AWS
Configuring AWS agent with IAM User allows you to deploy the AWS agent from any Kubernetes cluster. Those are the services that are integrated with the agent:
| Service | Description |
|---|---|
| AWS Route 53 | Collects metadata from DNS zones and records. |
| AWS EC2 | Collects metadata from EC2 instances (hosts). |
| AWS S3 | Collects metadata from S3 buckets. |
| AWS EBS | Collects metadata from EBS volumes. |
Prerequisites
- IAM User with required permissions
Procedure from web console
- Navigate to Integrations > Agents (or go directly to
/home/integrations/agents) - Click "Add agent"
- Add a name for the agent and select AWS Inventory
- Click "Submit" to proceed to the configuration screen
- You'll see a setup guide with the commands needed to deploy your agent, copy and execute each command in your terminal/Kubernetes environment
- Optional: Modify the
httpRequestSizeparameter to adjust the maximum number of objects sent to the API in each request (must be an integer greater than 0, default value is usually sufficient)
Procedure from CLI
1. Create the Agent object
Create the Agent object in the cluster where Resiliency.IO is deployed:
apiVersion: core.resiliency.io/v1alpha1
kind: Agent
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
type: AWSInventory
secretName: <agent-name>
2. Retrieve the APIKey
Resiliency.IO will create an APIKey that will be assigned to the Agent. Get the secret name:
kubectl -n resiliency-system get agent <agent-name>
This command will display the Agent details, and the secret name is in the .status.secretName field:
apiVersion: core.resiliency.io/v1alpha1
kind: Agent
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
type: AWSInventory
secretName: <agent-name>
status:
secretName: <agent-name>-kj2f4
state: Ready
Get the secret content:
kubectl -n resiliency-system get secret <secret-name> -o jsonpath="{.data}" | jq -r 'to_entries[] | "\\(.key): \\(.value | @base64d)"'
Example output:
apikey: 259eaa16-6e0e-456a-8f6c-774ac61bab01
apisecret: 0b25cbc0-5a87-49e2-83ad-bc08c51038d3
3. Deploy the AgentInstance
Deploy the AgentOperator in your target cluster:
kubectl apply -f http://api.<base_domain>/static/manifests/agent-operator.yaml
Create the APIKey secret with the AWS IAM User credentials:
kubectl -n resiliency-system create secret generic <agent-name> \\
--from-literal=ASTROKUBE_AGENT_ID=<apikey> \\
--from-literal=ASTROKUBE_AGENT_SECRET=<apisecret> \\
--from-literal=AWS_ACCESS_KEY_ID=<your-aws-access-key-id> \\
--from-literal=AWS_SECRET_ACCESS_KEY=<your-aws-secret-access-key>
Deploy the AgentInstance:
apiVersion: core.resiliency.io/v1alpha1
kind: AgentInstance
metadata:
name: <agent-name>
namespace: resiliency-system
spec:
api: http://api.<base_domain>
httpRequestSize: 10
aws:
secretName: <agent-name>
Verify agent deployment
- Check the agent status in Kubernetes:
# Check agent instance
kubectl get agentinstances -n resiliency-system <name-of-your-agent>
# Check pod
kubectl get pods -n resiliency-system <name-of-your-agent-pod>
# Check logs in pod
kubectl logs -n resiliency-system <name-of-your-agent-pod>
You should see output similar to this for a healthy agent:
{"level":"info","timestamp":"2029-08-24T10:00:00Z","msg":"running exporter"}
{"level":"info","timestamp":"2029-08-24T10:00:01Z","msg":"running host listener"}
{"level":"info","timestamp":"2029-08-24T10:00:02Z","msg":"exported 1 objects"}
{"level":"info","timestamp":"2029-08-24T10:00:03Z","msg":"exported 5 objects"}