Configure AWS accounts for cloud monitoring
This topic applies only to the following products:
SolarWinds Observability Self-Hosted
IPAM — NAM — SAM — VMAN
To monitor an AWS instance with the SolarWinds Platform, you need to:
- Configure Identity and Access Management Permissions (IAM) in the AWS Management Console. These permissions allow the SolarWinds Platform access to status and other metrics for AWS instances.
- Configure IAM policies and assign them to the AWS account. The policies define that you can integrate the AWS cloud service with the SolarWinds Platform.
Consult your system administrator and refer to Amazon AWS documentation for details.
Establish AWS IAM permissions
To interact with the SolarWinds Platform, an AWS account must be able to retrieve CloudWatch metrics from various resources. Use this section as a reference for specific permissions.
Although you can embed inline policies to set permissions, SolarWinds recommends attaching an IAM policy to an account so JSON code can be used to permit or restrict user actions.
Each AWS account requires the following resource-level permissions:
- ec2:DescribeInstances
- ec2:DescribeAddresses
- ec2:DescribeVolumes
- ec2:DescribeVolumeStatus
- ec2:DescribeVpcs
- ec2:DescribeVpnGateways
- ec2:DescribeVpnConnections
- ec2:DescribeRegions
- cloudwatch:GetMetricStatistics
- autoscaling:DescribeAutoScalingInstances
To define actions that can be performed against an instance, add the following permissions:
- ec2:StartInstances
- ec2:StopInstances
- ec2:RebootInstances
- ec2:TerminateInstances
To poll Amazon RDS data, add the following permissions:
- cloudwatch:GetMetricData
- rds:DescribeDBInstances
The following JSON code provides standard access to a SolarWinds Platform user:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeAddresses", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcs", "ec2:DescribeVpnGateways", "ec2:DescribeVpnConnections", "ec2:DescribeRegions", "cloudwatch:GetMetricStatistics", "autoscaling:DescribeAutoScalingInstances" ], "Resource": "*" } ] }
Create an IAM policy and attach it to an account
Create the IAM policy in your AWS Management Console. See Creating IAM policies and Create and attach a policy to a user in Amazon AWS documentation for details.
To enter policies in a policy editor, add the following permission statements to the Policy Document:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeAddresses", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcs", "ec2:DescribeVpnGateways", "ec2:DescribeVpnConnections", "ec2:DescribeRegions", "cloudwatch:GetMetricStatistics", "autoscaling:DescribeAutoScalingInstances", "ec2:StopInstances", "ec2:StartInstances", "ec2:RebootInstances", "ec2:TerminateInstances" ], "Resource": "*" } ] }