Preparing your Amazon EC2 account

By using and updating your Amazon account features, you are able to fully support the provisioning of your Amazon EC2 instance. You can always return to your Amazon account and specify customized Amazon Machine Images (AMIs), Virtual Private Clouds (VPCs), security groups, and so on.

The following sections provide instructions for preparing your Amazon Elastic Compute Cloud (Amazon EC2) account:

• • Before you begin
  • Mapping of Amazon EC2 constructs with BMC Cloud Lifecycle Management objects
  • To obtain AWS access credentials
  • To create a custom AMI
  • To work with Availability Zones and VPCs
  • To create security groups
  • To get an SSH key pair
  • Where to go from here

Before you begin

You should already have an Amazon Web Services (AWS) account and be familiar with basic AWS operations. You should also be familiar with BMC Server Automation setup activities. You need to perform certain AWS and BMC Server Automation operations before you can start working with AWS in the context of BMC Cloud Lifecycle Management.

Mapping of Amazon EC2 constructs with BMC Cloud Lifecycle Management objects

The following table identifies the correlations between the main Amazon EC2 constructs and their BMC Cloud Lifecycle Management counterparts:

To obtain AWS access credentials

BMC Cloud Lifecycle Management communicates with AWS by using its public SOAP APIs. To use these APIs, you must provision BMC Cloud Lifecycle Management with the correct access credentials. These access credentials are based on an X.509 certificate, which you can generate from your AWS account. The following example screen shot from the AWS Console shows an X.509 certificate that is ready for download.

See the Amazon Web Services security credentials documentation for detailed information on how to generate the X.509 certificate and the corresponding private key.

You later enter the certificate contents when you define your AWS accounts for BMC Cloud Lifecycle Management use. See Configure AWS access credentials. BMC Atrium Orchestrator reads these credentials as defined in the AWS accounts and uses them to connect with AWS.

To create a custom AMI

BMC recommends that you create custom Amazon Machine Images (AMIs) with the BMC Server Automation Agent installed on them. The BSA Agent enables software deployment and other operations that enhance the features of the Amazon EC2 instance. The following example shows a custom AMI entry with an RSCD agent and associated with a user account:

For information on creating a custom AMI, see Amazon Web Services documentation on creating your own AMI. For information on how to install a BSA Agent, refer to the RSCD installation instructions for Microsoft Windows or to the RSCD installation instructions for Linux/UNIX and to the post-installation configuration instructions and related topics.

Later, you will register the AMI ID (ami-50dd5160 in this example) in the Product Catalog Console of the enterprise BMC Remedy AR System server. See To create your product catalog entry.

To work with Availability Zones and VPCs

BMC Cloud Lifecycle Management allows you to provision virtual machine (VM) instances to Availability Zones or Virtual Private Clouds (VPCs).

An Availability Zone is a distinct location within an AWS geographic Region. A Region can contain multiple Availability Zones. Availability Zones are designed to be isolated so that a failure in one Availability Zone does not impact instances in another. For more information, see the AWS documentation on Regions and Availability Zones.

Unlike Availability Zones, which are predefined, Virtual Private Clouds (VPCs) are created to delineate a section of the AWS cloud for your use. Within this section you can launch Amazon EC2 instances with private, instead of public, IP addresses that lie within a user-defined range. Within the VPC, you can create subnets to group similar Amazon EC2 instances according to a private IP address range. The following example shows a VPC with four subnets:

The VPC is designated by the address 192.168.24.0/24. The subnets are designated by the following addresses:
 192.168.24.0/26
 192.168.24.64/26
 192.168.24.128/26
 192.168.24.192/26

You can assign elastic IP addresses to the private address instances in the VPC. Elastic IP addresses are static, public addresses that, once assigned, enable the instances in the VPC to be reached from external networks.

For instructions on how to set up a VPC, see the Amazon Web Services guide Virtual Private Cloud documentation.

To create security groups

Security groups are firewall policies that are applied to provisioned VMs. A security group consists of rules that control inbound and outbound network traffic. You can assign VM instances to multiple security groups.

To permit RSCD agent traffic to your provisioned instances, you must configure a security group that allows incoming traffic on TCP port 4750. In addition, you might also want to open a port for remote access: for example, the SSH port for Linux instances or the RDP port for Windows instances. The following example shows a custom security group configured for RSCD agent and SSH traffic:

For more information, see the instructions for creating a security group.

To get an SSH key pair

The SSH key pair is required to log into public AMI instances, enabling them to be provisioned. It consists of a public key and a .pem file containing an RSA private key. The following example shows an SSH key pair for the IT Administrators group:

This key pair is specified to the service blueprint through the BmcSshInstanceKey application parameter. See Guidelines for defining an Amazon EC2 blueprint.

To obtain your SSH key pair, refer to Getting an SSH Key Pair.

Where to go from here

You can add the AWS accounts to the EC2 provider.