You can add a AWS cloud account instance to your VMware Aria Operations implementation. VMware Aria Operations collects data from Amazon Web Services (AWS) and supports both commercial and AWS GovCloud accounts. It covers multiple services and regions. You can also add application metrics and other custom metrics from your AWS services and use them in dashboards, alerts and reports.

Prerequisites

  • For key-based authentication, obtain the Access Key and Secret Key values. See Generate Required Access Keys. These values are not the same as your log in credentials for the Amazon Web Services site.
  • For role-based authentication, obtain the AWS IAM Role ARN, and External ID. For more information, see KB article 94820.
  • Determine the services for which you collect metrics. See, Supported AWS Services. The default value * includes all services in your subscription. If you do not want to subscribe to all services, you can specify region identifiers in the Regions text box.
  • Determine the regions to which you subscribe. Amazon Web Services are divided into different regions. The default value * includes all regions in your subscription. If you do not want to subscribe to all regions, you can specify region identifiers in the Regions text box.
    Table 1. Amazon Web Services Regions for AWS Standard Account
    Region-Friendly Name Region Identifier
    US East (N. Virginia) us-east-1
    US East (Ohio) us-east-2
    US West (N. California) us-west-1
    US West (Oregon) us-west-2
    Asia Pacific (Hong Kong) ap-east-1
    Asia Pacific (Tokyo) ap-northeast-1
    Asia Pacific (Seoul) ap-northeast-2
    Asia Pacific (Osaka-Local) ap-northeast-3
    Asia Pacific (Mumbai) ap-south-1
    Asia Pacific (Singapore) ap-southeast-1
    Asia Pacific (Sydney) ap-southeast-2
    Asia Pacific (Jakarta) ap-southeast-3
    Canada (Central) ca-central-1
    China (Beijing) cn-north-1
    China (Ningxia) cn-northwest-1
    Europe (Frankfurt) eu-central-1
    Europe (Zurich) eu-central-2
    Europe (Ireland) eu-west-1
    Europe (London) eu-west-2
    Europe (Paris) eu-west-3
    Europe (Stockholm) eu-north-1
    Europe (Milan) eu-south-1
    Europe (Spain) eu-south-2
    South America (São Paulo) sa-east-1
    Africa (Cape Town) af-south-1
    Middle East (Bahrain) me-south-1
    Middle East (UAE) me-central-1
    Table 2. Amazon Web Services Regions for AWS GovCloud (US) Account
    Region-Friendly Name Region Identifier
    AWS GovCloud (US-East) us-gov-east-1
    AWS GovCloud (US) us-gov-west-1
  • Determine any blocked list or allowed list filters. These filters use regular expressions to filter in or out specific objects by name. For example, an allowed list filter of .*indows.* allows only objects with a name including "indows". A blocked list filter of .*indows.* filters out all objects with that string in their name.
  • To publish custom metrics to CloudWatch, see Publishing Custom Metrics.
  • To collect additional metrics for EC2 through CloudWatch agent, set up the agent. For details, see Installing CloudWatch Agent.

Procedure

  1. In the left menu, click Data Sources > Integrations.
  2. On the Accounts tab, click ADD.
  3. On the Account Types page, click AWS.
  4. Configure the instance settings.
    Option Action
    Name Enter a name for the adapter instance.
    Description Enter a description.
    Account Type Select the AWS account type.

    Select AWS Standard Account to set up a commercial AWS account.

    Select AWS GovCloud (US) Account to set up a AWS GovCloud (US) account to monitor GovCloud services and regions.

    Services/ GovCloud Services Select the services from which you want to capture metrics. If you want to collect metrics for specific services, then click the drop-down icon and select one or more services. For example, Amazon CloudFormation, Amazon EC2. If you do not select any of the services, the metrics for all the services get collected.

    The services marked with an asterix* for example, AWS AppSync* are grouped together under AWS Other Services. These services display the relationship with the regions only. For more information on supported AWS services, see Supported AWS Services.

