Get Started With Hyperglance & The AWS Marketplace

Find out the optimal way to set up Hyperglance, when deploying via the AWS Marketplace

Deployment Options

Hyperglance needs access to the AWS API in order to collect data. By default, the AWS endpoints are public IPs. There are various methods of securing access to Hyperglance, you will be led by your security posture as to which one to use.

The order in terms of each option's complexity is as follows:

1. The Hyperglance instance has a Public IP, inbound access is limited using a security group.

2.  The Hyperglance instance has a Public IP, inbound and outbound access is limited using a security group and a Network Access List (NACL).

3. The Hyperglance instance is placed behind a NAT Gateway or Load balancer.

4. The Hyperglance instance runs in a private subnet and has multiple Virtual Private Cloud Endpoints configured for access to the AWS API via private IPs.

Step-by-Step Guide

1. Go to Hyperglance's AWS Marketplace listing

2. Choose the appropriate number of resources and then 'Continue to Subscribe'

3. Accept the terms

Screenshot (6)

 

4. This will take us to a page describing the next steps, read and return to the launch page

Screenshot (7)


5. Select 'Continue to Configuration'

Screenshot (8)

 

6. It will take a few minutes before the subscription is ready. Once the subscription is live, choose the region you want the Hyperglance instance to be created in.

Screenshot (9)

7. Select 'Continue to Launch'

Screenshot (10)

 

8. Select ‘Launch CloudFormation’

Screenshot (11)

9. Once you have selected 'Launch CloudFormation', select to 'Launch'

Screenshot (12)

 

10. You'll be taken to CloudFormation in your AWS console. There is nothing to change here as the S3 template is already selected. Select 'Next'.

Screenshot (13)

 

11. In the 'Specify stack details' page you have the option to name the CloudFormation stack, and decide on things like assigning a public IP.

Hyperglance needs access to the AWS API in order to pull down the information needed.

Be careful when choosing the VPC & Subnet you want Hyperglance to be deployed in. It's possible to mismatch the VPC & Subnet causing the stack creation to fail.

Screenshot (14)

 

12. Once that’s set, select 'Next'

Screenshot (15)

 

13. You’ll then get the option to tag tags. In the example below, we have added 'Hyperglance' as a 'Name' tag.

Screenshot (16)

 

14. Scroll down to the bottom of the page, select 'Stack creation options' and select 'Disabled' for 'Rollback on Failure'. This will allow you to see which steps fail if the stack has issues.

After you've done that, select 'Next'.Screenshot (17)

15. On the review screen, scroll down to the bottom to accept the disclaimer and select 'Create stack. This enables CloudFormation to start creating the Hyperglance instance.

Screenshot (18)

 

16. You’ll be taken to the CloudFormation stack console page. It'll take up to 10 minutes to finish the instance creation.

Screenshot (19)

 

17. Once the stack has been created successfully, go to the 'Outputs' tab. This'll show you how you can connect to the Hyperglance Instance.

Screenshot (20)

 

18. By default, Hyperglance’s password is the instance name, so copy that and then click on the link to go to Hyperglance.

Be careful when copying and pasting the instance name. Sometimes there is an extra space at the start/end of the string that will prevent you from authenticating successfully.



19. Proceed to the Hyperglance console page (acknowledging the browser warning)



 

20. You can now see, and log in to, the Hyperglance console. The default userid is ‘admin’ and the password is the Hyperglance instance-id.

Make sure you use HTTPS (port 443) to connect to Hyperglance

 

21. After logging in the first time, you'll be asked to select the regions that you'd like Hyperglance to monitor. By default, Hyperglance will pull in the inventory from the account you’ve used to create the instance.

To pull in the data from the account Hyperglance is running in, you don't need to add an ARN. Just add an Alias, select the regions you want to collect, then select 'Submit'.

 

22. If you want to add other accounts, then Hyperglance can use STS Assume-Role to access other AWS accounts if you provide a suitable Role ARN for Hyperglance to use. You can add as many accounts as you need via this administration page.

