This topic explains how to get started with managing your Amazon Web Services (AWS) resources with Commander.
- Create an AWS account for Commander to have programmatic access to AWS.
Commander uses your account to connect to AWS. All of the private AMIs (Amazon Machine Images) and instances belonging to that account become a single cloud account in Commander.
- In the IAM Management Console, configure the appropriate IAM policies.
You can create your own or modify existing ones. IAM policies are stored in AWS as JSON documents.
To view AWS assets, the policy must provide at least read access for all objects. To deploy and manage AWS assets, the policy must provide full access for the appropriate objects. For more information, see Policies and Permissions in IAM in the AWS documentation.
- For read only access (including access to billing records), remove the “EmboticsCommanderWritePolicyForOperations” block.
- For read access without access to billing records, remove the “s3:GetObject” and “s3:ListBucket” permissions in the "EmboticsCommanderReadOnlyPolicyOptional" block and also remove the "EmboticsCommanderWritePolicyForOperations” block.
- The policy doesn't allow you to deploy resources through CloudFormation templates that include anything other than EC2 instances. Therefore, you can use it as a base policy that you can extend to cover the types of AWS services that you want to provision.
- If you're using additional services such as Key Management Service (KMS), you'll need the appropriate permissions for Commander.
- In the IAM Management Console, create an access key or an IAM role depending on the method you want to use to access your AWS account.
- Optional: Use the AWS Management Console to add private AMIs to your account.
If you created an instance from a public AMI, you need to convert the instance into an AMI before you can add it as a private AMI to the Service Catalog. When you create a private AMI, you must place it in each region where you want to be able to deploy it.
This step isn't necessary if you add Amazon Marketplace AMIs to the service catalog, or if you're using Amazon CloudFormation templates to deploy stacks (which can include EC2 VMs, EC2 load balancers, EC2 auto scaling groups and RDS databases).
- Optional: If Internet access is established through a web proxy server, integrate your web proxy server with Commander.
For more information, see Connect Public Clouds through Web Proxy Servers.
- Add your AWS account to Commander as a cloud account.
For more information, see Add AWS Cloud Accounts.
Assign access rights to admin users.
For more information, see Assign access rights to administrative users.
- Retrieve AWS billing data to ensure the accuracy of VM billing records.
For more information, see AWS Billing Data.
- Optional: If you want to enable automatic key pair SSH connections to EC2 Linux instances, you can add private keys to Commander.
For more information, see Manage Key Pairs for AWS Regions.
Click the link below to download a sample IAM policy. The policy provides permissions for full read and write access for an AWS cloud account. These permissions allow you to discover and view resources in inventory as well as deploy and manage them.
It's recommended that you customize the downloaded policy as required. For example:
To ensure accurate cost analytics and reports, you can configure Commander to retrieve billing data from AWS. For more information, see AWS Billing Data.
For all projected AWS costs, such as service catalog costs, deployed service costs, and reports with a projected cost model configuration, Commander uses hard-coded costs by region for all supported component types and instance types.
A cost model is automatically applied when an AWS account is added as a cloud account. The cost model enables you to overlay the AWS billing data and hard-coded costs with additional IT support costs, backup costs, and application software licensing costs. You can create additional cost models for different parts of your AWS account. For more information, see Configure Cost Models.
To make sure your AWS list prices are current, you can use the Update Public Cloud List Prices command workflow. For more information, see Update Public Cloud List Prices.
The cost model and cost files allow users to see accurate cost estimates when:
- Adding AMIs and CloudFormation templates to the Service Catalog.
- Requesting VMs and CloudFormation templates.
- Viewing cost details for deployed stacks, VMs, load balancers, and databases.
The service catalog entry displays the cost of the cheapest instance type defined in the blueprint for that service. Then, when a user requests a service with a particular instance type, Commander stores the cost of the submitted service.
Auto Scaling Groups don't have a cost.