AWS-Using the CLI

Lucidity Disk Assessment is an automated Disk metrics collection tool developed for AWS. It helps in a quick and agentless Assessment of the AWS Disk, delivering insights on :

Prerequisites

The following are the minimum system requirements for running the AWS Assessment Tool.

OS: Windows 10 and above

        Linux Ubuntu 18 and above

Getting Started

To get started, customers will first have to create a new AWS policy and attach it to a user. Customers can create a new IAM user (Part B.1) or user can be an existing IAM user (Part B.2). Both the methods are explained below.

Part A: Create an AWS Assessment Policy  

Step 1: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/policies

Step 2: Click on Create Policy

Step 3: Choose the JSON option

Step 4: Replace the contents with the Lucidity-provided permissions based on your environment configuration, then click Next:

• If SSM is not already enabled across most of your EC2 instances, use the Standard Permissions Policy (allows Assessment Tool to enable and manage SSM temporarily. All changes are reverted post assessment).

• If SSM is already enabled on at least 40% of your EC2 instances, use the Essential Permissions Policy (read-only access; no IAM or SSM setup changes).

Step 5: Provide a name to identify this policy.  Example “Lucidity-assessment-role” and click ‘Create Policy’.

Part B.1: Create a new IAM user and attach the created policy

Use this option if you do not want to use an existing IAM user.

Step 1: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/users

Step 2: Click on ‘Add Users’

Step 3: Provide a user name and click Next.

Step 4: Select ‘Attach Policy Directly’ and search for the policy that was previously created. Click Next.

Step 5: Click ‘Create User’ to create a new user.

Thus, you have created a new user and attached the policy to this user.

Part B.2: Attach Policy to Existing User

You can also attach the policy to an existing user. To do this:  

Step 1:  Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/users

Step 2: Search for  the required user and select.

Step 3: Select ADD Permissions from the drop down menu.

Step 4: Select Attach policies directly. Search for previously created policy (Lucidity-assessment-role). Navigate to next.

Step 5: Click on Add permissions

This will attach the policy to an existing user.

Part C: Create Access ID and Secret Key

Step 1:  Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home?region=ap-south-1#/users

Step  2: Select the user (New or  Existing).

Step 3: Choose the Security Credentials tab and choose Create Access key

Step 4: Select “Application Running Outside AWS” and click Next

Step 5: Provide tag value for access keys

Step  6: Copy the access key and secret access key. These two values will be required to run the Assessment.

Part D: Steps to Run Assessment Tool

The Assessment tool can be run on any instance, whether a virtual machine or a developer laptop. In order to run the Assessment tool:

On Windows Machine please run the following command on cmd prompt.

If curl  is installed or if using Windows 10 (Windows 10 has curl installed by default)

curl https://audittool.s3.ap-south-1.amazonaws.com/script/aws_scripts/run.bat -o run.bat &&  .\run.bat -c <client-id> -s <secret-key> -r ap-south-1

On Linux Machine run the following command on terminal:

curl https://audittool.s3.ap-south-1.amazonaws.com/script/aws_scripts/run.sh --output run.sh && /bin/bash run.sh -c <client-id> -s <secret-key> -r ap-south-1

Once the tool has finished running, you will find a zip file in the same directory containing CSV files with the metrics collected. You can review the metrics and share the zip file.

Note

Currently, the max file size that can be uploaded automatically via the app is 1000 MB. If the size of the zip file that has been generated is greater than 1000 MB, please reach out to us and we will share a secure S3 location where the file can be uploaded.