UIM - AWS probe ports / connection / permissions and version
search cancel

UIM - AWS probe ports / connection / permissions and version

book

Article ID: 217820

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

Would like to know more details about AWS probe regarding the ports, connection, permission, and supported AWS version.

Environment

  • Release: DX UIM 20.4 and later 
  • Component: UIM - AWS

Resolution

Regarding AWS ports, you must specify the port with help from your AWS administrator:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/monitoring/clouds-containers-and-virtualization/aws-amazon-web-services-monitoring/aws-ac-configuration.html

Under the Proxy Settings section, complete the following field information to connect to the AWS cloud through a proxy server.


Enable Proxy: allows you to use a proxy server for connecting to the AWS cloud.

IP: specifies the IP address or the DNS resolvable hostname of the proxy server. ( Your Proxy Server)


Port: specifies the port that you are using in your proxy server through which the connection to AWS CloudWatch is established.


Username: defines the user name for accessing your proxy server.

For more information, see the Installation Prerequisites section in AWS (Amazon Web Services Monitoring) Release Notes.
The AWS probe is certified for use in the Squid proxy environment.
Password: defines the password for the specified Username.

We support all AWS instance versions, but please refer to the requirements:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/monitoring/clouds-containers-and-virtualization/aws-amazon-web-services-monitoring/aws-amazon-web-services-monitoring-release-notes.html 

If you need details about the user requirements, please review:

Policies that may need to be enabled in AWS for the user associated with the configured Access Key Id in the AWS probe configuration file:

The following policies should be checked:

- AmazonReadOnlyAccess ***
- AmazonDynamoDBReadOnlyAccess
- AmazonEC2ReadOnlyAccess
- AmazonElastiCacheReadOnlyAccess
- AmazonRDSReadOnlyAccess
- AmazonRoute53ReadOnlyAccess
- AmazonS3ReadOnlyAccess *** (Note: The probe requires the AmazonS3FullAccess *** policy to monitor S3 Write performance)
- AmazonSNSReadOnlyAccess
- AmazonSQSReadOnlyAccess

AWS service account for IAM policy requirements:

Auto Scaling
EC2
EBS
DynamoDB
ELB
ECS
Route 53
RDS
S3
SNS
SQS
ElastiCache
LAMBDA
VPC


To monitor root account billing details, in addition to ReadOnly access for CloudWatch service the probe requires the following policies:

- AWSAccountUsageReportAccess ***
- AWSAccountActivityAccess ***

To monitor EC2 containers:

- AmazonEC2ContainerServiceFullAccess

If the following policies exist, these should also be checked:

- AmazonECSReadOnlyAccess
- AmazonLambdaReadOnlyAccess

Powered by Wolken Software