EC2 and VPC Deployment Guide

Similar documents
Monitoring AWS VPCs with Flow Logs

Amazon Virtual Private Cloud. Getting Started Guide

CPM. Quick Start Guide V2.4.0

LINUX, WINDOWS(MCSE),

Using AWS Data Migration Service with RDS

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

Training on Amazon AWS Cloud Computing. Course Content

Amazon Virtual Private Cloud. User Guide API Version

AWS Integration Guide. Full documentation available at

EdgeConnect for Amazon Web Services (AWS)

ForeScout Amazon Web Services (AWS) Plugin

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Cloud Computing /AWS Course Content

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services

Enroll Now to Take online Course Contact: Demo video By Chandra sir

ThoughtSpot on AWS Quick Start Guide

Confluence Data Center on the AWS Cloud

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

Filters AWS CLI syntax, 43 Get methods, 43 Where-Object command, 43

Launching secure-by-default SLES on Amazon EC2 instances with Amazon Virtual Private Cloud (VPC)

Amazon Web Services Training. Training Topics:

SelectSurvey.NET AWS (Amazon Web Service) Integration

AWS Service Catalog. User Guide

CPM Quick Start Guide V2.2.0

Amazon Web Services (AWS) Training Course Content

Netflix OSS Spinnaker on the AWS Cloud

LB Cache Quick Start Guide v1.0

S U M M I T B e r l i n

Cisco Stealthwatch Cloud. Stealthwatch Cloud Free Trial Guide

lab Highly Available and Fault Tolerant Architecture for Web Applications inside a VPC V1.01 AWS Certified Solutions Architect Associate lab title

Tutorial 1. Account Registration

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

NGF0502 AWS Student Slides

Introduction to cloud computing

From there, navigate to the Policies option and select the Create Policy button at the top:

High School Technology Services myhsts.org Certification Courses

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

AWS Glue. Developer Guide

AWS Solution Architect Associate

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 2.0 May

CloudHealth. AWS and Azure On-Boarding

Configuring AWS for Zerto Virtual Replication

HashiCorp Vault on the AWS Cloud

Creating your Virtual Data Centre

AWS Remote Access VPC Bundle

Introduction to Cloud Computing

Swift Web Applications on the AWS Cloud

JIRA Software and JIRA Service Desk Data Center on the AWS Cloud

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

AWS plug-in. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

Cloudera s Enterprise Data Hub on the AWS Cloud

AWS_SOA-C00 Exam. Volume: 758 Questions

Pexip Infinity and Amazon Web Services Deployment Guide

OnCommand Cloud Manager 3.2 Getting Up and Running

Remote Desktop Gateway on the AWS Cloud

MyIGW Main. Oregon. MyVPC /16. MySecurityGroup / us-west-2b. Type Port Source SSH /0 HTTP

Emulating Lambda to speed up development. Kevin Epstein CTO CorpInfo AWS Premier Partner

Immersion Day. Getting Started with Amazon RDS. Rev

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

Move Amazon RDS MySQL Databases to Amazon VPC using Amazon EC2 ClassicLink and Read Replicas

Cisco Stealthwatch Cloud. Private Network Monitoring Advanced Configuration Guide

25 Best Practice Tips for architecting Amazon VPC

Community Edition Getting Started Guide. July 25, 2018

PCoIP Connection Manager for Amazon WorkSpaces

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

TestkingPass. Reliable test dumps & stable pass king & valid test questions

AWS Solution Architect (AWS SA)

Standardized Architecture for PCI DSS on the AWS Cloud

Deploy the Firepower Management Center Virtual On the AWS Cloud

Amazon Web Services Hands On S3 January, 2012

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

DenyAll WAF User guide for AWS

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

Load Balancing FreePBX / Asterisk in AWS

Sputnik Installation and Configuration Guide

Eucalyptus User Console Guide

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Configuring a Palo Alto Firewall in AWS

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Installation and User Guide

AWS Well Architected Framework

Amazon Web Services Hands- On VPC

ArcGIS 10.3 Server on Amazon Web Services

Amazon Virtual Private Cloud. VPC Peering

Creating a Yubikey MFA Service in AWS

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

PVS Deployment in the Cloud. Last Updated: June 17, 2016

Pexip Infinity and Amazon Web Services Deployment Guide

Amazon Web Services Course Outline

Monitoring Serverless Architectures in AWS

Securing Microservices Containerized Security in AWS

Hackproof Your Cloud Responding to 2016 Threats

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Eucalyptus User Console Guide

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

WAF on AWS Deployment Kit. On Demand. Configuration Guide

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

Qualys Release Notes

Transcription:

EC2 and VPC Deployment Guide

Introduction This document describes how to set up Amazon EC2 instances and Amazon VPCs for monitoring with the Observable Networks service. Before starting, you'll need: An Amazon AWS account A trial account with Observable Networks

Deployment options When using an Amazon VPC, you may do one or both of the following: Monitor the VPC with flow logs, which requires no additional software to be installed on the EC2 instances Monitor each EC2 instance by installing the ONA software package. For EC2 instances that aren't inside a VPC, you may: Monitor each instance by installing the ONA software package.

