aws probe ports / connection / permissions and version
search cancel

aws probe ports / connection / permissions and version

book

Article ID: 217820

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Would like to know more details about aws probe regarding the ports, connection, permission and supported AWS version.

Environment

  • Release: DX UIM 9.2.0
  • Component: UIM - AWS

Resolution

Regarding aws ports, basically you must specify the port with help from your AWS administrator:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/aws-amazon-web-services-monitoring/aws-ac-configuration.html

Under the Proxy Settings section, complete the following field information to connect to the aws cloud through a proxy server.


Enable Proxy: allows you to use a proxy server for connecting to the aws cloud.

IP: specifies the IP address or the DNS resolvable hostname of the proxy server. ( Your proxy Server)


Port: specifies the port that you are using in your proxy server through which the connection to AWS CloudWatch is established.


Username: defines the user name for accessing your proxy server.

For more information, see the Installation Prerequisites section in aws (Amazon Web Services Monitoring) Release Notes.
The aws probe is certified for use in Squid proxy environment.
Password: defines the password for the specified Username.

We support all AWS instances version, but please refer to the requirements:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/aws-amazon-web-services-monitoring/aws-amazon-web-services-monitoring-release-notes.html#concept.dita_7b66f137d2d86ebb0cb8023da01a666b53a45148_ProbeSpecificSoftwareRequirements

If you need details about the user requirements, please review:

Policies that may need to be enabled in AWS for the user associated with the configured Access Key Id in the aws probe configureation file:

The following policies should be checked:

- AmazonReadOnlyAccess ***
- AmazonDynamoDBReadOnlyAccess
- AmazonEC2ReadOnlyAccess
- AmazonElastiCacheReadOnlyAccess
- AmazonRDSReadOnlyAccess
- AmazonRoute53ReadOnlyAccess
- AmazonS3ReadOnlyAccess *** (Note: The probe requires the AmazonS3FullAccess *** policy to monitor S3 Write performance)
- AmazonSNSReadOnlyAccess
- AmazonSQSReadOnlyAccess

To monitor root account billing details, in addition to ReadOnly access for CloudWatch service the probe requires the following policies:

- AWSAccountUsageReportAccess ***
- AWSAccountActivityAccess ***

To monitor EC2 containers:

- AmazonEC2ContainerServiceFullAccess

If the following policies exist, these should also be checked:

- AmazonECSReadOnlyAccess
- AmazonLambdaReadOnlyAccess

Powered by Wolken Software