Morning all!
We have a large AWS estate, with each AWS account currently being served by a proxy that relays to a central zabbix server. Each time an AWS account is created (with its associated proxy), an additonal rule has to be added to the zabbix server's ingress security group, allowing the proxy to communicate with the server over the necessary ports. This has worked well for a couple of years.
However, we are now in a position where we are constantly hitting the AWS-imposed hard limit for the number of rules per security group, and are looking at ways to streamline our zabbix architecture.
I can't believe we're unique in coming up against this problem -- so could I please ask for your thoughts on possible solutions?
Many thanks.
We have a large AWS estate, with each AWS account currently being served by a proxy that relays to a central zabbix server. Each time an AWS account is created (with its associated proxy), an additonal rule has to be added to the zabbix server's ingress security group, allowing the proxy to communicate with the server over the necessary ports. This has worked well for a couple of years.
However, we are now in a position where we are constantly hitting the AWS-imposed hard limit for the number of rules per security group, and are looking at ways to streamline our zabbix architecture.
I can't believe we're unique in coming up against this problem -- so could I please ask for your thoughts on possible solutions?
Many thanks.
Comment