1. Overview

OpsWatch server is a self hosted service that provides solutions for creating monitoring dashboards and scheduled backups.

2. Preparation

OpsWatch server is designed to run under Amazon Web Service (AWS) cloud platform. Before you can start your own OpsWatch server, you need to create a custom IAM role. The IAM role gives permissions to the OpsWatch server to access your system resource, such as writing backup files to S3, creating volume snapshots, reading / writing CloudWatch metric data, etc.

3. Create the IAM role

Creating the IAM Role Policy

Before creating IAM role, it is recommended to create a custom policy first. To start, open the Identify and Access Management Console.
1. To create a new IAM policy, click Policies from the left navigation pane.
2. Click Create Policy button.
3. Select Create Your Own Policy
4. Provide a Policy Name (for example, 'opswatch-server-policy') and copy the policy below into the Policy Document box. Click Create Policy
IAM Role Policy

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "Stmt1470166386000",
            "Effect": "Allow",
            "Action": [
            "Resource": [

Creating the IAM Role

  1. To create a new IAM role , click Roles from the left navigation pane.
  2. Click Create New Role button from the top
  3. Enter opswatch-server-role (or any other name you like) as Role Name. Click Next.
  4. In Select Role Type screen, select AWS Service Role then select Amazon EC2
  5. Filter policy by Customer Managed Policies, select policy opswatch-server-policy.
  6. click Create Role

4. Launch AWS Instance

  1. Open AWS management console and navigate to EC2 dashboard.
  2. Click Launch Instance
  3. Choose OpsWatch Server Amazon Machine Image (AMI)
    • From the left navigation panel, click AWS Marketplace, search for OpsWatch
    • Select opswatch-server-vx.y.z.n, where x.y.z.n is the current version number.
  4. Choose an instance type
    Select the instance type that is best fits your need. Click Next: Configure Instance Details
  5. Configure instance Details
    Select opwatch-server-role (or the IAM role you entered in the step of creating IAM role) as IAM Role. Select Auto-assign Public IP, if you intend to access the server from the public internet.
  6. Click through Next: Add Storage, and Next: Tag Instance
  7. Click Next: Configure Security Group. Creating or selecting a security group.
    Make sure your security group allow traffic to port 80, 443 if you are planning to run HTTPS, or both ports. If you are planning to access the server using SSH, allow traffic to port 22 as well.
  8. Preview and launch the instance
    Make sure to select / create an access key pair before launching the instance.

5. Initial Configuration

In order to login to OpsWatch, go to the EC2 instances page and select the instance you just launched in the previous step. The screen will display details regarding this instance, including public IP address and the instance ID. You will need the IP address and Instance ID to login.

Access Admin Console

  1. Open a web browser, goto this URL: http://[instance public IP]/admin/
    Where [instance public IP] is the public IP address of the instance. Note: If you prefer HTTPS, use https://[instance public IP]/admin/
    • You will need to manually confirm / accept the SSL certificate as it is a self-signed certificate.
  2. Enter admin as the username and instance ID as password.

Initial Configuration

The first time after you login, the system will display the initial setting screen. You have the option to enter the domain name, enable SSL and setup the SSL certificate
1. Domain Name: Enter the full qualified domain name (for example, for the server.
2. Enable SSL: Check it if you want to support HTTPS
3. If Enable SSL is checked, specify SSL certificate, certificate private key and optionally certificates of certificate authorization.
4. Check to only support SSL will redirect normal HTTP requests to HTTPS.
5. Save & Apply to save the settings and apply the change. Note: the web server will be restarted for the change to apply.

After the initial configuration is completed, you can log back into the admin console to change the default admin password or add new users.