Documentation forSolarWinds Platform Self-Hosted

Configure AWS accounts for cloud monitoring

This topic applies only to the following products:

SolarWinds Observability Self-Hosted

IPAMNAMSAMVMAN

To monitor an AWS instance with the SolarWinds Platform, you need to:

Consult your system administrator and refer to Amazon AWS documentation for details.

Establish AWS IAM permissions

To interact with the SolarWinds Platform, an AWS account must be able to retrieve CloudWatch metrics from various resources. Use this section as a reference for specific permissions.

Although you can embed inline policies to set permissions, SolarWinds recommends attaching an IAM policy to an account so JSON code can be used to permit or restrict user actions.

Each AWS account requires the following resource-level permissions:

  • ec2:DescribeInstances
  • ec2:DescribeAddresses
  • ec2:DescribeVolumes
  • ec2:DescribeVolumeStatus
  • ec2:DescribeVpcs
  • ec2:DescribeVpnGateways
  • ec2:DescribeVpnConnections
  • ec2:DescribeRegions
  • cloudwatch:GetMetricStatistics
  • autoscaling:DescribeAutoScalingInstances

To define actions that can be performed against an instance, add the following permissions:

  • ec2:StartInstances
  • ec2:StopInstances
  • ec2:RebootInstances
  • ec2:TerminateInstances

To poll Amazon RDS data, add the following permissions:

  • cloudwatch:GetMetricData
  • rds:DescribeDBInstances

The following JSON code provides standard access to a SolarWinds Platform user:

{
	"Version": "2012-10-17",
	"Statement": [{	
		"Effect": "Allow",
		"Action": [
		"ec2:DescribeInstances",
		"ec2:DescribeAddresses",
		"ec2:DescribeVolumes", 
		"ec2:DescribeVolumeStatus",
		"ec2:DescribeVpcs",
		"ec2:DescribeVpnGateways",
		"ec2:DescribeVpnConnections",
		"ec2:DescribeRegions",
		"cloudwatch:GetMetricStatistics",
		"autoscaling:DescribeAutoScalingInstances"
	],
	"Resource": "*"
    }
  ]
} 

Create an IAM policy and attach it to an account

Create the IAM policy in your AWS Management Console. See Creating IAM policies and Create and attach a policy to a user in Amazon AWS documentation for details.

To enter policies in a policy editor, add the following permission statements to the Policy Document:

{
    "Version": "2012-10-17",
    "Statement": [{    
        "Effect": "Allow",
        "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeAddresses",
        "ec2:DescribeVolumes", 
        "ec2:DescribeVolumeStatus",
        "ec2:DescribeVpcs",
        "ec2:DescribeVpnGateways",
        "ec2:DescribeVpnConnections",
        "ec2:DescribeRegions",
        "cloudwatch:GetMetricStatistics",
        "autoscaling:DescribeAutoScalingInstances",
        "ec2:StopInstances", 
        "ec2:StartInstances",
        "ec2:RebootInstances", 
        "ec2:TerminateInstances"
    ],
    "Resource": "*"
    }
  ]
}