 

23. Leave 'Is Billing Only' option unchecked, so that Hyperglance will pull down inventory (as well as billing data, if available).


24. Hyperglance will automatically update to the latest version, assuming you are connected to the internet. If you weren't connected during your setup, make sure you use these instructions to update Hyperglance to the latest version. All user data is retained through an update, including authentication credentials, rules, and tag-view keys.

 

Deploy Hyperglance Rule Automations for AWS

Enable Hyperglance to automate, fix and optimize your cloud.

Our repository contains terraform configurations, that deploy an S3 Bucket and Lambda function that you connect with your Hyperglance EC2 Instance. Giving you the power to automate your cloud and fix configuration issues quickly & easily.

Pre-Requisites

Before you can deploy automations you will need:

  1. Terraform CLI - Install instructions
  2. AWS CLI - Install instructions
  3. IAM permissions configured on the Hyperglance Instance - See below.

IAM Permissions

The IAM Policy on the Role associated with the Hyperglance EC2 Instance will need the following permissions added:

"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",

Quick Start

  1. Follow the pre-requisite steps above.

  2. Connect the AWS CLI to the AWS account that hosts Hyperglance by running: aws configure

    Note: You will need an AWS IAM access and secret key.

    Example:

    $ aws configure
    AWS Access Key ID [None]: ENTER_YOUR_ACCESS_KEY_HERE
    AWS Secret Access Key [None]: ENTER_YOUR_SECRET_KEY_HERE
    Default region name [None]: us-east-1
    Default output format [None]: json
  3. Clone our repo or download the zip

    $ git clone https://github.com/hyperglance/aws-rule-automations.git
  4. Deploy the stack:

    Terraform will prompt for the region you wish to deploy to and for final confirmation.

    $ cd aws-rule-automations/deployment/terraform/automations
    $ terraform init
    $ terraform apply
  5. Once complete, the bucket name and lambda function ARN will be returned:

    Apply complete! Resources: 8 added, 0 changed, 0 destroyed.

    Outputs:

    bucket_name = "hyperglance-automations-lucky-marmoset"
    lambda_arn = "arn:aws:lambda:us-east-1:0123456789:function:hyperglance-automations-stinky-fish"

    The lambda ARN is required to configure automations across accounts

    Copy these into the Hyperglance UI: Settings ➔ Automations ➔ S3 Bucket Name or visit this URL: https://your-hyperglance-ip/#/admin/automations

    Note: Leave the 'Role ARN' field blank. This is only needed if you deploy the stack to a different AWS account from the Hyperglance Instance.

  6. That's it - Automations are now enabled!

    • Within Hyperglance click on any rule or visit the Advanced Search page to start exploring automations features.
    • If you need automations to run on resources from other AWS Accounts then continue on to follow our multi-account guide below.

Adding Hyperglance automation permissions to your accounts  

To grant the automations Lambda access to resources in other AWS accounts you will need to create a special cross-account role in each of those accounts:

  1. Edit aws-rule-automations/deployment/terraform/xaccount_role/main.tf

    • Set the lambda_arn to the arn of the lambda function which was given as an output in the main account configuration.
  2. Connect to an AWS Account where you wish to deploy the Role:

  3. Deploy the Role:

    $ cd aws-rule-automations/deployment/terraform/xaccount_role
    $ terraform init
    $ terraform apply

Customizing Automations

Easily add your own automations or modify existing ones!

Automations are written in Python3, each one is a self-contained Python (.py) file. Find them here: https://github.com/hyperglance/aws-rule-automations/tree/master/lambda/automations

To add a new automation:

  • Add a new .py file
  • Implement the hyperglance_automation() function with logic for your automation.
  • Implement the info() function to inform the Hyperglance UI about your automation:
    • Name,
    • Description,
    • Any UI inputs it needs from the user,
    • A list of compatible resource types.
  • Re-deploy the terraform stack with terraform apply
  • Done: Your new automation will be immediately available and ready to use in the Hyperglance UI.