Skip to main content
Sign in

Creating an extended integration for AWS EC2 assets

  • November 10, 2024 13:08
  • Updated

Integrate Amazon EC2 with Oomnitza to gain visibility of active and stopped EC2 instances. Information about the instances, such as the state of the instance, network and connectivity, security, resource allocation, and performance details are synced with Oomnitza.

This integration offers the flexibility to specify multiple AWS regions, ensuring a comprehensive overview of your EC2 instances across different geographic areas. Additionally, it supports the use of AWS IAM roles, allowing for the collection of instance data across various AWS accounts and roles, thereby enhancing cross-account visibility and management.

Use Oomnitza integration points to complete actions in Amazon EC2 such as retrieving the average CPU load and instance status, and starting, stopping, and rebooting instances. Surface key information in operational dashboards and create scheduled reports to share knowledge with your colleagues.

Before you start

When you create the integration, you can specify the following:

1. Multiple AWS Regions

Enter a space-separated list of AWS Regions, such as us-east-1 us-west-2. The data received from each region appears as a separate sync session in the Sync Sessions table.

AWS_integration_sync_sessions.PNG

To find your AWS region, refer to Regions, Availability Zones, and Local Zones.

2. Enable Cross-Account access

Select the IAM Roles checkbox to iterate over all AWS accounts with IAM roles. The data received from all iterated roles will be added as one sync session for each region in the Sync Sessions table.

Before you select this option, you must enable cross-account access in your AWS accounts. For further information see Create an IAM user to easily access all your accounts using the AWS console.

Adding the credentials

When you create the integration, you need to add your AWS Access keys to Oomnitza. See Adding your AWS credentials to Oomnitza.

This integration pulls in the EC2 instances (running and stopped instances, but not terminated instances) into Oomnitza. The following permission was used to run this integration: ReadOnlyAccess. For information on the API used in this integration, refer to AWS API Documentation: DescribeInstances

Tip
This integration only provides you with a list of active assets (running and stopped EC2 instances), but not ones that have already been terminated. If you want to further reduce the list to only show instances that are recently active or in-use, you can create a workflow to archive items that have not been updated in a while.

Creating the asset integration

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Block view block_view.PNG
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

Installation type

Select Cloud if you want to store credentials in the Oomnitza cloud.

Select Local if you want to store credentials locally. Local extended integrations do not support AWS and OAuth authentication. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select Cloud.

Integration preferences

By default, the option Create & Update option is selected. Select this option  when you want to edit records and add new records. If you want to edit records and not add new records, select Update Only. If you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click Edit edit_black_pencil_icon.svg.

  1. Update the integration name if necessary. 
  2. Select an installation type.
  3. For integration preferences, select an option.
  4. Enter the name of the integration user.

Credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Click the Edit edit_black_pencil_icon.svg.
  2. Configure your schedule.
  3. Click Update.

Mappings

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

TipBulb_Icon_small.svgYou can define rules for your integration by selecting Edit integration edit_integration.svg on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  
You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Creating custom mappings

Map AWS EC2 fields to Oomnitza fields to get the user information that you need. For the field mapping, it is recommended to follow these steps:

  1. Map the AWS EC2 fields to Oomnitza fields and create a custom mapping for the AWS region. To create a custom mapping, do the following:
    1. Click the down arrow on the Region field.
    2. Select Add new Oomnitza assets field.
    3. Change the name of the field to AWS Region.
    4. Click CREATE
  2. Map the Instance ID to the Oomnitza Serial Number field, or a similar field. You can map the fields by:
    • Dragging the source field to the target field on the Oomnitza side 
    • Selecting the dropdown arrow on the source field and choosing an appropriate target field from the list.
  3. Click Smart Mapping to automatically detect the appropriate mapping fields
  4. Assign a sync key to the Serial Number field.
  5. Optional: Create a custom mapping to capture EC2 tags. Complete the following steps:
    1. Click + next to Edit Integration in the upper left of the screen.
    2. Name the field EC2 tag or similar.
    3. For the Field Path, enter {% if instancesSet.get('item').get('tagSet') %}{% set temp = instancesSet['item']['tagSet']['item']%}{%if (temp is defined) and temp%} {{temp | selectattr('key', 'eq', 'foo') | map(attribute='value') | join('')}}{% endif %}{% endif %} - replacing foo with the actual name of your EC2 tag key. 
    4. Click Save.
    5. Click the down arrow next to the EC2 tag field that you created.
    6. Select Add new Oomnitza assets field.
    7. Change the name of the field to EC2 tag or similar.
    8. Click CREATE
  6. Click UPDATE

creating_a_custom_ec2_tag_field.PNG

Fig 1: Creating an custom mapping for EC2 tags

Tracking information for asset loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

  • Connect: Credentials
  • Connect: Enable Cross-Account
  • Connect: Region

Custom mappings

AMI Launch Index
Architecture
Availability Zone
CPU Core Count
Capacity Reservation Preference
Connector Sync Time
DNS Name
EBS Optimized
ENA Support
Enclave Options Enabled
Hibernation Options Configured
Hypervisor
IP Address
Image ID
Instance ID
Instance Name
Instance State
Instance State Code
Instance Type
Key Name
Launch Time
Monitoring State
Owner ID
Placement Group Name
Private DNS Name
Private IP Address
Product Codes
Reason
Region
Reservation ID
Root Device Type
Security Group Id
Security Group Name
Source Dest Check
State Reason Code
State Reason Message
Subnet Id
Tenancy
Threads Per Core
VPC Id
Virtualization Type

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, see Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

Related articles

Comments

0 comments

Please sign in to leave a comment.