Virtual Host Manager and Amazon Web Services
You can use a virtual host manager (VHM) to gather instances from Amazon Web Services (AWS).
The VHM allows Uyuni to obtain and report information about your clusters. For more information on VHMs, see Virtual Host Managers.
1. Create an Amazon EC2 VHM
The Virtual Host Manager (VHM) runs on the Uyuni Server.
Ensure you have installed the virtual-host-gatherer-libcloud
package on the Uyuni Server.
-
In the Uyuni Web UI, navigate to
. -
Click Create and select
Amazon EC2
from the drop-down menu. -
In the
Add an Amazon EC2 Virtual Host Manager
section, use these parameters:-
In the
Label
field, type a custom name for your VHM. -
In the
Access Key ID
field, type the access key ID provided by Amazon. -
In the
Secret Access Key
field, type the secret access key associated with the Amazon instance. -
In the
Region
field, type the region to use. -
In the
Zone
field, type the zone your VM is located in. This is required for subscription matching to work. For more information about setting regions and zones, see client-configuration:virtualization.adoc#_susesupport_and_vm_zones.
-
-
Click Create to save your changes and create the VHM.
-
On the
Virtual Host Managers
page, select the new VHM. -
On the
Properties
page, click Refresh Data to inventory the new VHM.
To see which objects and resources have been inventoried, navigate to
.Instances running on the Amazon public cloud report a UUID to the Uyuni Server in the format of an i
followed by seventeen hexadecimal digits:
I1234567890abcdef0
2. AWS Permissions for Virtual Host Manager
For security reasons, always grant the least privilege possible for a task to be performed. Using an Access Key with excessive permissions for users connecting to AWS is not advised.
For SUSE Manager to gather the information required from AWS, the VHM needs permission to describe EC2 instances and addresses. One method to grant this is to create a new IAM user (Identity and Access Management) specific to this task, create a policy as follows and attach to the user:
{ "Version": "2012-10-17", "Statement":[ { "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:DescribeInstances" ], "Resource": "*" } ] }
You can limit permissions more by restricting access to specific regions. For more information, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html#iam-example-read-only.