Cloud Services

DevOps Intelligence

AWS configuration
Published On Jun 05, 2024 - 11:21 AM

AWS configuration

DevOps Intelligence supports the usage of AWS, and this page describes the configuration requirements.
Amazon Web Services (AWS) provides a robust and secure cloud services platform, delivering essential resources such as computing power, database storage, and content delivery to help scale and grow your business.DevOps Intelligence enhances your AWS experience by offering insightful data analysis, and this section outlines the necessary configuration steps. To enable DevOps Intelligence to efficiently extract data from multiple AWS services, setting up and configuring an AWS account is imperative. This setup is critical in harnessing the full potential of AWS and DevOps Intelligence capabilities.
The following are supported AWS services:
  • Cloud formation
  • EC2
  • EKS
DevOps Intelligence only reads data from these services; hence, ReadOnly access is required for all of them.

Access rights for Cloudformation

DevOps Intelligence performs the following actions on AWS Cloudformation:
  • ListStacks
  • DescribeStacks
  • DescribeStackEvents
  • DescribeStackResources
  • GetTemplate
  • GetTemplateSummary
DevOps Intelligence requires the ReadOnly access for all actions. See the following example for reference:
{ "Version":"2030-10-07", "Statement":[{ "Effect":"Allow", "Action":[ "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:ListStacks", "cloudformation:GetTemplate", "cloudformation:GetTemplateSummary" ], "Resource":"*" }] }
Access Rights for Elastic Container Service(EC2):
DevOps Intelligence performs the following actions on AWS EC2:
  • DescribeInstances
Please note that managed policies for Amazon EC2 can be used to provide ReadOnly Access to EC2 service:
  • AmazonEC2ReadOnlyAccess
Notes:
Using the credentials provided, Kyndryl Platform Discovery will pull (Sync)
Deployments and Virtual Machines
on behalf of DevOps Intelligence. The Sync Feature scans current data for visibility after configuring credentials periodically. The intervals are set as follows:
  • The account Sync Interval is set to 5 mins: Refresh current data.
  • The account Delete Interval is set to 7 mins: All deleted accounts are updated.
  • The history pulled Interval is set to 180 days: Data history.
Access rights for Elastic Kubernetes Service(EKS):
DevOps Intelligence performs the following actions on Amazon EKS:
  • ListClusters
  • DescribeCluster
This example shows how you can create a policy that allows a user read-only access to list or describe all clusters:
{ "Version": "2030-10-07", "Statement": [ { "Effect": "Allow", "Action": [ "eks:DescribeCluster", "eks:ListClusters" ], "Resource": "*" } ] }
For more details, see your Delivery representative.
Do you have two minutes for a quick survey?
Take Survey