Required AWS Objects

Page last updated:

This topic describes the objects you create in Amazon Web Services (AWS) in order to deploy VMware Tanzu Operations Manager (Ops Manager).

Overview

Use the information in this topic to determine the resource requirements of Ops Manager on AWS, or to verify that you have created the correct resources after completing the procedures in Preparing to Deploy Ops Manager on AWS and Deploying Ops Manager on AWS.

S3 Buckets

As part of the preparing to deploy process, you must create the following S3 buckets from the S3 Dashboard:

  • pcf-ops-manager-bucket
  • pcf-buildpacks-bucket
  • pcf-packages-bucket
  • pcf-resources-bucket
  • pcf-droplets-bucket

These buckets must be empty when you install or reinstall Ops Manager.

See Create S3 Buckets in Preparing to Deploy Ops Manager on AWS.

IAM Role or User for Ops Manager

You must create either an IAM role or an IAM user for Ops Manager named pcf-user from the Identity and Access Management Dashboard, using the policy document included in Ops Manager for AWS Policy Document.

See Create an IAM Role or User for Ops Manager in Preparing to Deploy Ops Manager on AWS.

Key Pair

You must generate a key pair named pcf-ops-manager-key. For more information about setting up a key pair, see Amazon EC2 Key Pairs in the AWS documentation.

VPC (Public and Private Subnets)

You must create a VPC with public and private subnets from the VPC Dashboard.

The following table lists the subnets in CIDR block 10.0.0.0/16.

Name AZ IPv4 CIDR block
pcf-public-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.0.0/24
pcf-public-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.1.0/24
pcf-public-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.2.0/24
pcf-management-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.16.0/28
pcf-management-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.16.16/28
pcf-management-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.16.32/28
pcf-ert-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.4.0/24
pcf-ert-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.5.0/24
pcf-ert-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.6.0/24
pcf-services-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.8.0/24
pcf-services-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.9.0/24
pcf-services-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.10.0/24
pcf-rds-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.12.0/24
pcf-rds-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.13.0/24
pcf-rds-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.14.0/24

See Create a VPC in Preparing to Deploy Ops Manager on AWS.

NAT Gateway

You must create a NAT Gateway when creating a VPC.

See Create a NAT Gateway in Preparing to Deploy Ops Manager on AWS.

Security Groups

The following sections describe the security groups you must create from the EC2 Dashboard.

Ops Manager

The Ops Manager Security Group must be named pcf-ops-manager-security-group and have the following inbound rules:

Type Protocol Port Range Source
HTTP TCP 80 My IP
HTTPS TCP 443 My IP
SSH TCP 22 My IP
BOSH Agent TCP 6868 10.0.0.0/16
BOSH Director TCP 25555 10.0.0.0/16

See Configure a Security Group for Ops Manager in Preparing to Deploy Ops Manager on AWS.

BOSH-Deployed VMs

The BOSH-deployed VMs Security Group must be named pcf-vms-security-group and have the following inbound rules:

Type Protocol Port Range Source
All traffic All 0 - 65535 Custom IP 10.0.0.0/16
Custom TCP rule TCP 2222 Anywhere 0.0.0.0/0

See Configure a Security Group for BOSH-Deployed VMs in Preparing to Deploy Ops Manager on AWS.

Web ELB

The Web ELB Security Group must be named pcf-web-elb-security-group and have the following inbound rules:

Type Protocol Port Range Source
Custom TCP rule TCP 4443 Anywhere 0.0.0.0/0
HTTP TCP 80 Anywhere 0.0.0.0/0
HTTPS TCP 443 Anywhere 0.0.0.0/0

See Configure a Security Group for the Web ELB in Preparing to Deploy Ops Manager on AWS.

TCP ELB

The TCP ELB Security Group must be named pcf-tcp-elb-security-group and have the following inbound rule:

Type Protocol Port Range Source
Custom TCP rule TCP 1024 - 1123 Anywhere 0.0.0.0/0

The TCP ELB Security Group must have the following outbound rule:

Type Protocol Port Range Source
All traffic All All Anywhere 0.0.0.0/0

See Configure a Security Group for the TCP ELB in Preparing to Deploy Ops Manager on AWS.

MySQL

The MySQL Security Group must be named pcf-mysql-security-group and have the following inbound rule:

Type Protocol Port Range Source
MySQL TCP 3306 Custom IP 10.0.0.0/16

The MySQL Security Group must have the following outbound rule:

Type Protocol Port Range Destination
All traffic All All Custom IP 10.0.0.0/16

See Configure a Security Group for MySQL in Preparing to Deploy Ops Manager on AWS.

Ops Manager AMI

You must locate the public Ops Manager AMI using the AMI ID provided by the PDF downloaded when clicking Ops Manager for AWS on VMware Tanzu Network.

See Step 1: Launch an Ops Manager AMI in Deploying Ops Manager on AWS.

ELBs

The following sections describe the ELBs you must create from the EC2 Dashboard.

Web ELB

You must create a web ELB with the following configuration:

  • Name: pcf-web-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-elb-security-group
  • Health Check: TCP Port 8080, Path: /health

See Step 2: Create Web Load Balancer in Deploying Ops Manager on AWS.

SSH ELB

  • Name: pcf-ssh-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-ssh-security-group
  • Health Check: TCP Port 2222

See Step 3: Create SSH Load Balancer in Deploying Ops Manager on AWS.

TCP ELB

  • Name: pcf-tcp-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-tcp-security-group
  • Health Check: TCP Port 80

See Step 4: Create TCP Load Balancer in Deploying Ops Manager on AWS.

DNS Configuration

You must navigate to your DNS provider and create CNAME and A records for all three of your load balancers.

See Step 5: Configure DNS Records in Deploying Ops Manager on AWS.

RDS Subnet Group

You must create a subnet group for RDS named pcf-rds-subnet-group from the RDS Dashboard.

See Step 6: Create RDS Subnet Group in Deploying Ops Manager on AWS.

MySQL Database

You must create a MySQL database from the RDS Dashboard.

See Step 7: Create a MySQL Database using AWS RDS in Deploying Ops Manager on AWS.