple accounts, set up one API Server for each account.

If your organization has hundreds or even thousands of accounts, you can use the corresponding REST APIs to add these accounts to the NetBrain API Server and automatically discover your AWS network. Refer to: Mass AWS Accounts Onboarding Rest APIs Usage Guide.