ZABBIX Forums  
Old 26-10-2017, 11:37
gazzaP gazzaP is offline
Junior Member
Join Date: Oct 2017
Posts: 1
Default Large AWS Infrastructure -

Morning all!

We have a large AWS estate, with each AWS account currently being served by a proxy that relays to a central zabbix server. Each time an AWS account is created (with its associated proxy), an additonal rule has to be added to the zabbix server's ingress security group, allowing the proxy to communicate with the server over the necessary ports. This has worked well for a couple of years.

However, we are now in a position where we are constantly hitting the AWS-imposed hard limit for the number of rules per security group, and are looking at ways to streamline our zabbix architecture.

I can't believe we're unique in coming up against this problem -- so could I please ask for your thoughts on possible solutions?

Many thanks.
Reply With Quote
Old 26-10-2017, 22:51
jan.garaj jan.garaj is offline
Senior Member
Zabbix certified specialist
Join Date: Jan 2010
Location: United Kingdom, Slovakia, Bulgaria
Posts: 482

That's IMHO question for your AWS infrastructure team - how efficiently are they using all AWS options (sec. group rule per network id/range instead of single IP, dividing rules into more sec. groups, peering, direct connect, ...)?

Super easy and stupid solution: remove sec. groups and manage firewall on your machines - you don't have AWS limit for sec. group in this case.
Devops Monitoring Expert advice: Dockerize/automate/monitor all the things.
My DevOps stack: Docker / Kubernetes / Mesos / ECS / Terraform / Elasticsearch / Zabbix / Grafana / Puppet / Ansible / Vagrant
Reply With Quote

architecture, aws, large enviroments, security groups

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 06:57.