Amazon Web Services connector
Use the Amazon Web Services cloud connector to collect the resource utilization data of the services that are provisioned in the Amazon Web Services (AWS) cloud. You can use this connector to:
- Collect the cost data of all the services
- Collect the usage data of your virtual machines (EC2 instances) and relational database instances
BMC Helix Cloud Cost uses these data points to provide cost insights and forecasting estimations to optimize your cloud costs by providing recommendations. Recommendations are displayed if you have configured the connector to collect both cost and utilization data.
The connector supports data collection for the following AWS subscription types:
- AWS default
- AWS GovCloud (US)
All communication between BMC Helix Cloud Cost and Amazon Web Services is secure over HTTPS. The connector uses the following APIs to collect data from AWS:
The following video (8:24) provides information about configuring the Amazon Web Services connector in BMC Helix Cloud Cost.
A product license gets consumed when the connector is used to collect data from the following asset types:
- Amazon Elastic Compute Cloud (EC2)
- Amazon Relational Database Service (Amazon RDS)
- Amazon DynamoDB
- Amazon Neptune
- Amazon Redshift
- Amazon Elastic Container Service (Amazon ECS)
- Amazon Elastic Kubernetes Service (Amazon EKS)
- Amazon API Gateway
- Amazon ElastiCache
- Amazon Simple Queue Service (Amazon SQS)
- Amazon Elasticsearch Service
(optional) If you want to use the role-based authentication, do the following:
Create an IAM role with the BMC AWS account as a trusted entity.Do the following:
- Log in to your AWS account.
- Under Security, click IAM. You are directed to the Identity and Access Management (IAM) dashboard.
- Click Roles > Create role.
- Select Another AWS account, and do the following:
- In the Account ID box, type the identifier of the BMC AWS account.
- Select the Require external ID check box, and enter any alphanumeric string as a value for the external ID. This ID is used to grant access to collect the AWS resources data.
- Click Next.
- On the permissions page, select the appropriate option, and click Next.
- (optional) Create tags and click Next.
- Click Create role. A confirmation message is displayed.
Note down the role ARN and external ID.Do the following:
- Search for the role that you created and select it to view the details.
- From the Summary section, note down the role ARN value.
- Click the Trust relationships tab, and note down the external ID value.