This topic tells you about the objects that can be created in Amazon Web Services (AWS) to deploy VMware Tanzu Operations Manager.
Use the information in this topic to determine the resource requirements of Tanzu Operations Manager on AWS, or to verify that you have created the correct resources after completing the procedures in Preparing to Deploy Tanzu Operations Manager on AWS and Deploying Tanzu Operations Manager on AWS.
S3 buckets
As part of the preparing to deploy process, you must create the following S3 buckets from the S3 Dashboard:
pcf-ops-manager-bucketpcf-buildpacks-bucketpcf-packages-bucketpcf-resources-bucketpcf-droplets-bucket
These buckets must be empty when you install or reinstall Tanzu Operations Manager.
See Create S3 Buckets in Preparing to Deploy Tanzu Operations Manager on AWS.
IAM role or user for Tanzu Operations Manager
You must create either an IAM role or an IAM user for Tanzu Operations Manager named pcf-user from the Identity and Access Management Dashboard, using the policy document included in Tanzu Operations Manager for AWS Policy Document.
See Create an IAM Role or User for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.
Key pair
You must generate a key pair named pcf-ops-manager-key. For more information about setting up a key pair, see Amazon EC2 Key Pairs in the AWS documentation.
VPC (public and private subnets)
You must create a VPC with public and private subnets from the VPC Dashboard.
See Create a VPC in Preparing to Deploy Tanzu Operations Manager on AWS.
The following table lists the subnets in CIDR block 10.0.0.0/16.
| Name | AZ | IPv4 CIDR block |
|---|---|---|
pcf-public-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.0.0/24 |
pcf-public-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.1.0/24 |
pcf-public-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.2.0/24 |
pcf-management-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.16.0/28 |
pcf-management-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.16.16/28 |
pcf-management-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.16.32/28 |
pcf-ert-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.4.0/24 |
pcf-ert-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.5.0/24 |
pcf-ert-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.6.0/24 |
pcf-services-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.8.0/24 |
pcf-services-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.9.0/24 |
pcf-services-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.10.0/24 |
pcf-rds-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.12.0/24 |
pcf-rds-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.13.0/24 |
pcf-rds-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.14.0/24 |
NAT Gateway
You must create a NAT Gateway when creating a VPC.
See Create a NAT Gateway in Preparing to Deploy Tanzu Operations Manager on AWS.
Security groups
The following sections describe the security groups you must create from the EC2 Dashboard.
Tanzu Operations Manager
The Tanzu Operations Manager Security Group must be named pcf-ops-manager-security-group and have the following inbound rules.
See Configure a Security Group for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.
| Type | Protocol | Port range | Source |
|---|---|---|---|
| HTTP | TCP | 80 | My IP |
| HTTPS | TCP | 443 | My IP |
| SSH | TCP | 22 | My IP |
| BOSH Agent | TCP | 6868 | 10.0.0.0/16 |
| BOSH Director | TCP | 25555 | 10.0.0.0/16 |
BOSH-deployed VMs
The BOSH-deployed VMs Security Group must be named pcf-vms-security-group and have the following inbound rules.
See Configure a Security Group for BOSH-Deployed VMs in Preparing to Deploy Tanzu Operations Manager on AWS.
| Type | Protocol | Port range | Source | |
|---|---|---|---|---|
| All traffic | All | 0 - 65535 | Custom IP | 10.0.0.0/16 |
| Custom TCP rule | TCP | 2222 | Anywhere | 0.0.0.0/0 |
Web ELB
The Web ELB Security Group must be named pcf-web-elb-security-group and have the following inbound rules.
See Configure a Security Group for the Web ELB in Preparing to Deploy Tanzu Operations Manager on AWS.
| Type | Protocol | Port range | Source | |
|---|---|---|---|---|
| Custom TCP rule | TCP | 4443 | Anywhere | 0.0.0.0/0 |
| HTTP | TCP | 80 | Anywhere | 0.0.0.0/0 |
| HTTPS | TCP | 443 | Anywhere | 0.0.0.0/0 |
TCP ELB
The TCP ELB Security Group must be named pcf-tcp-elb-security-group and have the following inbound rule.
See Configure a Security Group for the TCP ELB in Preparing to Deploy Tanzu Operations Manager on AWS.
| Type | Protocol | Port range | Source | |
|---|---|---|---|---|
| Custom TCP rule | TCP | 1024 - 1123 | Anywhere | 0.0.0.0/0 |
The TCP ELB Security Group must have the following outbound rule:
| Type | Protocol | Port range | Source | |
|---|---|---|---|---|
| All traffic | All | All | Anywhere | 0.0.0.0/0 |
MySQL
The MySQL Security Group must be named pcf-mysql-security-group and have the following inbound rule:
See Configure a Security Group for MySQL in Preparing to Deploy Tanzu Operations Manager on AWS.
| Type | Protocol | Port range | Source | |
|---|---|---|---|---|
| MySQL | TCP | 3306 | Custom IP | 10.0.0.0/16 |
The MySQL Security Group must have the following outbound rule.
| Type | Protocol | Port range | Destination | |
|---|---|---|---|---|
| All traffic | All | All | Custom IP | 10.0.0.0/16 |
Tanzu Operations Manager AMI
-
On the Broadcom Support portal, click Tanzu Operations Manager for AWS.
-
In the PDF that is downloaded, find the AMI ID.
-
Using the AMI ID, locate the Tanzu Operations Manager AMI.
See Step 1: Launch a Tanzu Operations Manager AMI in Deploying Tanzu Operations Manager on AWS.
ELBs
The following sections describe the ELBs you must create from the EC2 Dashboard.
Web ELB
You must create a web ELB with the following configuration.
See Step 2: Create Web Load Balancer in Deploying Tanzu Operations Manager on AWS.
- Name:
pcf-web-elb - LB Inside:
pcf-vpc - Selected Subnet:
pcf-public-subnet-az0,pcf-public-subnet-az1,pcf-public-subnet-az2 - Security Group:
pcf-elb-security-group - Health Check: TCP Port 8080, Path:
/health
SSH ELB
See Step 3: Create SSH Load Balancer in Deploying Tanzu Operations Manager on AWS.
- Name:
pcf-ssh-elb - LB Inside:
pcf-vpc - Selected Subnet:
pcf-public-subnet-az0,pcf-public-subnet-az1,pcf-public-subnet-az2 - Security Group:
pcf-ssh-security-group - Health Check: TCP Port 2222
TCP ELB
See Step 4: Create TCP Load Balancer in Deploying Tanzu Operations Manager on AWS.
- Name:
pcf-tcp-elb - LB Inside:
pcf-vpc - Selected Subnet:
pcf-public-subnet-az0,pcf-public-subnet-az1,pcf-public-subnet-az2 - Security Group:
pcf-tcp-security-group - Health Check: TCP Port 80
DNS configuration
You must go to your DNS provider and create CNAME and A records for all three of your load balancers.
See Step 5: Configure DNS Records in Deploying Tanzu Operations Manager on AWS.
RDS subnet group
You must create a subnet group for RDS named pcf-rds-subnet-group from the RDS Dashboard.
See Step 6: Create RDS Subnet Group in Deploying Tanzu Operations Manager on AWS.
MySQL database
You must create a MySQL database from the RDS Dashboard.
See Step 7: Create a MySQL Database using AWS RDS in Deploying Tanzu Operations Manager on AWS.
