Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

AWS Prerequisites for POP Deployment

To deploy CWPP POP services in AWS, the following AWS resources are required (pre-provisioned) as part of the deployment process:

  • Virtual Private Cloud (VPC). A virtual network with DNS hostnames and DNS resolution enabled. 

  • Public Subnet. Subnet within VPC for NAT Gateway configuration. 

  • Private Subnet. Subnet within VPC to configure POP infrastructure.  

  • Network Address Translation (NAT) Gateway. AWS service to connect instance to internet. 

  • IAM Role. Defines a set of permissions for making AWS service requests. 

  • Security Group. A security group is an AWS firewall solution that performs one primary function: to filter incoming and outgoing traffic from an EC2 instance. 

  • Availability Zone. An availability zone is a logical data center in a region available for use. 

  • Internet Gateway. This connects the VPC to the Internet and to other AWS services. 

  • EC2 Instance. Virtual server to run the application with the given image id and instance type. 

  • Network Load balancers. To route incoming traffic across multiple targets. 

  • VPC Endpoints. To enable private connection between VPC and endpoint service powered by AWS Private Link 

  • AWS PrivateLink. A technology that provides private connectivity between VPCs and application hosted in AWS. 

  • Amazon Elastic File System (EFS). Amazon Elastic File System to store logs of POP services present in instance and Auto Scaling Group within and across multiple Availability zones. 

  • Amazon S3. Amazon Simple Storage Service to provide object storage. (PoPDeployment.tar) 

  • Was this article helpful?