You can add a AWS cloud account instance to your VMware Aria Operations implementation. VMware Aria Operations collects data from Amazon Web Services (AWS) and supports both commercial and AWS GovCloud accounts. It covers multiple services and regions. You can also add application metrics and other custom metrics from your AWS services and use them in dashboards, alerts and reports.
Prerequisites
- For key-based authentication, obtain the Access Key and Secret Key values. See Generate Required Access Keys. These values are not the same as your log in credentials for the Amazon Web Services site.
- For role-based authentication, obtain the AWS IAM Role ARN, and External ID. For more information, see KB article 94820.
- Determine the services for which you collect metrics. See, Supported AWS Services. The default value * includes all services in your subscription. If you do not want to subscribe to all services, you can specify region identifiers in the Regions text box.
- Determine the regions to which you subscribe. Amazon Web Services are divided into different regions. The default value * includes all regions in your subscription. If you do not want to subscribe to all regions, you can specify region identifiers in the Regions text box.
Table 1. Amazon Web Services Regions for AWS Standard Account Region-Friendly Name Region Identifier US East (N. Virginia) us-east-1 US East (Ohio) us-east-2 US West (N. California) us-west-1 US West (Oregon) us-west-2 Asia Pacific (Hong Kong) ap-east-1 Asia Pacific (Tokyo) ap-northeast-1 Asia Pacific (Seoul) ap-northeast-2 Asia Pacific (Osaka-Local) ap-northeast-3 Asia Pacific (Mumbai) ap-south-1 Asia Pacific (Singapore) ap-southeast-1 Asia Pacific (Sydney) ap-southeast-2 Asia Pacific (Jakarta) ap-southeast-3 Canada (Central) ca-central-1 China (Beijing) cn-north-1 China (Ningxia) cn-northwest-1 Europe (Frankfurt) eu-central-1 Europe (Zurich) eu-central-2 Europe (Ireland) eu-west-1 Europe (London) eu-west-2 Europe (Paris) eu-west-3 Europe (Stockholm) eu-north-1 Europe (Milan) eu-south-1 Europe (Spain) eu-south-2 South America (São Paulo) sa-east-1 Africa (Cape Town) af-south-1 Middle East (Bahrain) me-south-1 Middle East (UAE) me-central-1 Table 2. Amazon Web Services Regions for AWS GovCloud (US) Account Region-Friendly Name Region Identifier AWS GovCloud (US-East) us-gov-east-1 AWS GovCloud (US) us-gov-west-1 - Determine any blocked list or allowed list filters. These filters use regular expressions to filter in or out specific objects by name. For example, an allowed list filter of .*indows.* allows only objects with a name including "indows". A blocked list filter of .*indows.* filters out all objects with that string in their name.
- To publish custom metrics to CloudWatch, see Publishing Custom Metrics.
- To collect additional metrics for EC2 through CloudWatch agent, set up the agent. For details, see Installing CloudWatch Agent.
Procedure
- In the left menu, click .
- On the Accounts tab, click ADD.
- On the Account Types page, click AWS.
- Configure the instance settings.
Option Action Name Enter a name for the adapter instance. Description Enter a description. Account Type Select the AWS account type. Select AWS Standard Account to set up a commercial AWS account.
Select AWS GovCloud (US) Account to set up a AWS GovCloud (US) account to monitor GovCloud services and regions.
Services/ GovCloud Services Select the services from which you want to capture metrics. If you want to collect metrics for specific services, then click the drop-down icon and select one or more services. For example, Amazon CloudFormation, Amazon EC2. If you do not select any of the services, the metrics for all the services get collected. The services marked with an asterix* for example, AWS AppSync* are grouped together under AWS Other Services. These services display the relationship with the regions only. For more information on supported AWS services, see Supported AWS Services.
Note: If you select AWS GovCloud (US) Account as the account type, you can only select the services applicable for AWS GovCloud (US).Regions/ GovCloud Regions Select the regions you want to subscribe to. If you want to subscribe to specific regions, then click the drop-down icon and select one or more regions. For example, US East (N. Virginia),US East (Ohio)
. If you want to subscribe to all the regions, do not select any of the regions.Note: If you select AWS GovCloud (US) Account as the account type, you can only select the regions applicable for AWS GovCloud (US). The regions for AWS GovCloud (US) are AWS GovCloud (US-East) and AWS GovCloud (US).Credential Add the credentials used to access the AWS environment by clicking the plus sign and select the Credential Kind. Note: For each credential kind, you must enter a Credential name. This name is not the name of the adapter instance, but a friendly name to identify the credential with ease.- Instance Profile Authentication: This authentication must be used by VMware SRE users only.
