Pre-Installation Setup for Amazon Web Services > Prerequisites for Adding Data Collectors (Amazon Web Services)
  
Version 10.3.00P13
Prerequisites for Adding Data Collectors (Amazon Web Services)
1. Identify a server where the Data Collector software will be installed. Server requirements include:
64-bit OS. See the APTARE IT Analytics Certified Configurations Guide for supported operating systems.
Support Java Runtime Environment (JRE) 10.0.2.
For performance reasons, APTARE recommends that you do not install Data Collectors on the same server as the APTARE IT Analytics Portal. However, if you must have both on the same server, verify that the Portal and Data Collector software do not reside in the same directory.
Install only one Data Collector on a server (or OS instance).
Prerequisite Amazon Web Services (AWS) Configurations
The Amazon Web Services Data Collector can collect from the following AWS entities:
S3 Bucket (Details and Usage) - Simple Storage Service (S3) for storage in the cloud
EC2 Details - Elastic Cloud Compute (EC2) for computing services, much like virtual servers
Billing Records - Usage and corresponding charges, by service
For additional information about the type of data that is collected, see the Data Collector Policy configuration in Add an Amazon Web Services (AWS) Policy.
Note: Due to limitations on API request rates, multiple simultaneous processes may interfere with collection. Multiple Amazon Web Services (AWS) Data Collection processes as well as other AWS scripts should not be scheduled for the same period.
The following steps must be taken in Amazon Web Services (AWS) before a Data Collector can gain read-only access to retrieve data.
1. Configure an S3 Bucket to Receive Billing Reports
2. Select Cost Allocation Tags
3. Create an AWS IAM User and Generate Access Keys
4. Link AWS Accounts for Collection of Consolidated Billing Data
The following steps must be taken on the APTARE IT Analytics Portal and Data Collector Servers.
1. Installation Overview (Amazon Web Services - AWS)
2. Add an Amazon Web Services (AWS) Policy
Configure an S3 Bucket to Receive Billing Reports
In Amazon Web Services (AWS), an S3 Bucket (Simple Storage Service Bucket) must be configured to receive billing reports with resources and tags.
1. Create an S3 bucket to collect billing records that will be accessed by the AWS Data Collector.
2. In the AWS Billing and Cost Management Preferences, configure the S3 bucket to Receive Billing Records.
3. Copy the text from the AWS-provided sample policy.
This policy sets the permissions that enable AWS billing to create billing record files in the S3 bucket.
4. In the S3 bucket properties, add a bucket policy by pasting the sample into the policy.
5. Verify the S3 bucket.
6. Go to the next step: Select Cost Allocation Tags.
Select Cost Allocation Tags
The Amazon Web Services (AWS) Data Collector requires a Detailed Billing Report with Resources and Tags.
1. Ensure that you have taken the steps described in Configure an S3 Bucket to Receive Billing Reports.
2. Once an S3 bucket is verified, select Detailed billing report with resources and tags and save the bucket’s preferences.
This is the only AWS report that is required by the Data Collector.
3. Select Cost Allocation Tags that have been assigned to your AWS resources so that they appear in the billing report and also so that they will be collected by the Data Collector. Tags are user-defined and enable groupings and totals for billing and reporting.
User-defined tags are used for collection of EC2 and S3 resources. These tags are required for cost allocation reporting of the total cost of EC2 instances and S3 buckets.
Note: Amazon Web Services generates a report once or more daily, with additions made daily over the month. Therefore, it may take up to 24 hours until a billing records file appears in the S3 bucket that is being collected by the APTARE IT Analytics Data Collector.
4. Go to the next step: Create an AWS IAM User.
Create an AWS IAM User
Data collection requires an Amazon Web Services (AWS) Identity and Access Management (IAM) user with restricted permissions. This user must have read-only permission to collect billing records from the S3 bucket and also to access the AWS API methods to retrieve data about EC2 resources and any S3 bucket. See also, Link AWS Accounts for Collection of Consolidated Billing Data.
1. In Amazon Web Services IAM Management Console, create an IAM user, specifically for use by the APTARE IT Analytics Data Collector.
a Click Users > Create New Users > enter a user name.
b Ensure that Generate an access key for each user is selected.
This configuration results in the following security credentials: Access Key ID and Secret Access Key.
2. Download the credentials, which you will need later when configuring a Data Collector Policy.
These credentials are required when configuring the APTARE IT Analytics AWS Data Collector Policy. The access key and secret access key will be used by the Data Collector to make read-only requests to AWS APIs.
3. In the IAM window, select the IAM User you just created and grant permissions by attaching the AWS-supplied ReadOnlyAccess policy.
This read-only policy allows the Data Collector to retrieve data about EC2 resources and S3 buckets.
4. If you prefer to create a customer AWS policy, for example, to restrict access to buckets with sensitive data. See Example of a Custom AWS Policy for APTARE IT Analytics AWS Collection.
5. If you want to link AWS accounts, go to Link AWS Accounts for Collection of Consolidated Billing Data.
Example of a Custom AWS Policy for APTARE IT Analytics AWS Collection
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::[Billing Bucket Name]",
"arn:aws:s3:::[Billing Bucket Name]/*"
]
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeHosts",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"iam:GetAccountAuthorizationDetails",
"iam:GetUser",
"iam:ListAccountAliases",
"s3:GetBucketLocation",
"s3:GetBucketLifecycleConfiguration",
"s3:GetBucketLoggingConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketReplicationConfiguration",
"s3:GetBucketTaggingConfiguration",
"s3:GetBucketVersioningConfiguration",
"s3:HeadBucket",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": "*"
}
]
}