Agents Administration - Tests
 

Obtaining an Access key and Secret key

To monitor the Amazon cloud infrastructure, the eG agent has to be configured with the access key and secret key of a user with a valid AWS account.

For this purpose, you need to follow the following broad steps:

  1. Create a special user on the AWS cloud for monitoring purposes.

  2. Configure the eG agent with the access key and secret key of the special user.

To create a user on the AWS cloud, do the following:

  • Login to the AWS management console as a root user.

  • Upon successful login, AWS Services page will appear. Keep scrolling down AWS Services page until you view the IAM option.

  • The first step to creating a user is to create a policy that defines the rights and privileges of that user. To create a policy, click on the Policies link in the left panel .

  • The Create Policy page will then appear listing all the policies that pre-exist. Click on Create Policy to create a new policy.

  • Next, click on the JSON tab in the Create Policy page. The JSON tab page will then appear.

  • Replace the contents of the JSON tab page with the following: 

    
{
	"Version": "2012-10-17",

    
	"Statement": [
    
		{
    
			“Action”: [
    
				“acm:DescribeCertificate”,
    
				“acm:List*”,
    
				“acm:GetCertificate”,
    
				“autoscaling:Describe*”,
    
				“budgets:Describe*”,
    
				“cloudfront:List*”,
    
				“cloudfront:GetDistributionConfig”,
    
				“cloudfront:GetStreamingDistributionConfig”,
    
				“cloudsearch:Describe*”,
    
				“cloudtrail:DescribeTrails”,
    
				“cloudtrail:GetTrailStatus”,
    
				“cloudwatch:Describe*”,
    
				“cloudwatch:Get*”,
    
				“cloudwatch:List*”,
    
				“dynamodb:List*”,
    
				“dynamodb:Describe*”,
    
				“ec2:Describe*”,
    
				“ec2:Get*”,
    
				“ecs:List*”,
    
				“ecs:Describe*”,
    
				“elasticache:Describe*”,
    
				“elasticache:List*”,
    
				“elasticbeanstalk:Describe*”,
    
				“elasticbeanstalk:List*”,
    
				“elasticfilesystem:Describe*”,
    
				“elasticloadbalancing:Describe*”,
    
				“elasticmapreduce:Describe*”,
    
				“"elasticmapreduce:List*”,
    
				“iam:Get*”,
    
				“iam:List*”,
    
				“iam:GenerateCredentialReport”,
    
				“iot:Describe*”,
    
				“iot:List*”,
    
				“kinesis:List*”,
    
				“kinesis:Describe*”,
    
				“kinesis:Get*”,
    
				“lambda:List*”,
    
				“logs:Get*”,
    
				“logs:Describe*”,
    
				“logs:FilterLogEvents”,
    
				“logs:TestMetricFilter”,
    
				“logs:PutLogEvents”,
    
				“opsworks:Describe*”,
    
				“polly:Describe*”,
    
				“polly:GetLexicon”,
    
				“polly:ListLexicons”,
    
				“rds:Describe*”,
    
				“rds:List*”,
    
				“redshift:Describe*”,
    
				“redshift:ViewQueriesInConsole”,
    
				“route53:List*”,
    
				“s3:Get*”,
    
				“s3:List*”,
    
				“s3:*Object”,
    
				“s3:Object*”,
    
				“ses:ListIdentities”,
    
				“ses:Get*”,
    
				“support:*”,
    
				“sns:Get*”,
    
				“sns:List*”,
    
				“sns:Publish”,
    
				“sqs:List*”,
    
				“sqs:Get*”,
    
				“storagegateway:Describe*”,
    
				“storagegateway:List*”,
    
				“waf:List*”,
    
				“waf:Get*”,
    
				“workspaces:Describe*”,
    
				“Organizations:List*”,
    
				“Organizations:Describe*”,
    
				“appstream:ListAssociated*”,
    
				“appstream:Describe*”,
    
				“ce:Get*”
    
			],
    
			“Effect”: “Allow”,
    
			“Resource”: “*”
    
		}
    
	]
    
}

    Note:

    If you copy the above code block directly from this document and paste it in the JSON tab page, you will find that the page numbers in the document also get copied on to the tab page inadvertently. Therefore, after copying the code block to the JSON tab page, make sure you remove the page numbers from the code block and then proceed.

  • Then, click the Review policy button in the JSON tab page to review the policy that you have defined. In the page that appears, you have to provide a name for the new policy and a brief description of the policy.

  • The Summary section lists all the services that this policy allows access to, the level of access (whether Full or Limited), and the resources that can be accessed.

  • Then, click on the Create Policy button to create the new policy.

  • Now, proceed to create a new user. For that, first click the Users option in the left panel.

  • This will open Set user details page. Here, specify the name of the new user and set Programmatic access as the Access type. Then, click the Next: Permissions button to move to the next step of the user creation.

  • Clicking on the Next: Permissions button, will invoke the page where you can set persmissiong to the user. Click the Attach Existing Policies Directly button to associate the newly created policy with the new user. Then, from the list of policies displayed therein, click the check box corresponding to the policy that you created newly, and then click the Next: Review button.

  • Then, click the Create User button in the page that appears to create the user.

  • The page that appears will display the new user and the access and secret keys assigned to the new user. Click on the Show link adjacent to the encrypted secret key to view it. Once you are able to view both keys, make a note of the keys.

Make sure to configure the tests with the access key and secret key that you see in this page.