Deploy Secure App Connector V2 on AWS without CloudFormation Template for TCP Applications
Secure App Connectors can be deployed in your Virtual Private Clouds (VPCs) for AWS. Secure App Connectors should be deployed across all availability zones to ensure continuity of service in the event of an incident. It should be in appropriate security groups to enable access to applications in the VPC.
NOTE: Make sure to allow the following domains and HTTP(S) ports when you are using a firewall, For more details, see Secure App Connector V2 Prerequisites and Firewall settings For Private Applications
Prerequisites
- Skyhigh Security recommends Secure App Connector have at least 4CPU, 8GB RAM, and 50GB HDD.
- Make sure that you have an Amazon Virtual Private Cloud (VPC) created and have full access to create EC2 instances.
NOTE: In case of any failure, delete the old stack and redeploy.
Steps to Deploy
- Log in to the AWS Management Console.
- On the Console Home page, select EC2.
- On EC2 dashboard click Launch instance.
- Enter the Name for the EC2 instance.
- Click Add additional tags to configure either proxy or dns or udp_socks_proxy or bypass_proxy
- Add the tag in the below format:
- Key - The key must remain fixed and match the one in the screenshot below. If the keys are different, the connector deployment will fail.
- value - The value can be customized as needed.
- Add the tag in the below format:
NOTE: proxy format => http://proxy.example.com:9090
- Go to the Application and OS Images (AMI) section and search Skyhigh and click Browse more AMIs.
- Once the search activity is completed, click the Community AMIs category.
- Browse and select SPA-SecureAppConnector-YPF AMI from the list.
- Select c5.xlarge (4CPU, 8GM RAM Recommended) as Instance type from the options.
- Select the key pair to connect to your EC2 instance securely.
- Select VPC and subnet options under Network settings.
- Select the Security group from the dropdown list that allows inbound access on port 22 (i.e. SSH) and outbound access on ports 443 & 8080.
NOTE: If firewall settings are configured, refer to this link: Secure App Connector V2 Prerequisites and Firewall settings For Private Applications
- Configure volume size as 50 GB (recommended) and enable encryption.
- Under the Advanced details section, select Metadata version as V1 and V2 and Enable allow tags in metadata.
NOTE: Selecting both options is mandatory if any tags are defined in step 5. This step can be skipped, if no proxies settings are used.
- Copy and paste the connector configuration content from the downloaded configuration file.
- Uncheck the User data has been base64 encoded option.
- Click Launch instance.
- Use a standard SSH Client (like Putty) and enter command to log in to the EC2 instance:
ssh -i <AWS Private Key> ec2-user@<App Connector Public Hostname or IP Address>
- Connector deployment will take around 15-20 minutes.
- You can validate your connector deployment, For more details, see Secure App Connector V2 CLI.