No announcement yet.

Large AWS Infrastructure -

  • Filter
  • Time
  • Show
Clear All
new posts

    Large AWS Infrastructure -

    Morning all!

    We have a large AWS estate, with each AWS account currently being served by a proxy that relays to a central zabbix server. Each time an AWS account is created (with its associated proxy), an additonal rule has to be added to the zabbix server's ingress security group, allowing the proxy to communicate with the server over the necessary ports. This has worked well for a couple of years.

    However, we are now in a position where we are constantly hitting the AWS-imposed hard limit for the number of rules per security group, and are looking at ways to streamline our zabbix architecture.

    I can't believe we're unique in coming up against this problem -- so could I please ask for your thoughts on possible solutions?

    Many thanks.

    That's IMHO question for your AWS infrastructure team - how efficiently are they using all AWS options (sec. group rule per network id/range instead of single IP, dividing rules into more sec. groups, peering, direct connect, ...)?

    Super easy and stupid solution: remove sec. groups and manage firewall on your machines - you don't have AWS limit for sec. group in this case.
    Devops Monitoring Expert advice: Dockerize/automate/monitor all the things.
    My DevOps stack: Docker / Kubernetes / Mesos / ECS / Terraform / Elasticsearch / Zabbix / Grafana / Puppet / Ansible / Vagrant