Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Deploy Secure App Connector V2 on AWS without CloudFormation Template for TCP Applications

Secure App Connectors can be deployed in your Virtual Private Clouds (VPCs) for AWS. Secure App Connectors should be deployed across all availability zones to ensure continuity of service in the event of an incident. It should be in appropriate security groups to enable access to applications in the VPC.

NOTE: Make sure to allow the following domains and HTTP(S) ports when you are using a firewall, For more details, see  Secure App Connector V2 Prerequisites and Firewall settings For Private Applications

Prerequisites

  • Skyhigh Security recommends Secure App Connector have at least 4CPU8GB RAM, and 50GB HDD.
  • Make sure that you have an Amazon Virtual Private Cloud (VPC) created and have full access to create EC2 instances. 

NOTE: In case of any failure, delete the old stack and redeploy.

 Steps to Deploy 

  1. Log in to the AWS Management Console.
  2. On the Console Home page, select EC2.

Step 2_0.png

  1. On EC2 dashboard click Launch instance.

Step 3_0.png

  1. Enter the Name for the EC2 instance.

Step 4_0.png

  1. Click Add additional tags to configure either proxy or dns or udp_socks_proxy or bypass_proxy 
    • Add the tag in the below format: 
      • Key - The key must remain fixed and match the one in the screenshot below.  If the keys are different, the connector deployment will fail.
      • value - The value can be customized as needed.

NOTE: proxy format => http://proxy.example.com:9090

Step 5.png

  1. Go to the Application and OS Images (AMI) section and search Skyhigh and click Browse more AMIs.

Step 6_3.jpg

  1. Once the search activity is completed, click the Community AMIs category.

Step 9_00.png

  1. Browse and select SPA-SecureAppConnector-YPF AMI from the list. 

Step 9_1.png

  1. Select c5.xlarge (4CPU, 8GM RAM Recommended) as Instance type from the options. 

Step 10_0.png

  1. Select the key pair to connect to your EC2 instance securely.

Step 11_0.png

  1. Select VPC and subnet options under Network settings.
  2. Select the Security group from the dropdown list that allows inbound access on port 22 (i.e. SSH) and outbound access on ports 443 & 8080.

Step 12_1.png

NOTE: If firewall settings are configured, refer to this link: Secure App Connector V2 Prerequisites and Firewall settings For Private Applications

  1. Configure volume size as 50 GB (recommended) and enable encryption.

Step 13_0.png

  1. Under the Advanced details section, select Metadata version as V1 and V2 and Enable allow tags in metadata.

NOTE: Selecting both options is mandatory if any tags are defined in step 5. This step can be skipped, if no proxies settings are used. 

Step 14_0.png

  1. Copy and paste the connector configuration content from the downloaded configuration file

Step 15_000.png

  1. Uncheck the User data has been base64 encoded option. 

Step 15_001.png

  1. Click Launch instance.

Step 16_0.png

  1. Use a standard SSH Client (like Putty) and enter command to log in to the EC2 instance: ssh -i <AWS Private Key> ec2-user@<App Connector Public Hostname or IP Address>
  2. Connector deployment will take around 15-20 minutes.
  3. You can validate your connector deployment, For more details, see Secure App Connector V2 CLI.
  • Was this article helpful?