This topic tells you about the objects that can be created in Amazon Web Services (AWS) to deploy VMware Tanzu Operations Manager.

Use the information in this topic to determine the resource requirements of Tanzu Operations Manager on AWS, or to verify that you have created the correct resources after completing the procedures in Preparing to Deploy Tanzu Operations Manager on AWS and Deploying Tanzu Operations Manager on AWS.

S3 buckets

As part of the preparing to deploy process, you must create the following S3 buckets from the S3 Dashboard:

  • pcf-ops-manager-bucket
  • pcf-buildpacks-bucket
  • pcf-packages-bucket
  • pcf-resources-bucket
  • pcf-droplets-bucket

These buckets must be empty when you install or reinstall Tanzu Operations Manager.

See Create S3 Buckets in Preparing to Deploy Tanzu Operations Manager on AWS.

IAM role or user for Tanzu Operations Manager

You must create either an IAM role or an IAM user for Tanzu Operations Manager named pcf-user from the Identity and Access Management Dashboard, using the policy document included in Tanzu Operations Manager for AWS Policy Document.

See Create an IAM Role or User for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.

Key pair

You must generate a key pair named pcf-ops-manager-key. For more information about setting up a key pair, see Amazon EC2 Key Pairs in the AWS documentation.

VPC (public and private subnets)

You must create a VPC with public and private subnets from the VPC Dashboard.

See Create a VPC in Preparing to Deploy Tanzu Operations Manager on AWS.

The following table lists the subnets in CIDR block 10.0.0.0/16.

Name AZ IPv4 CIDR block
pcf-public-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.0.0/24
pcf-public-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.1.0/24
pcf-public-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.2.0/24
pcf-management-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.16.0/28
pcf-management-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.16.16/28
pcf-management-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.16.32/28
pcf-ert-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.4.0/24
pcf-ert-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.5.0/24
pcf-ert-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.6.0/24
pcf-services-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.8.0/24
pcf-services-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.9.0/24
pcf-services-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.10.0/24
pcf-rds-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.12.0/24
pcf-rds-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.13.0/24
pcf-rds-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.14.0/24

NAT Gateway

You must create a NAT Gateway when creating a VPC.

See Create a NAT Gateway in Preparing to Deploy Tanzu Operations Manager on AWS.

Security groups

The following sections describe the security groups you must create from the EC2 Dashboard.

Tanzu Operations Manager

The Tanzu Operations Manager Security Group must be named pcf-ops-manager-security-group and have the following inbound rules.

See Configure a Security Group for Tanzu Operations Manager in Preparing to Deploy Tanzu Operations Manager on AWS.

Type Protocol Port range Source
HTTP TCP 80 My IP
HTTPS TCP 443 My IP
SSH TCP 22 My IP
BOSH Agent TCP 6868 10.0.0.0/16
BOSH Director TCP 25555 10.0.0.0/16

BOSH-deployed VMs

The BOSH-deployed VMs Security Group must be named pcf-vms-security-group and have the following inbound rules.

See Configure a Security Group for BOSH-Deployed VMs in Preparing to Deploy Tanzu Operations Manager on AWS.

Type Protocol Port range Source
All traffic All 0 - 65535 Custom IP 10.0.0.0/16
Custom TCP rule TCP 2222 Anywhere 0.0.0.0/0

Web ELB

The Web ELB Security Group must be named pcf-web-elb-security-group and have the following inbound rules.

See Configure a Security Group for the Web ELB in Preparing to Deploy Tanzu Operations Manager on AWS.

Type Protocol Port range Source
Custom TCP rule TCP 4443 Anywhere 0.0.0.0/0
HTTP TCP 80 Anywhere 0.0.0.0/0
HTTPS TCP 443 Anywhere 0.0.0.0/0

TCP ELB

The TCP ELB Security Group must be named pcf-tcp-elb-security-group and have the following inbound rule.

See Configure a Security Group for the TCP ELB in Preparing to Deploy Tanzu Operations Manager on AWS.

Type Protocol Port range Source
Custom TCP rule TCP 1024 - 1123 Anywhere 0.0.0.0/0

The TCP ELB Security Group must have the following outbound rule:

Type Protocol Port range Source
All traffic All All Anywhere 0.0.0.0/0

MySQL

The MySQL Security Group must be named pcf-mysql-security-group and have the following inbound rule:

See Configure a Security Group for MySQL in Preparing to Deploy Tanzu Operations Manager on AWS.

Type Protocol Port range Source
MySQL TCP 3306 Custom IP 10.0.0.0/16

The MySQL Security Group must have the following outbound rule.

Type Protocol Port range Destination
All traffic All All Custom IP 10.0.0.0/16

Tanzu Operations Manager AMI

  1. On the Broadcom Support portal, click Tanzu Operations Manager for AWS.

  2. In the PDF that is downloaded, find the AMI ID.

  3. Using the AMI ID, locate the Tanzu Operations Manager AMI.

See Step 1: Launch a Tanzu Operations Manager AMI in Deploying Tanzu Operations Manager on AWS.

ELBs

The following sections describe the ELBs you must create from the EC2 Dashboard.

Web ELB

You must create a web ELB with the following configuration.

See Step 2: Create Web Load Balancer in Deploying Tanzu Operations Manager on AWS.

  • Name: pcf-web-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-elb-security-group
  • Health Check: TCP Port 8080, Path: /health

SSH ELB

See Step 3: Create SSH Load Balancer in Deploying Tanzu Operations Manager on AWS.

  • Name: pcf-ssh-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-ssh-security-group
  • Health Check: TCP Port 2222

TCP ELB

See Step 4: Create TCP Load Balancer in Deploying Tanzu Operations Manager on AWS.

  • Name: pcf-tcp-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-tcp-security-group
  • Health Check: TCP Port 80

DNS configuration

You must go to your DNS provider and create CNAME and A records for all three of your load balancers.

See Step 5: Configure DNS Records in Deploying Tanzu Operations Manager on AWS.

RDS subnet group

You must create a subnet group for RDS named pcf-rds-subnet-group from the RDS Dashboard.

See Step 6: Create RDS Subnet Group in Deploying Tanzu Operations Manager on AWS.

MySQL database

You must create a MySQL database from the RDS Dashboard.

See Step 7: Create a MySQL Database using AWS RDS in Deploying Tanzu Operations Manager on AWS.

check-circle-line exclamation-circle-line close-line
Scroll to top icon