    Note: If you select AWS GovCloud (US) Account as the account type, you can only select the services applicable for AWS GovCloud (US).
    Regions/ GovCloud Regions Select the regions you want to subscribe to. If you want to subscribe to specific regions, then click the drop-down icon and select one or more regions. For example, US East (N. Virginia),US East (Ohio). If you want to subscribe to all the regions, do not select any of the regions.
    Note: If you select AWS GovCloud (US) Account as the account type, you can only select the regions applicable for AWS GovCloud (US). The regions for AWS GovCloud (US) are AWS GovCloud (US-East) and AWS GovCloud (US).
    Credential Add the credentials used to access the AWS environment by clicking the plus sign and select the Credential Kind.
    Note: For each credential kind, you must enter a Credential name. This name is not the name of the adapter instance, but a friendly name to identify the credential with ease.
    • Instance Profile Authentication: This authentication must be used by VMware SRE users only.
    • Role-based authentication: Enter the Credential name, AWS IAM Role ARN, and the External ID. For more information, see KB article 94820.
    • Key-based authentication: Use the AWS key-based authentication an application (running in an AWS Account) using access key and secret key.
      Note: If you are configuring an AWS GovCloud (US) Account, then the access key and secret key values must be specific to AWS GovCloud.

      Enter the Credential name and the Access Key and Secret Key values.

      Optionally, enter any required local proxy information for your network.
      Note: This proxy information activates VMware Aria Operations that is deployed on a local network to have a public network access for AWS to collect statistics for its accounts.
    Collector / Group Select the collector upon which you want to run the adapter instance. A collector gathers objects into its inventory for monitoring. The collector specified by default has been selected for optimal data collecting.
  5. Click Test Connection to validate the connection.
  6. Click the arrow to the left of the Advanced Settings to configure advanced settings.
    Option Action
    Collect Custom Metrics Set this option to true if you want to import all the custom metrics from your AWS account.
    To publish custom metrics in VMware Aria Operations, the metrics dimension names should match the following service mappings:
    Service Name Dimension Name
    dax_cluster ClusterId
    dax_node NodeId
    dynamodb TableName
    efs FileSystemId
    eks ClusterName
    elasticbeanstalk_env EnvironmentName
    redshift_node NodeID
    redshift_cluster ClusterIdentifier
    s3_bucket BucketName
    vpc_nat_gateway NatGatewayId
    vpc_vpn VpnId
    workspace WorkspaceId
    ec2_auto_scale_group AutoScalingGroupName
    cloudfront_distribution DistributionId
    direct_connect ConnectionId
    ec2_instance InstanceId
    ec2_volume VolumeId
    transit_gateway TransitGateway
    ecs_cluster ClusterName
    ecs_service ServiceName
    elasticache_cachecluster CacheClusterId
    elasticache_cachenode CacheNodeId
    ec2_load_balancer LoadBalancerName
    application_load_balancer LoadBalancer
    network_load_balancer LoadBalancer
    emr_job_flow JobFlowId
    lambda_function FunctionName
    rds_dbinstance DBInstanceIdentifier
    hosted_zone HostedZoneId
    health_check HealthCheckId
    sqs_queue QueueName
    amazon_neptune_db_instance DBInstanceIdentifier
    amazon_neptune_db_cluster DBClusterIdentifier
    amazon_personalize_data_import DatasetimportjobArn
    amazon_personalize_event_tracker EventTrackerArn
    amazon_personalize_solution SolutionArn
    amazon_personalize_campaign CampaignArn
    amazon_sagemaker_endpoint EndpointName
    amazon_sagemaker_batch_transform_job Host
    amazon_sagemaker_ground_truth_labeling_job LabelingJobName
    amazon_sagemaker_ground_truth_work_team Workteam
    amazon_global_accelerator Accelerator
    amazon_api_gw ApiName
    amazon_elastic_inference ElasticInferenceAcceleratorId
    amazon_glue_job JobName
    amazon_qldb_ledger LedgerName
    amazon_qldb_stream StreamId
    Support Auto Discovery Set this option to true for automatic discovery of AWS services. If you set this value to false, when you create an adapter instance you must perform a manual discovery of services.
    Allowed List Regex Add regular expressions to allow only objects with names that fit the criteria you specify.
    Blocked List Regex Add regular expressions to filter out objects by name.
    Actions Activated Activate this option to run actions specific to the AWS virtual machine using VMware Aria Operations. By default, this option is set to true.

    For details on running actions, see Power On, Power Off, and Reboot Actions.
    Account ID The AWS account ID is auto populated. Each AWS account uses a unique account ID to run actions. The account ID is the same one used to log in Amazon Web Services site.
  7. Click Save Settings.

What to do next

Make sure that VMware Aria Operations is collecting data.

Where to View the Information Information to View
Collection Status and Collection State columns in the MP for AWS Solution Details pane on the Accounts tab on the Integrations page. The collection status appears approximately 10 minutes after you have configured the adapter.
Environment Overview The objects related to AWS are added to the inventory trees.
Dashboards AWS dashboards are added to VMware Aria Operations.