AWS Prerequisites for POP Deployment
To deploy CWPP POP services in AWS, the following AWS resources are required (pre-provisioned) as part of the deployment process:
-
Virtual Private Cloud (VPC). A virtual network with DNS hostnames and DNS resolution enabled.
-
Public Subnet. Subnet within VPC for NAT Gateway configuration.
-
Private Subnet. Subnet within VPC to configure POP infrastructure.
-
Network Address Translation (NAT) Gateway. AWS service to connect instance to internet.
-
IAM Role. Defines a set of permissions for making AWS service requests.
-
Security Group. A security group is an AWS firewall solution that performs one primary function: to filter incoming and outgoing traffic from an EC2 instance.
-
Availability Zone. An availability zone is a logical data center in a region available for use.
-
Internet Gateway. This connects the VPC to the Internet and to other AWS services.
-
EC2 Instance. Virtual server to run the application with the given image id and instance type.
-
Network Load balancers. To route incoming traffic across multiple targets.
-
VPC Endpoints. To enable private connection between VPC and endpoint service powered by AWS Private Link
-
AWS PrivateLink. A technology that provides private connectivity between VPCs and application hosted in AWS.
-
Amazon Elastic File System (EFS). Amazon Elastic File System to store logs of POP services present in instance and Auto Scaling Group within and across multiple Availability zones.
-
Amazon S3. Amazon Simple Storage Service to provide object storage. (PoPDeployment.tar)