Accelerate onboarding prerequisites - AMS Accelerate User Guide

Accelerate onboarding prerequisites

Before you start the onboarding process, it is important to understand the technical dependencies that Accelerate components rely on.

Note

To use AMS Accelerate, you must be on one of the two supported AWS Support plans: Enterprise On-Ramp or Enterprise. The Developer and Business plans are not eligible for qualifying for AMS Accelerate. To learn more about the different plans, see Compare AWS Support Plans.

AMS Accelerate VPC endpoints

A VPC endpoint enables private connections between your VPC and supported AWS services and VPC endpoint services powered by AWS. If you need to filter outbound internet connectivity, configure the following VPC service endpoints to ensure that AMS Accelerate has connectivity with its service dependencies.

Note

In the following list, region represents the identifier for an AWS Region, for example us-east-2 for the US East (Ohio) Region.

com.amazonaws.region.logs com.amazonaws.region.monitoring com.amazonaws.region.ec2 com.amazonaws.region.ec2messages com.amazonaws.region.ssm com.amazonaws.region.ssmmessages com.amazonaws.region.s3 com.amazonaws.region.events

For information about how to configure AWS VPC endpoints, see VPC endpoints.

Note

If you are creating VPC endpoints in your account for all of the above mentioned services, then see this sample AWS CloudFormation template. You can update this template and remove or add VPC endpoints definition as per your use-case.

Outbound internet connectivity in Accelerate

  1. Download egressMgmt.zip.

  2. Open the ams-egress.json file.

  3. Find the URLs under the JSON properties:

    • WindowsPatching

    • RedHatPatching

    • AmazonLinuxPatching

    • EPELRepository

  4. Allow access to these URLs.

Testing outbound connectivity in Accelerate

Test outbound connectivity using one of the following methods.

Note

Before running the script/command, replace the red region with your region identifier, for example, us-east-1.

Windows PowerShell script

$region = 'region' @('logs','monitoring','ec2','ec2messages','ssm','ssmmessages','s3','events') | ` ForEach-Object { ` Test-NetConnection ("$_" + '.' + "$region" + '.amazonaws.com') -Port 443 } | ` Format-Table ComputerName,RemotePort,RemoteAddress,PingSucceeded,TcpTestSucceeded -AutoSize

Linux command

for endpoint in logs monitoring ec2 ec2messages ssm ssmmessages s3 events; do nc -zv $endpoint.region.amazonaws.com 443; done

Amazon EC2 Systems Manager in Accelerate

You must install the AWS Systems Manager Agent (SSM Agent) on all of the EC2 instances you want AMS to manage. You also need to add the bucket permissions that SSM Agent requires. For an overview that includes EC2, see Step 3. Onboarding AMS features with default policies.