Skip to main content

AWS inbound integration

Settings in AWS Console

Open your AWS Console and perform the following steps:

  1. Open the Identity and Access Management (IAM) service.
  2. Select Policies from the left-hand side and click Create policy.
  3. Switch to the JSON tab and paste the following in there.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowStartStopInstances",
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:*:*:instance/*"
        },
        {
            "Sid": "AllowDescribeInstances",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeInstanceStatus"
            ],
            "Resource": "*"
        }
    ]
}
  1. Click Review Policy.
  2. Fill in a Name (e.g. avantra-sync-and-start-stop-iam-policy), a Description, and click Create Policy.
  3. Select Users from the left-hand side and click Add user.
  4. Fill in a User name (e.g. avantra-sync-and-start-stop-iam-user), select Programmatic access for Access type, and click Next: Permissions.
  5. Choose Attach existing policies directly, click on Filter policies, and set the flag next to Customer managed.
  6. Set the flag next to the policy you created above (e.g. avantra-sync-and-start-stop-iam-policy) and click Next: Tags.
  7. Fill in tags if you desire, and click Next: Review.
  8. Click Create user and afterwards Download .cvs. Store the file in a safe location and click Close.

For more information see IAM tutorial: Create and attach your first customer managed policy.

Service authentication settings for AWS in the UI

  1. Open Configuration > Integrations and choose New > AWS.
  2. Fill in a Name, an optional Description and select a Customer.
  3. Click Finish.
  4. Select the newly created entry and click Open.
  5. For User, Access Key ID, and Access Key Secret fill in the values.
  6. Click Save.

Synchronizing EC2 instances with Avantra

You can easily add synchronize Amazon EC2 instances with Avantra to include them as Server objects.

  1. Login to the Avantra UI as the admin user.
  2. Click Administration > Synchronizations and select New > Inbound synchronization.
  3. For External Service choose AWS EC2, fill in a Name, e.g. AWS Synchronization, and click Create.
  4. In the newly created item, choose for AWS Authentication the value AWS Default.
note

This entry has been automatically created during the launch of the stack.

  1. For AWS Region select an appropriate value, most likely the one you deployed Avantra for AWS into.
  2. In Filter, you may define one or more filter rules to restrict the set of Amazon EC2 instances considered for the synchronization. You can use the same syntax as used by the AWS Command Line Interface (CLI), which is described in AWS EC2aws ec2 describe-instances.
    By default, the value of the Name tag is used for the value Physical Server Name in Avantra, and the private IP address is used for FQDN or IP Address.
  3. Click Apply followed by Test Query whenever you make changes and want to verify the filter.
    Best practice is to use Tags for all your AWS resources, and Amazon EC2 instances in particular. See AWS EC2 Documentation: Tag your Amazon EC2 resources for more information.

Example: Using Tag Key

  • Filter Name: tag-key
  • Value(s): SAP

This will return all Amazon EC2 instances in the selected AWS Region that have a tag SAP set regardless of its value.

Example: Using tag key and value

  • Filter Name: tag:ApplicationType
  • Value(s): HANA

This will return all Amazon EC2 instances in the selected AWS Region that have a tag ApplicationType set with a value HANA.

  1. For System Type, choose Server, and select a Default Customer and a Default System Role. You can override these default settings on a per Server level as described below.

In the Additional Attribute Mapping section, click + to add a new mapping. Choose the value DNS Alias for Avantra Attribute and fill in private-dns-name in AWS EC2 Instance Attribute.

note

You can find the available EC2 instance attributes using Test Query.

  1. Select the value yes for Start Monitoring. Set the flags for Create Server and Update Server (if desired). Click Apply and afterwards Sync. Confirm that you have tested your query properly.
  2. If you want to synchronize periodically, set the flag next to Activate background synchronization and choose an appropriate value for the synchronization interval. Click Apply.
  3. Select System > Servers to verify the synchronization.
tip

One of the major grouping mechanisms in Avantra is the Customer. If you have a complex VPC setup or you are using AWS PrivateLink, it may be helpful to create separate customers in Avantra that reflect the VPC layout. In this case, you may need to create multiple disjoint Synchronizations, unless you can extract the customer name from the EC2 instance attributes.

In particular, you should consider using separate customers for VPCs that are connected using AWS PrivateLink.

See Defining Customers how to create a customer in Avantra.

All synchronized instances that are directly reachable from the Avantra Server are now operational in Avantra. You can start to configure your SAP systems and databases.