Required AWS Objects
Page last updated:
This topic describes the objects you create in Amazon Web Services (AWS) in order to deploy VMware Tanzu Operations Manager (Ops Manager).
Overview
Use the information in this topic to determine the resource requirements of Ops Manager on AWS, or to verify that you have created the correct resources after completing the procedures in Preparing to Deploy Ops Manager on AWS and Deploying Ops Manager on AWS.
S3 Buckets
As part of the preparing to deploy process, you must create the following S3 buckets from the S3 Dashboard:
pcf-ops-manager-bucketpcf-buildpacks-bucketpcf-packages-bucketpcf-resources-bucketpcf-droplets-bucket
These buckets must be empty when you install or reinstall Ops Manager.
See Create S3 Buckets in Preparing to Deploy Ops Manager on AWS.
IAM Role or User for Ops Manager
You must create either an IAM role or an IAM user for Ops Manager named pcf-user from the Identity and Access Management Dashboard, using the policy document included in Ops Manager for AWS Policy Document.
See Create an IAM Role or User for Ops Manager in Preparing to Deploy Ops Manager on AWS.
Key Pair
You must generate a key pair named pcf-ops-manager-key. For more information about setting up a key pair, see Amazon EC2 Key
Pairs in the AWS documentation.
VPC (Public and Private Subnets)
You must create a VPC with public and private subnets from the VPC Dashboard.
The following table lists the subnets in CIDR block 10.0.0.0/16.
| Name | AZ | IPv4 CIDR block |
|---|---|---|
pcf-public-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.0.0/24 |
pcf-public-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.1.0/24 |
pcf-public-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.2.0/24 |
pcf-management-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.16.0/28 |
pcf-management-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.16.16/28 |
pcf-management-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.16.32/28 |
pcf-ert-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.4.0/24 |
pcf-ert-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.5.0/24 |
pcf-ert-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.6.0/24 |
pcf-services-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.8.0/24 |
pcf-services-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.9.0/24 |
pcf-services-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.10.0/24 |
pcf-rds-subnet-az0 |
REGION-#a (for example, us-west-2a) |
10.0.12.0/24 |
pcf-rds-subnet-az1 |
REGION-#b (for example, us-west-2b) |
10.0.13.0/24 |
pcf-rds-subnet-az2 |
REGION-#c (for example, us-west-2c) |
10.0.14.0/24 |
See Create a VPC in Preparing to Deploy Ops Manager on AWS.
NAT Gateway
You must create a NAT Gateway when creating a VPC.
See Create a NAT Gateway in Preparing to Deploy Ops Manager on AWS.
Security Groups
The following sections describe the security groups you must create from the EC2 Dashboard.
Ops Manager
The Ops Manager Security Group must be named pcf-ops-manager-security-group and have the following inbound rules:
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| HTTP | TCP | 80 | My IP |
| HTTPS | TCP | 443 | My IP |
| SSH | TCP | 22 | My IP |
| BOSH Agent | TCP | 6868 | 10.0.0.0/16 |
| BOSH Director | TCP | 25555 | 10.0.0.0/16 |
See Configure a Security Group for Ops Manager in Preparing to Deploy Ops Manager on AWS.
BOSH-Deployed VMs
The BOSH-deployed VMs Security Group must be named pcf-vms-security-group and have the following inbound rules:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| All traffic | All | 0 - 65535 | Custom IP | 10.0.0.0/16 |
| Custom TCP rule | TCP | 2222 | Anywhere | 0.0.0.0/0 |
See Configure a Security Group for BOSH-Deployed VMs in Preparing to Deploy Ops Manager on AWS.
Web ELB
The Web ELB Security Group must be named pcf-web-elb-security-group and have the following inbound rules:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| Custom TCP rule | TCP | 4443 | Anywhere | 0.0.0.0/0 |
| HTTP | TCP | 80 | Anywhere | 0.0.0.0/0 |
| HTTPS | TCP | 443 | Anywhere | 0.0.0.0/0 |
See Configure a Security Group for the Web ELB in Preparing to Deploy Ops Manager on AWS.
TCP ELB
The TCP ELB Security Group must be named pcf-tcp-elb-security-group and have the following inbound rule:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| Custom TCP rule | TCP | 1024 - 1123 | Anywhere | 0.0.0.0/0 |
The TCP ELB Security Group must have the following outbound rule:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| All traffic | All | All | Anywhere | 0.0.0.0/0 |
See Configure a Security Group for the TCP ELB in Preparing to Deploy Ops Manager on AWS.
MySQL
The MySQL Security Group must be named pcf-mysql-security-group and have the following inbound rule:
| Type | Protocol | Port Range | Source | |
|---|---|---|---|---|
| MySQL | TCP | 3306 | Custom IP | 10.0.0.0/16 |
The MySQL Security Group must have the following outbound rule:
| Type | Protocol | Port Range | Destination | |
|---|---|---|---|---|
| All traffic | All | All | Custom IP | 10.0.0.0/16 |
See Configure a Security Group for MySQL in Preparing to Deploy Ops Manager on AWS.
Ops Manager AMI
You must locate the public Ops Manager AMI using the AMI ID provided by the PDF downloaded when clicking Ops Manager for AWS on VMware Tanzu Network.
See Step 1: Launch an Ops Manager AMI in Deploying Ops Manager on AWS.
ELBs
The following sections describe the ELBs you must create from the EC2 Dashboard.
Web ELB
You must create a web ELB with the following configuration:
- Name:
pcf-web-elb - LB Inside:
pcf-vpc - Selected Subnet:
pcf-public-subnet-az0,pcf-public-subnet-az1,pcf-public-subnet-az2 - Security Group:
pcf-elb-security-group - Health Check: TCP Port 8080, Path:
/health
See Step 2: Create Web Load Balancer in Deploying Ops Manager on AWS.
SSH ELB
- Name:
pcf-ssh-elb - LB Inside:
pcf-vpc - Selected Subnet:
pcf-public-subnet-az0,pcf-public-subnet-az1,pcf-public-subnet-az2 - Security Group:
pcf-ssh-security-group - Health Check: TCP Port 2222
See Step 3: Create SSH Load Balancer in Deploying Ops Manager on AWS.
TCP ELB
- Name:
pcf-tcp-elb - LB Inside:
pcf-vpc - Selected Subnet:
pcf-public-subnet-az0,pcf-public-subnet-az1,pcf-public-subnet-az2 - Security Group:
pcf-tcp-security-group - Health Check: TCP Port 80
See Step 4: Create TCP Load Balancer in Deploying Ops Manager on AWS.
DNS Configuration
You must navigate to your DNS provider and create CNAME and A records for all three of your load balancers.
See Step 5: Configure DNS Records in Deploying Ops Manager on AWS.
RDS Subnet Group
You must create a subnet group for RDS named pcf-rds-subnet-group from the RDS Dashboard.
See Step 6: Create RDS Subnet Group in Deploying Ops Manager on AWS.
MySQL Database
You must create a MySQL database from the RDS Dashboard.
See Step 7: Create a MySQL Database using AWS RDS in Deploying Ops Manager on AWS.