Skip to content

Automatic AWS instances discovery with Zabbix

You can configure your Zabbix server to automatically discover AWS instances by using the built-in AWS by HTTP template. This process involves creating a read-only IAM user in AWS and then setting up a "discoverer" host in Zabbix that queries the AWS API.

This method uses Zabbix's low-level discovery (LLD) feature to find instances and automatically create hosts for them based on a template, known as a host prototype.

Here is a step-by-step guide to configure it.

Step 1: Create a Read-Only IAM User in AWS

First, you need to give Zabbix secure, read-only access to your AWS environment.

  1. Sign in to your AWS Console and navigate to the IAM service.
  2. Go to Users and click Create user.
  3. Give the user a name, for example, zabbix-discovery. Do not grant it console access.
  4. On the permissions screen, select Attach policies directly.
  5. Search for and select the policy named AmazonEC2ReadOnlyAccess. This gives Zabbix permission to list and describe your EC2 instances without being able to change anything.
  6. Complete the user creation process.
  7. After the user is created, navigate to the Security credentials tab for that user and click Create access key.
  8. Select Third-party service as the use case.
  9. Save the Access key ID and the Secret access key. You will need these for the Zabbix configuration. This is your only chance to see the secret key.

Step 2: Create a Discoverer Host in Zabbix

Next, you'll create a "dummy" host in Zabbix. This host doesn't represent a real machine; its only job is to run the AWS discovery process.

  1. In the Zabbix UI, go to Data collection > Hosts and click Create host.
  2. Configure the Host:
    • Host name: Give it a descriptive name like AWS EC2 Discovery.
    • Templates: Click Select and link the AWS by HTTP template.
    • Host groups: Assign it to a group, for example, Zabbix servers.
    • Interfaces: You can remove the default agent interface, as this host won't be actively monitored itself.
  3. Configure Macros:
    • Switch to the Macros tab.
    • Select Inherited and host macros.
    • You need to add your AWS credentials here:
      • {$AWS.ACCESS.KEY.ID}: Paste the Access key ID from the IAM user.
      • {$AWS.SECRET.ACCESS.KEY}: Paste the Secret access key. For this one, be sure to check the Secret text box to encrypt and hide the value.
      • {$AWS.REGION}: Set this to your primary AWS region (e.g., us-east-1 or eu-central-1).
  4. Click Add to save the host.

How It All Works

  1. The AWS EC2 Discovery host will periodically run the discovery rule (by default, every hour).
  2. The rule uses your IAM credentials to query the AWS API for a list of EC2 instances in the specified region.
  3. For each instance found, Zabbix uses the host prototype to create a new host in the Zabbix UI.

To speed up the process for testing, you can go to the discovery rule on the AWS EC2 Discovery host and click the Execute now button.