Zabbix 4.0 AWS AMI

For those who want to use Zabbix in AWS, I have created an optimized AMI with Zabbix Server 4.0 installed. This page shows both its features and its operation, configuration and use, so please read it carefully.

Features

  • AMI based on Ubuntu Bionic Beaver
  • Zabbix 4.0 server installed (latest stable version)
  • Zabbix 4.0 web interface installed and configured.
  • Program configured and configurable for sending notification via AWS SNS.
  • Optimized with: & nbsp; apache2, PHP 7, mariadb server, zabbix 4.0 repository

Installation and configuration

Installation

The installation follows the normal process of creating an instance in EC2. The recommended instance size is t2.large.

The security group usually includes the following permissions:

TypeProtocolRange of portsSource
SSHTCP220.0.0.0/0
HTTPTCP800.0.0.0/0
(*) HTTPSTCP4430.0.0.0/0
(*) Custom TCP ruleTCP10050 – 100520.0.0.0/0

The fields marked with (*) are essential, either to access the web interface or for the normal operation of the server.

Once the instance is running, we can access using:

  • SSH: Using the .pem that we have selected when launching the instance.
  • HTTPS: Using the url https: //ip.de.la.instancia/zabbix/, with user Admin and key the ID of the instance that we just created.

Shipment configuration with SNS

This Zabbix installation is now ready to ship using AWS SNS . This configuration allows us to avoid problems related to sending mail in AWS, and have an advanced and secure notification delivery system.

Up to 5 different SNS issues can be configured (to distinguish according to the importance of the shipment), which are “Not classified”, “Information”, “Warning”, “Average”, “High” and “Disaster”.

The recommended steps to configure notifications are:

  1. Create our SNS topic
  2. Create a user with permissions to send SNS
  3. Edit the file /etc/zabbix/zabbix_sns.ini and indicate the necessary values

Once this step is configured, in the Zabbix interface we can choose the “aws-sns” medium for the user that we are configuring.

SSL configuration valid with Let’s Encrypt

In order to configure a valid certificate we must first change the host name of the EC2 instance to allow us to generate the certificate. AWS does not allow certificates to be generated for the default name of the instance, because names (and IPs are volatile).

Personalization and support

If you need to customize the default options of the AMI, or have any questions or problems, you can write me at the address: