Versions Compared

Old Version 1

changes.mady.by.user bkepler@bpcs.com

Saved on

compared with

New Version Current

changes.mady.by.user Ciprian LUCACI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Create a Databricks service principal or select one already available

  • Determine a DNS name for the application vmVM, register a domain name if applicable.

  • If you are using azure AD as an identity provider, create an app registration in your AAD tenant of choice.

    • Also create a client secret, saving the secret value as input while running the infrastructure setup script

...

  • Login to AWS Management Console.

  • The virtual machine created must have needs the three policies described below assigned to it. One suggested way would be to create a specific role for the VM and assign the three created policies to that role. The information below uses the ‘JSON’ view to enable faster policy creation

Info

If you are creating three new policies, prepending them with the same string will allow for easier retrieval when creating the role and assigning policies

Allow read of cost and usage data

  • Navigate to the IAM console and create a new policy with the json described permissions below

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ce:GetCostAndUsage",
            "Resource": "*"
        }
    ]
}

Allow Read of created secret

  • Find the secret name in the script output and replace {SecretNameHere} with the secret name and {AWS account ID} with your account id

Info

You will need your aws account id and secret name for this policy definition

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "arn:aws:secretsmanager:*:{AWS Account ID}:secret:{SecretNameHere}*"
        }
    ]
}

Allow management of DynamoDB and Simple Queue Service

  • Create the third policy:

Info

You will need your aws account ID

...

Step 4) Assign LHM Monitor IAM Role to VM instance

See Single AWS Account access policies for LHM for regular deployment or Cross AWS Account access policies for BPLM deployment for cross account AWS deployment.

Once the role is created, navigate to the EC2 instance and assign the IAM role

  • Actions → Security → Modify IAM role

    • From here search for then select the IAM role and click ‘Update IAM role’

Step 45) Create DNS Entry

  • Navigate to the Route 53 service page, then further to the hosted zone you wish to manage. Create an 'A' record for the application providing the IP address output at the end of script execution.

...