AWSvRealize

Monitoring AWS Services with VMware vRealize Operations 8.1

vROps 8.1 introduces improved native Cloud monitoring and management with:

  • VMware Cloud on AWS
  • Amazon AWS
  • Google Cloud Platform
  • Microsoft Azure

You can read more about the enhancements that come with vRealize Operations Manager 8.1 in my last post: vRealize Operations Manager (vROps) 8.1 – A True Multi-Cloud Management Platform

In this post, we will explore the integration between vROps 8.1 and AWS’s Core services

AWS Integration with VMware Operations Manager 8.1

When you log in to the vROps UI, you’ll see under Administration > Solutions > Repository that there are Native Management packs for the monitoring of many solutions.

The one we are looking at today is called the VMware AWS Management Pack

Selecting the 3 vertical dots & View Content lets us explore what the management pack can do for us.

you will notice that there are 100 views and 23 dashboards at present. That’s quite a feature-rich management pack!

If you expand out some of the content, you’ll start to see some of the AWS object types/services which can be managed by vROps 8.1

AWS Services which Operations Manager 8.1 can manage include:

Setting up the AWS Management Pack

Now that we have explored some of the capabilities of the management pack, let’s get it setup.

The management pack is native to Operations Manager 8.1, so we don’t need to install or enable anything here.

The first thing to do is to create your AWS policy, user & access keys.

Create an AWS IAM Policy

The IAM Policy gets assigned to an AWS user account and determines which services and permissions the user can access within your AWS account.

  • Login to your AWS Console
  • Open the IAM page: https://console.aws.amazon.com/iam/home
  • Under Access Management, select Policies
  • Create Policy
  • Referencing the VMware Documentation, select the service and actions for each service which you want VROPS to have access to
  • Some of the Services require you to also specify the instance or all instances too
  • After each service is complete, select the Add Additional Permissions link to add the next service

To save time, if you only use CloudWatch, EC2, RDS and S3 then you can use the JSON below instead of the Virtual Editor.

Ensure that it contains the right policy configurations for your environment before using it.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"s3:GetBucketTagging",
"ec2:DescribeRegions",
"ec2:DescribeVolumes",
"cloudwatch:DescribeAlarms",
"rds:DescribeDBInstances",
"s3:ListBucket",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource": "*"
}
]
}
  • Once complete, select Review Policy
  • Name the policy, for example: vrops-8.1
  • Select Create Policy

Creating the AWS User for vROps

  • Open IAM again
  • Add User
  • Give the user a name, such as: vrops-81
  • Enable Programmatic Access
  • You do not need to enable console access
  • Select Attach existing policies directly
  • Search for the policy we created earlier

  • Select Next: Tags
  • Assign a tag to the user if required
  • Then select Next: Review
  • Create User

Now the user is created, make a note of the Access Key ID and Secret access key before closing the page

Creating the AWS credential within vROps

Now we have created the AWS account with the correct credentials, we need to create the credential in AWS, so that vROps can access the AWS account.

  • Log into your vROps instance
  • Navigate to: Administration > Solutions > Cloud Accounts > AWS
  • Complete the fields.
  • For the credential, paste the Access Key and Secret Key created earlier.

You don’t need to enter any proxy information unless you use one

  • After entering the Credential Information, open the Advanced Settings
  • Here you can limit vROps to only import data from certain AWS services and Regions. By default, it will use all available services and regions
  • Finally, use the Validate Connection button to test the connection to AWS
  • If everything goes well, you should see that the test is reported as successful
  • Hit the Add button to save and continue

Review the objects, alerts and dashboards

After 15 minutes, vROps should have finished the initial collection of the objects within your AWS account.

You can view the objects which are imported via Environment > VMware AWS Management Pack > All Objects

Once data is pulling into vROps correctly, check the new dashboards, alerts and other vROps objects throughout the system and start to manage your AWS environment alongside your vSphere and other VMware solutions!

 

Leave a Response