Configure AWS accounts for cloud monitoring

To monitor an AWS instance with the SolarWinds Platform, you need to:

• Configure Identity and Access Management Permissions (IAM) in the AWS Management Console. These permissions allow the SolarWinds Platform access to status and other metrics for AWS instances.
• Configure IAM policies and assign them to the AWS account. The policies define that you can integrate the AWS cloud service with the SolarWinds Platform.

Consult your system administrator and refer to AWS documentation for details (© 2019 Amazon Web Services, Inc., available at https://docs.aws.amazon.com, obtained on January 21, 2019).

Establish AWS IAM permissions

To interact with the SolarWinds Platform, an AWS account must be able to retrieve CloudWatch metrics from various resources. Use this section as a reference for specific permissions.

Although you can embed inline policies to set permissions, SolarWinds recommends attaching an IAM policy to an account so JSON code can be used to permit or restrict user actions.

Each AWS account requires the following resource-level permissions:

• ec2:DescribeInstances
• ec2:DescribeAddresses
• ec2:DescribeVolumes
• ec2:DescribeVolumeStatus
• ec2:DescribeVpcs
• ec2:DescribeVpnGateways
• ec2:DescribeVpnConnections
• ec2:DescribeRegions
• cloudwatch:GetMetricStatistics
• autoscaling:DescribeAutoScalingInstances

To define actions that can be performed against an instance, add the following permissions:

• ec2:StartInstances
• ec2:StopInstances
• ec2:RebootInstances
• ec2:TerminateInstances

The following JSON code provides standard access to a SolarWinds Platform user:

{
	"Version": "2012-10-17",
	"Statement": [{	
		"Effect": "Allow",
		"Action": [
		"ec2:DescribeInstances",
		"ec2:DescribeAddresses",
		"ec2:DescribeVolumes", 
		"ec2:DescribeVolumeStatus",
		"ec2:DescribeVpcs",
		"ec2:DescribeVpnGateways",
		"ec2:DescribeVpnConnections",
		"ec2:DescribeRegions",
		"cloudwatch:GetMetricStatistics",
		"autoscaling:DescribeAutoScalingInstances"
	],
	"Resource": "*"
    }
  ]
} 

Create an IAM policy

1. Log in to the AWS Management Console and open the IAM console.
2. Click Policies.
3. If this is your first time adding Policies, the Welcome page appears. Click Get Started.
4. Click Create Policy.
5. On the Create Policy page, click Select > Create Your Own Policy.
6. Enter policy details, such as name and description.

7. To enter policies in a policy editor, add the following permission statements to the Policy Document:

   {
       "Version": "2012-10-17",
       "Statement": [{    
           "Effect": "Allow",
           "Action": [
           "ec2:DescribeInstances",
           "ec2:DescribeAddresses",
           "ec2:DescribeVolumes", 
           "ec2:DescribeVolumeStatus",
           "ec2:DescribeVpcs",
           "ec2:DescribeVpnGateways",
           "ec2:DescribeVpnConnections",
           "ec2:DescribeRegions",
           "cloudwatch:GetMetricStatistics",
           "autoscaling:DescribeAutoScalingInstances",
           "ec2:StopInstances", 
           "ec2:StartInstances",
           "ec2:RebootInstances", 
           "ec2:TerminateInstances"
       ],
       "Resource": "*"
       }
     ]
   } 

8. Click Validate Policy.
9. Click Create Policy.

Attach the policy to an account

1. In the AWS Management Console, click Policies.
2. Navigate to the policy and selects its check box.
3. Click Policy Actions > Attach.
4. Select the All Types option and Users.
5. Navigate to the account and selects its check box.
6. Click Attach Policy.