Dell PowerProtect Cyber Recovery 19.14 AWS Deployment Guide

Setting up connectivity for the CloudWatch agent

Before you install the CloudWatch agent, set up connectivity for the agent.

1. In the AWS Management Console, go to the VPC service.
2. Under VIRTUAL PRIVATE CLOUD, click Endpoints.
3. Click Create Endpoint.
   1. For Service category, select AWS services, if necessary.
   2. For Service Name, type monitoring in the search bar and press Enter.
   3. Select the resulting service name.
      The service name is displayed as com.amazonaws.<region>.monitoring, where <region> is your current AWS region.
   4. From the VPC drop-down list, select your Cyber Recovery VPC.
   5. Under Subnets, keep the selected Availability Zone, which is the default. From the Subnet ID drop-down list , select the Cyber Recovery host and DDVE subnet.
      For example, select <your prefix>_PPCR Mgmt Host and DDVE Private Subnet.
   6. Leave Enable DNS name enabled.
   7. For Security group, either disable the listed default in the Security group field or disable the security group in the following list to ensure that there are no security groups selected. Then, under Group Name, select the crEC2EndpointSecurityGroup.
   8. For Policy, select Full Access, if necessary.
   9. Add an identifying label by clicking Add Tag and typing a key and a value.
      For example, type <your prefix> Monitoring Endpoint.
   10. Click Create endpoint.
       The new endpoint is displayed in the list on the endpoints page.
4. From the Endpoints page, determine the IP address of the newly created endpoint:
   1. Select the newly created endpoint.
   2. Under the list of endpoints, click the Subnets tab.
   3. Record the address under IPv4 Address so that you can add it to the security group as described in the next step.
5. In your Cyber Recovery VPC, add a new rule to the Cyber Recovery Security Group:
   1. In the AWS Management Console, go to the VPC Service.
   2. Under SECURITY, click Security Groups.
   3. From the list, select <your prefix>_PPCR Mgmt Host SG.
   4. Under the list, click the Outbound rules tab and the click Edit outbound rules.
      The Edit outbound rules page is displayed.
   5. Click Add rule.
   6. In the row that is added to the bottom of the list of rules, complete the following fields:
      • Type—Select HTTPS.
      • Protocol—Leave the default value.
      • Port range—Leave the default value.
      • Destination—Leave as Custom.
      • Enter the IP address that you recorded in step 4. Ensure that you append /32 to the address to indicate it is a single IP address.
      • Description—Add a meaningful description.
   7. Click Save rules.
      The Security Groups page is displayed.