You can add an AWS data source in VMware Aria Operations for Networks.

Prerequisites

  • Configure the organization firewall for AWS API access. See Firewall Configuration for AWS API Access.
  • Create a standard account policy for the AWS account that you want to add in VMware Aria Operations for Networks. To create a policy, see Create a Standard Account Policy.
  • Create a user in the Standard AWS Account. To create a user in AWS, see Create a User in the Primary AWS Account.
  • If you have configured AWS API access with restricted IPs, you must whitelist the following IP address to allow communication between region specific VMware Aria Operations for Networks and AWS account:
    Region IP address
    AU 3.104.98.208
    CA 3.98.12.139
    DE 3.70.31.146
    JP 35.75.225.94
    US 44.241.36.197
    UK 18.168.184.20
    Note: You can locate a region from the browser URL that you use to access the service. For example, in the URL https://ca.www.mgmt.cloud.vmware.com/ni, ca indicates CA (Canada) region. Similarly in the URL https://us.www.mgmt.cloud.vmware.com/ni, us indicates the US region.

Procedure

  1. From the left navigation pane, go to Settings > Accounts and Data Sources.
  2. Click Add Source.
  3. Under Public Clouds, select Amazon Web Services.
  4. Enter your Amazon Access Key ID and corresponding Secret Access Key.
    Note: Your Amazon Access Key ID is a 20-digit string with a corresponding Secret Access Key. For more details, see http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html.
    Note: To add AWS Gov Cloud Region as a data source, create an AWS IAM user by using the recommended policy in the AWS account with access to the Gov Cloud region. Use the Access key and the Secret key for the newly created account to add the data source to VMware Aria Operations for Networks.
    This process takes around 15–20 minutes for adding and displaying your account data.
  5. From the Web Proxy (Optional) drop-down menu, select a web proxy.
    Note: The Web Proxy (Optional) is visible only if you have configured a web proxy in VMware Aria Operations for Networks.
  6. Click Validate.

    If the number of VMs discovered exceeds the capacity of the platform or a collector node or both, the validation fails. You will not be allowed to add a data source until you increase the brick size of the platform or create a cluster.

    The specified capacity for each brick size with and without flows is as follows:
    Brick Size VMs State of Flows
    Large 6k Enabled
    Large 10k Deactivated
    Medium 3k Enabled
    Medium 6k Deactivated
  7. After you have validated your AWS account, you can select Enable Flow data collection(Highly Recommended) to get deeper insights.
  8. (Optional) In the Nickname text box, enter a nickname.
  9. (Optional) In the Notes text box, add a note if necessary.
  10. Click Submit.