VPC flow logs Amazon VPCs can capture and log data about IP traffic to, from, and within your VPC. Observable Networks can use these flow logs for endpoint modeling. Follow the steps below to set up VPC flow log monitoring: 1. Enable VPC flow logs by following instructions in the AWS Documentation. Make a note of the CloudWatch logs group you select. 2. Follow the Create a security policy instructions below. 3. Follow the Create a new role instructions below. 4. Follow the Observable Networks web portal instructions below.

EC2 instance monitoring If you're not using a VPC you can monitor your EC2 instances by installing the Observable Networks Appliance (ONA) software. Follow the steps below to set up an EC2 instance with the ONA package: 1. Follow the Create a security policy instructions below. 2. Follow the Create a new role instructions below. 3. Follow the Observable Networks web portal instructions below. 4. Follow the Installing the ONA software instructions below.

Create a security policy The security policy document below allows Observable Networks read-only access to descriptions of cloud resources and logging data. From the IAM console create your own policy with: Policy name: obsrvbl_policy Description: This permits Observable Networks access to necessary AWS resources. Document: See the sample on the next page.

Security policy document A text version of the policy document at right is available at this link. You may remove permissions for services you don't use. obsrvbl_policy { } "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:describeregions", "ec2:describeinstances", "elasticache:describecacheclusters", "rds:describedbinstances", "redshift:describeclusters" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "logs:describelogstreams", "logs:getlogevents" ], "Effect": "Allow", "Resource": "*" } ]

Create a new role From the IAM console create a new role with: Role name: obsrvbl_role Role type: Cross-Account Access (Allow IAM user from 3rd party AWS accounts) Establish trust: Account ID: 757972810156 External ID: Use the name of your Observable Networks web portal (the x in x.obsrvbl.com) Require MFA: Leave un-checked Attach policy: Select the obsrvbl_policy from above. After creating the role, make a note of the Role ARN.

Observable Networks web portal Log in to your Observable Networks web portal to configure it to query your AWS resources: Click on the Settings icon. Select the AWS tab. Select the Credentials tab and enter the Role ARN from above. If you're enabling VPC Flow Logs, select the VPC Flow Logs tab and enter the CloudWatch group you set up. If there is a problem with the credentials or log groups you will get an error message after entering them.

Installing the ONA software The links at right are for the latest version of the ONA service for the given platform. Make a note of which one matches your target insance. Contact support@obsrvbl.com if you need to use a different platform. After selecting a package, follow the Launching instances and Enable outbound communication steps below. Ubuntu 12.04 or 14.04: ona-service_ubuntuprecise_amd64.deb RHEL 6.x, including AMI 2015.03: ona_service_rhel_6_amd64.rpm RHEL 7.x: ona_service_rhel_7_amd64.rpm

Launching instances Once you've chosen an ONA software package, you may launch an EC2 instance that uses it. You will need an Observable service key, which is available from your Observable Networks web portal (on the Settings page under the Sensors tab). You may use your normal deployment process to add the package and configure it. You may also use a user-data script see below for a template: #!/bin/bash wget https://s3.amazonaws.com/onstatic/ona-service/master/package_name_goes_here #.deb installation - for Ubuntu images # dpkg -i PACKAGE_NAME_GOES_HERE #.rpm installation - for Amazon Linux and RHEL images # rpm -i PACKAGE_NAME_GOES HERE # Configuration - enter your service key and optionally configure an HTTPS proxy /bin/echo "OBSRVBL_SERVICE_KEY='YOUR_SERVICE_KEY'" >> /opt/obsrvbl-ona/config.local # /bin/echo "HTTPS_PROXY='https://PROXY_IP:PROXY_PORT'" >> /opt/obsrvbl-ona/config.local # Reload with new configuration /bin/kill -TERM $(cat /tmp/ona-supervisord.pid)

Enable outbound communication If your EC2 instances already have Internet access, you may skip this step. If you're running in a VPC, you will need to allow the EC2 hosts with the ONA service to communicate with Observable Networks. If you use a NAT instance in your VPC for Internet access, you'll need to allow HTTPS (TCP port 443) inbound from the Private Subnet's security group. See Amazon's documentation for instructions. If you use bastion hosts for Internet access, you'll need to run a proxy server (like squid). Make sure to un-comment the HTTPS_PROXY variable in the user-data script for each EC2 instance.

Finishing up If everything is set up properly, you'll be able to see sensor data on the Observable web portal (on the Settings page under the Sensors tab). If you have questions or problems with setting things up, please e- mail support@obsrvbl.com for help.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback