Learn how to set up your system to be able to view networks using the Topology Common service.
Creating a connection
Before information can be integrated into the Topology service, a connection to the provider must be created. For more information, see Connections and follow the directions for the providers you want to use.
Currently, the Topology Common service is only available for Amazon Web Services (AWS) and IBM Cloud.
Affinity data can be integrated into the Topology service to provide impact analysis calculations. The data must be extracted from flow logs provided by the provider. The procedure for generating and ingesting these logs varies by provider.
Enabling affinity for Topology for Amazon Web Services (AWS)
To enable the affinity display in Topology, VPC logs and AWS CloudTrail need to be created for the specified provider.
Step: 1 Setting up the system for AWS
Complete these steps to meet the prerequisites for running the script to set up VPC logs and CloudTrail in AWS.
Make sure that the IAM role has the required access for the regions that will be used.
[default] aws_access_key_id = YOUR_KEY aws_secret_access_key = YOUR _SECRET
Set up a default region in ~/.aws/config:
[default] region=us-east-1
Create an S3 bucket on AWS with the name "mcmp-topology-flow-logs-YOUR_ACCOUNT_ID" in the region created in the previous step.
Step 2: Creating flow logs for AWS
Make sure that the AWS IAM role has the proper access and permissions to enable the regions to be used. For more information, see Understanding IAM.
To view affinity, the VPC flow logs and AWS CloudTrail need to be created in AWS. These are created and named using a script. To use the script, complete the following steps.
To enable affinity for IBM Cloud, you must set up your system, create flow logs, and enable the Activity Tracker on IBM Cloud using the following steps.
Step 1: Setting up your system for IBM Cloud
To set up your system to display affinity for IBM Cloud, complete the following steps:
Install dependencies by running the following command:
python3 -m pip install -r requirements.txt
Create directories as (.mcmp/.ibmcloud) in your home directory.
Create a text file named credentials if using windows, or credentials.txt if using another operating system in your .ibmcloud directory that includes the following credentials:
ibm_account = {IBM Cloud account ID} ibm_apikey = {IBM Cloud API key} resource_id = {Resource ID of resource group where you want to create buckets}
Make sure to run scripts in the ibmcloud-flowlog-automation-script folder.
Step 2: Creating flow logs for IBM Cloud
Make sure that the IBM Cloud IAM role has the required access to manage resources. For more information, see IBM Cloud IAM roles.
To view affinity, the VPC flow logs need to be created in IBM Cloud. These are created and named using a script. To use the script, complete the following steps.
Open the
regions.json
file in the Inputs folder and remove regions until only those that you want to create flow logs for remain. To restore all regions (due to an error), run the
python updateRegions.py
command.
Run the
python3 createBuckets.py
command to create a cloud object storage instance with the name mcmp-topology-flow-logs-{Account_id} and buckets in all the regions specified in regions.json with the name mcmp-topology-flow-logs-{region}-{Account_id}. The buckets created have an expiration rule of 1 day, so they are deleted 24 hours after being archived. If you are re-running this file, delete the already existing mcmp-topology-flow-logs-{Account_id} file before running the command.
Run the python3 getVPCIds.py command to create an IBM-Account-{Account_Number}-VpcList.json file in the Inputs folder that contains the vpc-Ids for all regions mentioned in regions.json.
Run the python3 createFlowLogs.py command to create VPC Flowlog collectors.
Step 3: Enabling Activity Tracker for IBM Cloud
After you have created the flow logs, you need to link to them. To do so, complete these steps:
Go to
Console
landing page.
Select
Logging and Monitoring
.
Click
IBM Cloud Activity tracker
.
For each region that you want to track, select the following parameters and then click
Create
:
Select the region where you want to create the tracker.
For plan, select
7 day Event Search
.
Check the box:
I have read and agree to the following license agreements
.
Enable activity tracker for each bucket in IBM Cloud Console using these steps:
Select
Storage
.
Select the service instance with your bucket.
Select the bucket you want to enable.
In the navigation pane, click
Configuration
.
Click the
Activity Tracker
tab.
Click
Create
. If you already have an instance of IBM Cloud Activity Tracker, select it here. If not, select the appropriate configuration and click
Create
.
Select
Track data
events and select read and write in the field below.
Click
Save
.
Ensure that you have a cloud object storage instance with the name mcmp-topology-flow-logs-. If you do not, create an instance with the name mcmp-topology-flow-logs-{AccountNumber}.
Create a bucket in the cloud object storage instance that you just identified to archive all the activity tracker events in by completing these steps:
Click
Create bucket
in your cloud object storage instance.
For Name, enter topology-activity-tracker-{AccountNumber[0:15} (first 15 digits of your account number).
Create the bucket in the us-east region and select
storage
class as smart tier.
Go to the
Advanced Configurations
section and click
Expiration
.
Click
Add
.
In the
Add expiration
rule window, click
Simple
.
Enable
Expiration rule
, enter 1 in the Current version expiration field, and click
Save
.
Click
Create bucket
.
Select the bucket that you just created and copy the following information:
The private endpoint
The apikey
The resource_instance_id
Configure archiving of your IBM Cloud Activity Tracker instance into a COS bucket by completing these steps for each of them:
On the
Dashboard
, select
Services and software
.
Click
Activity tracker
.
Click
Open dashboard
.
Click the Settings icon and select
Archiving→ Manage
.
Click
Enable archiving
.
Select
IBM Cloud Object Storage
.
Enter the following parameters and then click the Service Credentials tab:
Bucket: Enter the name of the bucket.
Endpoint: The private endpoint of the bucket.
Enter the following information from your service credential (create a new one if needed) and then click
Save
:
API Key: The apikey value from your service credential.
Instance ID: The resource_instance_id from your service credential.