Deploy Secure App Connector V2 on AWS using CloudFormation Template for UDP Applications
Secure App Connectors can be deployed in your Virtual Private Clouds (VPCs) for AWS. Secure App Connectors should be deployed across all availability zones to ensure continuity of service in the event of an incident. It should be in appropriate security groups to enable access to applications in the VPC.
Make sure to allow the following domains and HTTP(S) ports when you are using a firewall, For more details, see Secure App Connector V2 Prerequisites and Firewall settings For Private Applications
Prerequisites
- Skyhigh Security recommends Secure App Connector have at least 8CPU, 12GB RAM, and 70GB HDD.
- Make sure that you have an Amazon Virtual Private Cloud (VPC) created and have full access to create EC2 instances.
Note: In case of any failure, delete the old stack and redeploy.
Steps to Deploy
- Download one of the following templates:
- CloudFormation Template if you wish to use AWS assigned IPs for the connector instance (skip step 17 when you download this template)
- CloudFormation Template if you wish to assign a static IP to the connector instance.
- Log in to the AWS Management Console.
- On the Console Home page, select CloudFormation.
The CloudFormation page appears.
- On the CloudFormation page, click Create stack > With new resources (standard).
- In the Prerequisite - Prepare template section, select Template is ready.
- In the Specify template section, select Upload a template file.
- Click Choose file to upload a template file and make sure you browse to the location of the file.
- Click Next.
- Enter a Stack name.
- Select an EC2 InstanceType from the dropdown list.
NOTE: The c5.2xlarge is the minimum supported instance size for the Connector V2. However, you can select a larger instance size based on your requirements.
- Select AWS Private Key Name from the dropdown list using it to login to the EC2 instance.
Note: AWS Secure App Connectors do not support password-based authentication as a login method.
- Enter Volume Size in GB.
- Select the AWS SecurityGroupIds from the dropdown list which allows inbound access on port 22 (i.e. SSH) and outbound access on ports 443 & 8080.
- Configure Proxy settings - BypassProxy and Proxy.
- Set the Proxy parameter only when the connector uses a proxy server to reach the Internet (optional).
- Bypass Proxy is the list of domains that can be added to bypass the proxy (optional). This parameter can be ignored if there are no domains that need to bypass the proxy, even when a proxy is used.
- UDPSocksProxy is used to access the internet via SOCKS proxy for UDP traffic.
Note: Make sure you have the UDP Socks Proxy in this format i.e. <ip>:<port> or <hostname>:<port>. For example: 172.22.20.41:1080
- Copy and paste the connector configuration content from SSE from the downloaded configuration file.
- Enter DNS server (optional).
NOTE: Ensure that this DNS can resolve both public internet hosts and internal private applications.
- Enter the private IP details if you have downloaded the CloudFormation for static private IP address template.
Note: Skip this step if you are using CloudFormation for AWS assigned IP template.
- Enter private/public subnet details. Select private subnet only if you have a jump host to access the connector host or else select public subnet where you can directly ssh to the connector host.
Note: Choose a subnet from where the instances can access the internet.
- Click Next.
- Select Roll back all stack resources as behavior on the provisioning feature under Stack failure options and then click Next.
- Review all the settings and click Submit.
- Check the resources tab to verify if the EC2 instance got created successfully.
- Use a standard SSH Client (like Putty) and enter the following command to log in to EC2 instance:
ssh -i <AWS Private Key> ec2-user@<App Connector Public Hostname or IP Address>
- Connector deployment will take around 15-20 minutes.
- You can validate your connector deployment, For more details, see Secure App Connector V2 CLI for UDP Applications