- Role-based authentication: Enter the Credential name, AWS IAM Role ARN, and the External ID. For more information, see KB article 94820.
- Key-based authentication: Use the AWS key-based authentication an application (running in an AWS Account) using access key and secret key.
Note: If you are configuring an AWS GovCloud (US) Account, then the access key and secret key values must be specific to AWS GovCloud.
Enter the Credential name and the Access Key and Secret Key values.
Optionally, enter any required local proxy information for your network.Note: This proxy information activates VMware Aria Operations that is deployed on a local network to have a public network access for AWS to collect statistics for its accounts.
Collector / Group Select the collector upon which you want to run the adapter instance. A collector gathers objects into its inventory for monitoring. The collector specified by default has been selected for optimal data collecting. - Click Test Connection to validate the connection.
- Click the arrow to the left of the Advanced Settings to configure advanced settings.
Option Action Collect Custom Metrics Set this option to true if you want to import all the custom metrics from your AWS account. To publish custom metrics in VMware Aria Operations, the metrics dimension names should match the following service mappings:Service Name Dimension Name dax_cluster ClusterId dax_node NodeId dynamodb TableName efs FileSystemId eks ClusterName elasticbeanstalk_env EnvironmentName redshift_node NodeID redshift_cluster ClusterIdentifier s3_bucket BucketName vpc_nat_gateway NatGatewayId vpc_vpn VpnId workspace WorkspaceId ec2_auto_scale_group AutoScalingGroupName cloudfront_distribution DistributionId direct_connect ConnectionId ec2_instance InstanceId ec2_volume VolumeId transit_gateway TransitGateway ecs_cluster ClusterName ecs_service ServiceName elasticache_cachecluster CacheClusterId elasticache_cachenode CacheNodeId ec2_load_balancer LoadBalancerName application_load_balancer LoadBalancer network_load_balancer LoadBalancer emr_job_flow JobFlowId lambda_function FunctionName rds_dbinstance DBInstanceIdentifier hosted_zone HostedZoneId health_check HealthCheckId sqs_queue QueueName amazon_neptune_db_instance DBInstanceIdentifier amazon_neptune_db_cluster DBClusterIdentifier amazon_personalize_data_import DatasetimportjobArn amazon_personalize_event_tracker EventTrackerArn amazon_personalize_solution SolutionArn amazon_personalize_campaign CampaignArn amazon_sagemaker_endpoint EndpointName amazon_sagemaker_batch_transform_job Host amazon_sagemaker_ground_truth_labeling_job LabelingJobName amazon_sagemaker_ground_truth_work_team Workteam amazon_global_accelerator Accelerator amazon_api_gw ApiName amazon_elastic_inference ElasticInferenceAcceleratorId amazon_glue_job JobName amazon_qldb_ledger LedgerName amazon_qldb_stream StreamId Support Auto Discovery Set this option to true for automatic discovery of AWS services. If you set this value to false, when you create an adapter instance you must perform a manual discovery of services. Allowed List Regex Add regular expressions to allow only objects with names that fit the criteria you specify. Blocked List Regex Add regular expressions to filter out objects by name. Actions Activated Activate this option to run actions specific to the AWS virtual machine using VMware Aria Operations. By default, this option is set to true. For details on running actions, see Power On, Power Off, and Reboot Actions.
Account ID The AWS account ID is auto populated. Each AWS account uses a unique account ID to run actions. The account ID is the same one used to log in Amazon Web Services site. - Click Save Settings.
What to do next
Make sure that VMware Aria Operations is collecting data.
Where to View the Information | Information to View |
---|---|
Collection Status and Collection State columns in the MP for AWS Solution Details pane on the Accounts tab on the Integrations page. | The collection status appears approximately 10 minutes after you have configured the adapter. |
Environment Overview | The objects related to AWS are added to the inventory trees. |
Dashboards | AWS dashboards are added to VMware Aria Operations. |