This topic tells you about the objects that can be created in Amazon Web Services (AWS) to deploy VMware Tanzu Operations Manager.
Use the information in this topic to determine the resource requirements of Tanzu Operations Manager on AWS, or to verify that you have created the correct resources after completing the procedures in Preparing to Deploy Tanzu Operations Manager on AWS and Deploying Tanzu Operations Manager on AWS.
As part of the preparing to deploy process, you must create the following S3 buckets from the S3 Dashboard:
pcf-ops-manager-bucket
pcf-buildpacks-bucket
pcf-packages-bucket
pcf-resources-bucket
pcf-droplets-bucket
These buckets must be empty when you install or reinstall Tanzu Operations Manager.
See Create S3 Buckets in Preparing to Deploy Tanzu Operations Manager on AWS.
You must create either an IAM role or an IAM user for Tanzu Operations Manager named pcf-user
from the Identity and Access Management Dashboard, using the policy document included in Tanzu Operations Manager for AWS Policy Document.
See Create an IAM Role or User for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.
You must generate a key pair named pcf-ops-manager-key
. For more information about setting up a key pair, see Amazon EC2 Key Pairs in the AWS documentation.
You must create a VPC with public and private subnets from the VPC Dashboard.
See Create a VPC in Preparing to Deploy Tanzu Operations Manager on AWS.
The following table lists the subnets in CIDR block 10.0.0.0/16
.
Name | AZ | IPv4 CIDR block |
---|---|---|
pcf-public-subnet-az0 |
REGION-#a (for example, us-west-2a ) |
10.0.0.0/24 |
pcf-public-subnet-az1 |
REGION-#b (for example, us-west-2b ) |
10.0.1.0/24 |
pcf-public-subnet-az2 |
REGION-#c (for example, us-west-2c ) |
10.0.2.0/24 |
pcf-management-subnet-az0 |
REGION-#a (for example, us-west-2a ) |
10.0.16.0/28 |
pcf-management-subnet-az1 |
REGION-#b (for example, us-west-2b ) |
10.0.16.16/28 |
pcf-management-subnet-az2 |
REGION-#c (for example, us-west-2c ) |
10.0.16.32/28 |
pcf-ert-subnet-az0 |
REGION-#a (for example, us-west-2a ) |
10.0.4.0/24 |
pcf-ert-subnet-az1 |
REGION-#b (for example, us-west-2b ) |
10.0.5.0/24 |
pcf-ert-subnet-az2 |
REGION-#c (for example, us-west-2c ) |
10.0.6.0/24 |
pcf-services-subnet-az0 |
REGION-#a (for example, us-west-2a ) |
10.0.8.0/24 |
pcf-services-subnet-az1 |
REGION-#b (for example, us-west-2b ) |
10.0.9.0/24 |
pcf-services-subnet-az2 |
REGION-#c (for example, us-west-2c ) |
10.0.10.0/24 |
pcf-rds-subnet-az0 |
REGION-#a (for example, us-west-2a ) |
10.0.12.0/24 |
pcf-rds-subnet-az1 |
REGION-#b (for example, us-west-2b ) |
10.0.13.0/24 |
pcf-rds-subnet-az2 |
REGION-#c (for example, us-west-2c ) |
10.0.14.0/24 |
You must create a NAT Gateway when creating a VPC.
See Create a NAT Gateway in Preparing to Deploy Tanzu Operations Manager on AWS.
The following sections describe the security groups you must create from the EC2 Dashboard.
The Tanzu Operations Manager Security Group must be named pcf-ops-manager-security-group
and have the following inbound rules.
See Configure a Security Group for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.
Type | Protocol | Port Range | Source |
---|---|---|---|
HTTP | TCP | 80 | My IP |
HTTPS | TCP | 443 | My IP |
SSH | TCP | 22 | My IP |
BOSH Agent | TCP | 6868 | 10.0.0.0/16 |
BOSH Director | TCP | 25555 | 10.0.0.0/16 |
The BOSH-deployed VMs Security Group must be named pcf-vms-security-group
and have the following inbound rules.
