Connecting the blueprint design server to Amazon Web Services

To connect the blueprint design server to Amazon Web Services (AWS), map the AWS account information to a functional ID. Then, assign that functional ID to a team.

Before you begin

Obtain a Heat engine and an OpenStack Keystone server. The engine version must match the version of the Keystone server. In most cases for deploying to non-OpenStack clouds, install a Heat engine and Keystone server through IBM® UrbanCode™ Deploy. See Installing engines in silent mode or Installing engines in interactive mode.
Create a functional user account on the Keystone server. This user account must be a member of the administrative tenant on the Keystone server. If you use the Keystone server that was supplied with the engine, you can use the default administrative tenant credentials. The Keystone server's default administrative tenant user name is admin and the default password is openstack1. Later, you associate the AWS account information with this functional ID. With this account, users can authenticate to AWS.
Install the blueprint design server. See Installing the blueprint design server.
Connect the blueprint design server to the server. See Connecting the blueprint design server to the server.
Configure an authentication realm for the blueprint design server. You can import users from a variety of sources, including LDAP servers, Keystone identity services, the IBM UrbanCode Deploy server, or from the internal authentication realm. See Creating authentication realms for the blueprint designer.
Ensure that the blueprint design server can connect to AWS. You can verify the connection path with the curl or telnet commands. For example, make sure that no firewall, proxy, or security settings prevent communication between the blueprint design server and the cloud. The blueprint design server must be able to access the AWS endpoints for the regions that you plan to use, such as ec2.ap-northeast-1.amazonaws.com and ec2.us-west-2.amazonaws.com.

About this task

The following diagram shows a typical topology for this scenario. The blueprint design server and engine connect to Amazon Web Services. For authentication information, the blueprint design server connects to the Keystone identity service and optionally to an LDAP server.

A topology that includes the blueprint design server, an engine, Amazon Web Services, a Keystone server, and an optional LDAP server

Procedure

Log in to the blueprint designer as a user with the following System permissions:
- Configure Security
- Manage Users & Groups
Create a connection to the cloud:
1. Click Settings > Clouds.
2. Click Add New Cloud.
3. Specify a name for the cloud connection.
4. In the Type list, select Amazon Web Services.
5. In the Endpoint Type list, select the type of URL for the Heat engine. You can determine the type of Heat URL by examining the Keystone endpoint list. To view the Keystone endpoint list, run the following command:
```
openstack endpoint list
```
  - If you connect through a private URL, select Internal.
  - If you connect through a public URL, select Public.
6. In the Identity URL field, specify the location of the identity service, such as http://example.com:5000/v2.0 or http://example.com:5000/v3. Do not include a trailing slash.
7. In the Timeout in Mins field, specify the amount of time in minutes to wait for a provision request to be completed. If you deploy IBM UrbanCode Deploy components, allow sufficient time for the cloud to provision your instance, the agent to come online, and all processes to run. See Creating a IBM UrbanCode Deploy timeout configuration file.
8. Clear the Use default orchestration engine check box and then in the Orchestration Engine URL field, specify the location of the engine that you installed in Installing engines, such as http://engine.example.com:8004.
  Note: Do not use the localhost variable in this field, even if the engine is on the same system as the blueprint design server.
9. Optional: Select the cost center to use to estimate the cost of environments on this cloud.
10. Click Save.
Create one or more cloud projects that tie the functional ID on the Keystone server to the AWS account information. See Creating cloud projects for the blueprint designer.
Add the cloud project to a team.
Add users to the team and to one or more roles on the team. These users can come from any authentication realm, including LDAP servers, Keystone identity services, or from the internal authentication realm.
Make sure that the team roles include the appropriate permissions for those users, such as creating and editing blueprints.
Register the Amazon Elastic Compute Cloud (EC2) images with the cloud discovery service. See Registering Amazon EC2 images with the cloud discovery service.

Results

Users can log in to the blueprint designer and use the cloud connection. At the top of the page, users can select the AWS cloud connection, cloud project, and region. When they edit blueprints, the palette shows resources that are available to the AWS account, and they can provision blueprints to the selected region.

Feedback