This topic describes the objects you create in Amazon Web Services (AWS) so that you can deploy Ops Manager.
Use the information in this topic to determine the resource requirements of Ops Manager on AWS, or to verify that you have created the correct resources after completing the procedures in Preparing to Deploy Ops Manager on AWS and Deploying Ops Manager on AWS.
As part of the preparing to deploy process, you must create the following S3 buckets from the S3 Dashboard:
pcf-ops-manager-bucketpcf-buildpacks-bucketpcf-packages-bucketpcf-resources-bucketpcf-droplets-bucketThese buckets must be empty when you install or reinstall Ops Manager.
See Create S3 Buckets in Preparing to Deploy Ops Manager on AWS.
You must create either an IAM role or an IAM user for Ops Manager named pcf-user from the Identity and Access Management Dashboard, using the policy document included in Ops Manager for AWS Policy Document.
See Create an IAM Role or User for Ops Manager in Preparing to Deploy Ops Manager on AWS.
You must generate a key pair named pcf-ops-manager-key. For more information about setting up a key pair, see Amazon EC2 Key Pairs in the AWS documentation.
You must create a VPC with public and private subnets from the VPC Dashboard.
The following table lists the subnets in CIDR block 10.0.0.0/16.
| Name | AZ | IPv4 CIDR block |
|---|---|---|
pcf-public-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.0.0/24 |
pcf-public-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.1.0/24 |
pcf-public-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.2.0/24 |
pcf-management-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.16.0/28 |
pcf-management-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.16.16/28 |
pcf-management-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.16.32/28 |
pcf-ert-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.4.0/24 |
pcf-ert-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.5.0/24 |
pcf-ert-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.6.0/24 |
pcf-services-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.8.0/24 |
pcf-services-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.9.0/24 |
pcf-services-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.10.0/24 |
pcf-rds-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.12.0/24 |
pcf-rds-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.13.0/24 |
pcf-rds-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.14.0/24 |
See Create a VPC in Preparing to Deploy Ops Manager on AWS.
You must create a NAT Gateway when creating a VPC.
See Create a NAT Gateway in Preparing to Deploy Ops Manager on AWS.
The following sections describe the security groups you must create from the EC2 Dashboard.
The Ops Manager Security Group must be named pcf-ops-manager-security-group and have the following inbound rules:
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| HTTP | TCP | 80 | My IP |
| HTTPS | TCP | 443 | My IP |
| SSH | TCP | 22 | My IP |
| BOSH Agent | TCP | 6868 | 10.0.0.0/16 |
| BOSH Director | TCP | 25555 | 10.0.0.0/16 |
See Configure a Security Group for Ops Manager in Preparing to Deploy Ops Manager on AWS.
The BOSH-deployed VMs Security Group must be named pcf-vms-security-group and have the following inbound rules:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| All traffic | All | 0 - 65535 | Custom IP | 10.0.0.0/16 |
| Custom TCP rule | TCP | 2222 | Anywhere | 0.0.0.0/0 |
See Configure a Security Group for BOSH-Deployed VMs in Preparing to Deploy Ops Manager on AWS.
The Web ELB Security Group must be named pcf-web-elb-security-group and have the following inbound rules:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| Custom TCP rule | TCP | 4443 | Anywhere | 0.0.0.0/0 |
| HTTP | TCP | 80 | Anywhere | 0.0.0.0/0 |
| HTTPS | TCP | 443 | Anywhere | 0.0.0.0/0 |
See Configure a Security Group for the Web ELB in Preparing to Deploy Ops Manager on AWS.
The TCP ELB Security Group must be named pcf-tcp-elb-security-group and have the following inbound rule:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| Custom TCP rule | TCP | 1024 - 1123 | Anywhere | 0.0.0.0/0 |
The TCP ELB Security Group must have the following outbound rule:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| All traffic | All | All | Anywhere | 0.0.0.0/0 |
See Configure a Security Group for the TCP ELB in Preparing to Deploy Ops Manager on AWS.
The MySQL Security Group must be named pcf-mysql-security-group and have the following inbound rule:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| MySQL | TCP | 3306 | Custom IP | 10.0.0.0/16 |
The MySQL Security Group must have the following outbound rule:
| Type | Protocol | Port Range | Destination | |
|---|---|---|---|---|
| All traffic | All | All | Custom IP | 10.0.0.0/16 |
See Configure a Security Group for MySQL in Preparing to Deploy Ops Manager on AWS.
You must locate the public Ops Manager AMI using the AMI ID provided by the PDF downloaded when clicking Ops Manager for AWS on VMware Tanzu Network.
See Step 1: Launch an Ops Manager AMI in Deploying Ops Manager on AWS.
The following sections describe the ELBs you must create from the EC2 Dashboard.
You must create a web ELB with the following configuration:
pcf-web-elbpcf-vpcpcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2pcf-elb-security-group/healthSee Step 2: Create Web Load Balancer in Deploying Ops Manager on AWS.
pcf-ssh-elbpcf-vpcpcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2pcf-ssh-security-groupSee Step 3: Create SSH Load Balancer in Deploying Ops Manager on AWS.
pcf-tcp-elbpcf-vpcpcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2pcf-tcp-security-groupSee Step 4: Create TCP Load Balancer in Deploying Ops Manager on AWS.
You must navigate to your DNS provider and create CNAME and A records for all three of your load balancers.
See Step 5: Configure DNS Records in Deploying Ops Manager on AWS.
You must create a subnet group for RDS named pcf-rds-subnet-group from the RDS Dashboard.
See Step 6: Create RDS Subnet Group in Deploying Ops Manager on AWS.
You must create a MySQL database from the RDS Dashboard.
See Step 7: Create a MySQL Database using AWS RDS in Deploying Ops Manager on AWS.
