Add PE credentials to Comply

Puppet Comply is an add-on to Puppet Enterprise (PE). To allow Comply to communicate with PE, you must add your PE credentials to Comply.

Before you begin
Make sure you've installed Comply and comply module, and classified the nodes you want to scan in PE.

Adding your PE credentials authenticates Comply with Role Based Access Control (RBAC). Your PE account requires the following permissions:

Type Action Instance
Console View -
Job Orchestrator Start, stop and view jobs -
Node Groups View All
Nodes View node data from PuppetDB -
Tasks Run Tasks

Task: comply::backup_assessor

Permitted on : All nodes
Tasks Run Tasks

Task: comply::ciscat_scan

Permitted on: All nodes
For more information on permissions, see RBAC permissions.
  1. Navigate to Comply — located at https://[COMPLY-HOSTNAME]/ — and click Settings.
  2. Enter your PE hostname, username, and password.
  3. Click Submit.
    Tip: You can refresh the PE node and fact information by clicking Refresh data.
Results
You’ll now see a list of your classified nodes on the Nodes page.
What to do next
You have completed the installation and configuration process! You can now start running CIS scans on your nodes. If you're new to Comply, try out the getting started guide.