Cloud Services

DevOps Intelligence

Expand menu Collapse menu

AWS configuration

Published On Jul 23, 2024 - 8:47 AM

AWS configuration

DevOps Intelligence supports the usage of AWS, and this page describes the configuration requirements.

Amazon Web Services (AWS) provides a robust and secure cloud services platform, delivering essential resources such as computing power, database storage, and content delivery to help scale and grow your business.DevOps Intelligence enhances your AWS experience by offering insightful data analysis, and this section outlines the necessary configuration steps. To enable DevOps Intelligence to efficiently extract data from multiple AWS services, setting up and configuring an AWS account is imperative. This setup is critical in harnessing the full potential of AWS and DevOps Intelligence capabilities.

The following are supported AWS services:

Cloud formation

EC2

EKS

DevOps Intelligence only reads data from these services; hence, ReadOnly access is required for all of them.

Access rights for Cloudformation

DevOps Intelligence performs the following actions on AWS Cloudformation:

ListStacks

DescribeStacks

DescribeStackEvents

DescribeStackResources

GetTemplate

GetTemplateSummary

DevOps Intelligence requires the ReadOnly access for all actions. See the following example for reference:

{
    "Version":"2030-10-07",
    "Statement":[{
        "Effect":"Allow",
        "Action":[
            "cloudformation:DescribeStacks",
            "cloudformation:DescribeStackEvents",
            "cloudformation:DescribeStackResources",
        "cloudformation:ListStacks",
        "cloudformation:GetTemplate",
        "cloudformation:GetTemplateSummary"
        ],
        "Resource":"*"
    }]
}

Access Rights for Elastic Container Service(EC2):
DevOps Intelligence performs the following actions on AWS EC2:

DescribeInstances

Please note that managed policies for Amazon EC2 can be used to provide ReadOnly Access to EC2 service:

AmazonEC2ReadOnlyAccess

Notes:
Using the credentials provided, Kyndryl Platform Discovery will pull (Sync) Deployments and Virtual Machines
on behalf of DevOps Intelligence. The Sync Feature scans current data for visibility after configuring credentials periodically. The intervals are set as follows:

The account Sync Interval is set to 5 mins: Refresh current data.

The account Delete Interval is set to 7 mins: All deleted accounts are updated.

The history pulled Interval is set to 180 days: Data history.

Access rights for Elastic Kubernetes Service(EKS):
DevOps Intelligence performs the following actions on Amazon EKS:

ListClusters

DescribeCluster

This example shows how you can create a policy that allows a user read-only access to list or describe all clusters:

{
    "Version": "2030-10-07",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "eks:DescribeCluster",
                "eks:ListClusters"
            ],
            "Resource": "*"
        }
    ]
}

For more details, see your Delivery representative.

Develop

AWS CodeCommit configuration

AWS DevOps connection

Deploy

AWS CodeDeploy configuration

Do you have two minutes for a quick survey?

Take Survey