SIOS TECHNOLOGY CORP.

Configuration Considerations for Generic ARK for AWS Transit Gateway

In this section, the following items should be considered before configuring and managing the Generic ARK for AWS Transit Gateway.

Amazon Virtual Private Cloud (VPC)

VPCs where cluster nodes are located must be connected via Transit Gateway and be able to communicate with each other.
All objects under management, such as VPCs containing cluster nodes and clients, Transit Gateways, and EC2 instances, must belong to the same AWS account.

Amazon Elastic Compute Cloud (EC2)

To use the Generic ARK for AWS Transit Gateway, you need at least two EC2 instances.
The EC2 instances connect to an Elastic Network Interface (ENI).
The network interface used on each EC2 instance must have source/destination checks disabled.
You must install AWS Command Line Interface (AWS CLI) version 2 on each EC2 instance.
Each EC2 instance must be able to access the Amazon EC2 service endpoint (AWS region and endpoint) using the HTTP and HTTPS protocols. Configure EC2 and the operating system appropriately.
To retrieve metadata on each EC2 instance, access to the IP address 169.254.169.254 using the HTTP protocol is required.
Since the AWS CLI is used, outbound connections on TCP port 443 must be enabled.
The EC2 Auto Recovery feature may conflict with LifeKeeper’s recovery functionality; therefore, their concurrent use is not recommended.

AWS Identity and Access Management (IAM)

In order for LifeKeeper to operate AWS, an IAM user or IAM role, the following access privilege is required. Attach an IAM role with appropriate privileges to the EC2 instance or register an IAM user that has access to the root user’s AWS CLI profile. For more details on AWS IAM roles and the AWS CLI, see the AWS user guides and EC2™ IAM role.

ec2:DescribeRouteTables
ec2:ReplaceRoute
ec2:DescribeTransitGateways
ec2:DescribeTransitGatewayVpcAttachments
ec2:DescribeTransitGatewayPeeringAttachments
ec2:DescribeTransitGatewayRouteTables
ec2:SearchTransitGatewayRoutes
ec2:ReplaceTransitGatewayRoute

Instance Metadata Service (IMDS)

To use the Generic ARK for AWS Transit Gateway, you must enable the “Instance metadata service” setting in the Instance Metadata Service (IMDS) configuration for each EC2 instance.

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment