AWS Collector Deployments

Collectors can be deployed directly on AWS using a template. Here are the details and security requirements for that installation.

Deploying a collector to a AWS

  1. Login to the BindPlane account to be used
  2. Navigate to the Collectors page
  3. Click the Add Collector button located at the top right of the page
2476

Collectors Page & Button to Add Collector

  1. For the platform, choose Amazon Web Services
2088

Choosing a platform to deploy a BindPlane Collector

  1. Select the region to deploy the Collector in.
  2. Click the Launch Stack button.
1012

Button that directs the user to launch a stack

📘

VPC/Subnet Combination Warning!

The most common issue, so far, when deploying a collector AWS, has been users selecting the incorrect VPC/Subnet combination. Amazon does not filter out the subnets per VPC and it is very easy to make a mistake. Below we have descriptions to help avoid running into this issue.

Which Subnet?
The subnet in the VPC you’re lanuching the instance into. Verify this subnet belongs to the VPC you specified above.

Which Security Group?
The security group the instance should belong to. Verify this security group belongs to the VPC specified above.

Key Pair:
The key pair for access the instance via SSH. If none exist, you may need to create a keypair under EC2 -> Key Pairs in the AWS console.

  1. Fill out the required information for the Create Stack form
  2. Click the Create Stack button.
898

Button to create a Stack

Network Requirements

Once the collector is installed it only needs the following network access:

  1. The ability to make outbound connections to all systems being monitored. This includes APIs for various cloud providers, if needed.

  2. The ability to make outbound connections to https://production.api.bindplane.bluemedora.com:443 to send collection data back to BindPlane, as well as to retrieve configuration information.

🚧

IP Address Fluctuation

The IP address of https://production.api.bindplane.bluemedora.com:443 can change. The endpoint can exist anywhere within the us-east-1 region on AWS.

To retrieve a list of subnets that are covered, run the following commands:

wget https://ip-ranges.amazonaws.com/ip-ranges.json

cat ip-ranges.json | jq '[.prefixes[]|select(.region=="us-east-1")]' | jq -r '.[].ip_prefix'> aws-useast1-ranges.txt

Least Privileged User

The only requirement to deploy a collector to AWS is that the account attempting to deploy the collector has the permissions necessary to deploy CloudStack templates.