AWS resources used by the Service Graph Connector for AWS
Get familiar with the AWS concepts to learn how the Service Graph Connector for AWS is integrated with Amazon Web Services (AWS).
AWS Config service and configuration recorder
The AWS Config service monitors and records changes to your AWS resource configurations.
The AWS configuration recorder detects changes in resource configurations and captures these changes as configuration items (CIs). The is required for setting up the connector. The configuration recorder enables recording all hardware data in AWS Config. See What Is AWS Config? on the AWS Documentation site.
The Service Graph Connector for AWS includes the EnableAWSConfig.yml script to enable the AWS Config service that instead enables the configuration recorder. See Executing scripts required for setting up AWS.
AWS Config aggregator
- Multiple accounts and multiple regions
- Single account and multiple regions
- An organization in AWS organizations and all the accounts within the organization that have AWS Config enabled.
The advantages of using an AWS Config aggregator with the Service Graph Connector for AWS are:
- Gets all the data from a single location.
- Gets the bootstrap updates (baseline configurations) and the incremental updates (new configurations added after the last update).
- Doesn't require looping into each account and region.
- Accelerates pulling data.
Due to these advantages, consider leveraging the AWS Config aggregator for pulling data from multiple accounts or multiple regions.
For more information on setting up an AWS Config aggregator, see Multi-Account Multi-Region Data Aggregation and Setting Up an Aggregator Using the Console on the AWS Documentation site.
AWS Systems Manager and AWS Systems Manager Inventory
The AWS Systems Manager enables fetching server data, also called as deep discovery data, from EC2 instances across AWS accounts and regions through SSM documents. The deep discovery data includes host name, serial number, CPU data, TCP data, and process information.
The AWS Systems Manager Inventory imports the software data installed on the EC2 instances. The Inventory resource group in AWS Systems Manager collects information about the EC2 instances and the software applications installed on them.
Ensure that the following items are configured in all AWS accounts:- The AWS Systems Manager Agent (SSM Agent) is installed on all managed EC2 instances.
- The AmazonSSMForInstancesRole IAM instance profile role is attached as the instance profile on EC2 instances.
- The AWS Systems Manager Inventory is configured in each AWS region.
- The AWS Systems Manager has access to the managed EC2 instances. 注:By default, AWS Systems Manager doesn’t have permission to perform actions on EC2 instances. You can grant access by attaching the AmazonSSMForInstancesRole IAM instance profile role to the EC2 instance. See Setting up AWS Systems Manager on the AWS Documentation site.
The advantages of using AWS Systems Manager and AWS Systems Manager Inventory are:
- The AWS Systems Manager enables getting the detailed server data such as host name, serial number, CPU data, TCP data, and process information.
- The AWS Systems Manager Inventory enables the server classification and getting the software data.