Configure AWS accounts for cloud monitoring

To monitor an AWS instance with the SolarWinds Platform, you need to:

• Configure Identity and Access Management Permissions (IAM) in the AWS Management Console. These permissions allow the SolarWinds Platform access to status and other metrics for AWS instances.
• Configure IAM policies and assign them to the AWS account. The policies define that you can integrate the AWS cloud service with the SolarWinds Platform.

Consult your system administrator and refer to Amazon AWS documentation for details.

Establish AWS IAM permissions

To interact with the SolarWinds Platform, an AWS account must be able to retrieve CloudWatch metrics from various resources. Use this section as a reference for specific permissions.

Although you can embed inline policies to set permissions, SolarWinds recommends attaching an IAM policy to an account so JSON code can be used to permit or restrict user actions.

Required for	Permissions	Description
Basic permissions	ec2:DescribeInstances ec2:DescribeAddresses ec2:DescribeVolumes ec2:DescribeVolumeStatus ec2:DescribeVpcs ec2:DescribeVpnGateways ec2:DescribeVpnConnections ec2:DescribeRegions cloudwatch:GetMetricStatistics autoscaling:DescribeAutoScalingInstances	These resource-level permissions are required for each AWS account for cloud monitoring in SolarWinds Platform Self-Hosted.
Instance actions	ec2:StartInstances ec2:StopInstances ec2:RebootInstances ec2:TerminateInstances	Required for the user to define actions that can be performed against an instance.
Amazon RDS	cloudwatch:GetMetricData rds:DescribeDBInstances	Required for monitoring Amazon RDS.
AWS Direct Connect	directconnect:DescribeConnections	Required for monitoring AWS Direct Connect connections.
Amazon S3 Bucket	s3:ListBucket s3express:ListAllMyDirectoryBuckets	Required for monitoring Amazon S3 buckets.
Elastic Load Balancing (ELB)	elasticloadbalancing:DescribeLoadBalancers elasticloadbalancing:DescribeTargetGroups elasticloadbalancing:DescribeListeners	Required for monitoring the Elastic Load Balancing service.
Amazon DynamoDB	dynamodb:ListTables dynamodb:DescribeTable	Required for monitoring Amazon DynamoDB data.

Example JSON with standard access

The following JSON code provides standard access to a SolarWinds Platform user.

To monitor additional resources, assign the required permissions. For details, see Establish AWS IAM permissions.

{
	"Version": "2012-10-17",
	"Statement": [{	
		"Effect": "Allow",
		"Action": [
		"ec2:DescribeInstances",
		"ec2:DescribeAddresses",
		"ec2:DescribeVolumes", 
		"ec2:DescribeVolumeStatus",
		"ec2:DescribeVpcs",
		"ec2:DescribeVpnGateways",
		"ec2:DescribeVpnConnections",
		"ec2:DescribeRegions",
		"cloudwatch:GetMetricStatistics",
		"autoscaling:DescribeAutoScalingInstances"
	],
	"Resource": "*"
    }
  ]
} 

Create an IAM policy and attach it to an account

Create the IAM policy in your AWS Management Console. See Creating IAM policies and Create and attach a policy to a user in Amazon AWS documentation for details.

To enter policies in a policy editor, add the following permission statements to the Policy Document:

{
    "Version": "2012-10-17",
    "Statement": [{    
        "Effect": "Allow",
        "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeAddresses",
        "ec2:DescribeVolumes", 
        "ec2:DescribeVolumeStatus",
        "ec2:DescribeVpcs",
        "ec2:DescribeVpnGateways",
        "ec2:DescribeVpnConnections",
        "ec2:DescribeRegions",
        "cloudwatch:GetMetricStatistics",
        "autoscaling:DescribeAutoScalingInstances",
        "ec2:StopInstances", 
        "ec2:StartInstances",
        "ec2:RebootInstances", 
        "ec2:TerminateInstances"
    ],
    "Resource": "*"
    }
  ]
}