Synchronizing Server Resources from AWS

Overview

QueryPie supports AWS integration for server registration and management. You can synchronize resources within AWS, register them as servers managed by QueryPie, and grant access permissions and set policies for users and groups on the synchronized servers. Additionally, you can automatically add server groups to servers that have been scaled out and apply set access permissions.

Registering AWS Integration Information in QueryPie

Administrator > Servers > Connection Management > Cloud Providers > Create Provider

Navigate to Administrator > Servers > Connection Management > Cloud Providers menu.
Click the + Create Provider button in the top right.
Enter a name that can distinguish this provider in the Name field.
Select Amazon Web Services from the Cloud Provider field.
Select the region of the resources you want to synchronize from the Region field.
Enter the Credential information required to synchronize resources.
1. Please refer to Setting Authentication Methods by Credential Type below for descriptions of each Credential method.
You can use Search Filter to retrieve a list of some types of resources you want to synchronize.
1. Search Filter works the same way as AWS search. You can use values such as names, hosts, OS, tags as filters, and you can conveniently enter search conditions and filters using the Enter key in the following order.
  1. Enter Key value and press Enter → Select search condition and press Enter → Enter Value value and press Enter
2. For more detailed usage, please refer to User Guide for Linux Instances (AWS) .
Select the synchronization method from the Replication Frequency field.
1. Manual : A method that synchronizes manually only when you want to synchronize.
2. Scheduling : A method that synchronizes resources through periodic scheduling. Cron Expressions are provided.
Auto Configuration Upon Initial Synchronization You can specify some values for servers that are initially synchronized from Cloud Provider. Initial value settings cannot be modified after saving the Cloud Provider. If changes to this setting are needed, you must delete the Cloud Provider and register again.
- port : You can specify the connection port of synchronized servers. Currently, only SSH/SFTP ports can be specified.
- Tag : You can automatically add tags to synchronized servers.
  - If you enter {vpcid} in the tag value, the VPC ID of the Cloud where the server belongs is automatically filled.
  - Example: If you set the tag Key to “Network” and enter the Value as {vpcid}, when the server is in “vpc-1a2b3c4d” VPC, the “Network: vpc-1a2b3c4d” tag is automatically created.
Click the Save button to save the Cloud Provider.

Q. I clicked the Save button but got an error saying “Already exists cloud provider.” Why is that? A. If there is already a Cloud Provider registered with Default Credentials as Credential and the same Region, duplicate registration is not possible. In this case, you must select a different Region to register.

Setting Authentication Methods by Credential Type

Default Credentials : If the QueryPie server is installed in the same AWS account, you can assign the AmazonEC2ReadOnlyAccess policy to the EC2 instance where QueryPie is installed to synchronize resources within the same AWS.
Cross Account Role : You can create an IAM role to synchronize resources from other AWS accounts. Please create permissions for synchronization and assign policies according to the steps displayed on the screen.
Profile Credential : You can create an IAM role to synchronize resources from other AWS accounts.
Access Key : Provides manual synchronization method by entering access key and secret key of AWS account when clicking Synchronize button by default.
Starting from QueryPie 10.2.2, the “Save Credential for Synchronization” option is provided to enable synchronization through schedules even when using access key as Credential type. ****

Save Credential for Synchronization Option

Synchronization settings saved with this option enabled cannot disable this option from the synchronization settings detailed page, so you must choose carefully. Saved credentials cannot be replaced. If you need to use different credentials, you must create new synchronization settings. If credential changes are needed, we recommend creating credentials with the same IAM permissions as before, creating new synchronization settings, and then deleting the existing synchronization settings.
Synchronization settings saved with this option disabled can enable the option by checking the checkbox on the detailed page.
If this option is enabled, you can synchronize manually or specify a schedule.

Synchronizing and Managing Registered AWS Cloud Provider

Administrator > Servers > Connection Management > Cloud Providers > List Details

Navigate to Administrator > Servers > Connection Management > Cloud Providers menu.
Click on the registered Cloud Provider to enter the detailed information screen.
Click the Dry run button in the top right to check in advance which servers will be synchronized from AWS. Dry run results are not saved.
Click the Sychronize button in the top right to synchronize resources from AWS.
You can check the synchronization progress in the displayed Synchronization Log, and you can also check the synchronization history in General > Systems > Jobs menu.
Once a Cloud Provider is registered, some information of the Provider cannot be changed.
1. Name : Can be changed
2. Cloud Provider : Cannot be changed
3. Region : Cannot be changed
4. Credential : Cannot be changed
  1. “Save Credential for Synchronization” : Can be changed from disabled to enabled, but cannot be changed from enabled to disabled
5. Role ARN : Cannot be changed
6. Search Filter : Can be changed
7. Replication Frequency : Can be changed (however, cannot be changed if Credential is Access Key)

Synchronization settings saved with the “Save Credential for Synchronization” option disabled can enable the option by checking the checkbox on the detailed page. Like when creating new ones, this setting cannot be disabled again after being enabled, so you must choose carefully.