See Configure a Security Group for BOSH-Deployed VMs in Preparing to Deploy Tanzu Operations Manager on AWS.
Type | Protocol | Port Range | Source | |
---|---|---|---|---|
All traffic | All | 0 - 65535 | Custom IP | 10.0.0.0/16 |
Custom TCP rule | TCP | 2222 | Anywhere | 0.0.0.0/0 |
The Web ELB Security Group must be named pcf-web-elb-security-group
and have the following inbound rules.
See Configure a Security Group for the Web ELB in Preparing to Deploy Tanzu Operations Manager on AWS.
Type | Protocol | Port Range | Source | |
---|---|---|---|---|
Custom TCP rule | TCP | 4443 | Anywhere | 0.0.0.0/0 |
HTTP | TCP | 80 | Anywhere | 0.0.0.0/0 |
HTTPS | TCP | 443 | Anywhere | 0.0.0.0/0 |
The TCP ELB Security Group must be named pcf-tcp-elb-security-group
and have the following inbound rule.
See Configure a Security Group for the TCP ELB in Preparing to Deploy Tanzu Operations Manager on AWS.
Type | Protocol | Port Range | Source | |
---|---|---|---|---|
Custom TCP rule | TCP | 1024 - 1123 | Anywhere | 0.0.0.0/0 |
The TCP ELB Security Group must have the following outbound rule:
Type | Protocol | Port Range | Source | |
---|---|---|---|---|
All traffic | All | All | Anywhere | 0.0.0.0/0 |
The MySQL Security Group must be named pcf-mysql-security-group
and have the following inbound rule:
See Configure a Security Group for MySQL in Preparing to Deploy Tanzu Operations Manager on AWS.
Type | Protocol | Port Range | Source | |
---|---|---|---|---|
MySQL | TCP | 3306 | Custom IP | 10.0.0.0/16 |
The MySQL Security Group must have the following outbound rule.
Type | Protocol | Port Range | Destination | |
---|---|---|---|---|
All traffic | All | All | Custom IP | 10.0.0.0/16 |
On Broadcom Support portal, click Tanzu Operations Manager for AWS.
In the PDF that is downloaded, find the AMI ID.
Using the AMI ID, locate the Tanzu Operations Manager AMI.
See Step 1: Launch a Tanzu Operations Manager AMI in Deploying Tanzu Operations Manager on AWS.
The following sections describe the ELBs you must create from the EC2 Dashboard.
You must create a web ELB with the following configuration.
See Step 2: Create Web Load Balancer in Deploying Tanzu Operations Manager on AWS.
pcf-web-elb
pcf-vpc
pcf-public-subnet-az0
, pcf-public-subnet-az1
, pcf-public-subnet-az2
pcf-elb-security-group
/health
See Step 3: Create SSH Load Balancer in Deploying Tanzu Operations Manager on AWS.
pcf-ssh-elb
pcf-vpc
pcf-public-subnet-az0
, pcf-public-subnet-az1
, pcf-public-subnet-az2
pcf-ssh-security-group
See Step 4: Create TCP Load Balancer in Deploying Tanzu Operations Manager on AWS.
pcf-tcp-elb
pcf-vpc
pcf-public-subnet-az0
, pcf-public-subnet-az1
, pcf-public-subnet-az2
pcf-tcp-security-group
You must navigate to your DNS provider and create CNAME and A records for all three of your load balancers.
See Step 5: Configure DNS Records in Deploying Tanzu Operations Manager on AWS.
You must create a subnet group for RDS named pcf-rds-subnet-group
from the RDS Dashboard.
See Step 6: Create RDS Subnet Group in Deploying Tanzu Operations Manager on AWS.
You must create a MySQL database from the RDS Dashboard.
See Step 7: Create a MySQL Database using AWS RDS in Deploying Tanzu Operations Manager on AWS.