Quickstart using AWS CloudFormation

Why Use This Method?

Automated Deployment: CloudFormation provides an automated and scalable way to set up the enforza Gateway in a matter of minutes, avoiding manual configuration steps. You can easily replicate this across multiple environments or regions.

Single Gateway or Multi-AZ/Gateway Options: With these templates, you can choose to deploy a single gateway (with 3 private subnets across 3 AZs) for smaller environments, or a Multi-AZ/Gateway setup with automatic failover for increased availability and redundancy.

CloudFormation Templates as a Baseline: These templates serve as a starting point that can be customized to fit your specific networking and security needs.

---

This guide helps you deploy the enforza Gateway using AWS CloudFormation. You can choose between two CloudFormation templates to get started:

1. Single Gateway Deployment
   • Download the Single Gateway CloudFormation template here
   • Click here for the deployment diagram & resources it creates
2. Multi-AZ/Gateway Deployment with Automatic Failover
   • Download the Multi-AZ/Gateway CloudFormation template here
   • Click here for the deployment diagram & resources it creates

warning

These AWS CloudFormation templates are designed as a guide for you to build a secure landing zone.

You are responsible for your design.

Feel free to use, adapt, test, and re-work these.

---

Open Source License

These templates are open source and licensed under the GNU General Public License, version 3 (GPLv3).

This means you are free to:

• Use these templates for any purpose, whether personal or commercial.
• Distribute copies of the templates, whether in their original form or modified versions.
• Modify the templates to suit your needs.

If you distribute modified versions, you must keep them licensed under GPLv3, ensuring that others have the same freedom to use, modify, and distribute.

For more details, see the GPLv3 License.

---

tip

For a more detailed tutorial of this installation method, click here.

---

Option 1: Deploy Using AWS Management Console

Step 1: Log in to AWS Management Console

1. Go to the AWS Management Console.
2. Log in with your credentials.

Step 2: Navigate to CloudFormation

1. In the search bar at the top, type CloudFormation.
2. Select CloudFormation from the dropdown to open the CloudFormation Dashboard.

Step 3: Create a New Stack

1. In the CloudFormation Dashboard, click on Create Stack.
2. Choose With new resources (standard).

Step 4: Upload the CloudFormation Template

1. Under Specify template, select Upload a template file.

2. Click Choose File, then upload one of the following CloudFormation templates:

   • For Single Gateway Deployment: Download the Single-AZ CloudFormation Template
   • For Multi-AZ/Gateway Deployment: Download the Multi-AZ CloudFormation Template

3. Click Next.

Step 5: Configure Stack Details

1. Stack Name: Provide a unique name for your CloudFormation stack (e.g., enforza-firewall).

2. Parameters: Configure the following parameters as per your environment’s requirements:

• VPCCidr: Enter the CIDR block for your VPC. The default is 10.1.0.0/16, but you can specify any valid /16 CIDR block.
• TrustedManagementIPs: Enter the trusted management IPs or ranges (e.g., 192.168.1.0/24, 203.0.113.0/32). These IPs will be allowed SSH, ICMP, and SNMP access. The default includes standard private network ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.

3. Click Next.

Step 6: Review and Deploy

1. Review the stack settings and parameters to ensure everything is configured correctly.
2. Acknowledge that AWS CloudFormation will create IAM resources (if applicable) by checking the box.
3. Click Create Stack.

Step 7: Monitor the Deployment

1. Once the stack is launched, you can monitor its progress in the Events tab.
2. After completion, the enforza Gateway will be provisioned according to the selected template.

Step 8: Navigate to the EC2 Dashboard

1. In the AWS Management Console, type EC2 into the search bar at the top of the page.
2. Select EC2 from the dropdown menu to open the EC2 Dashboard.

Step 9: View Your Running Instances

1. In the left-hand navigation pane, click Instances under Instances.
2. This will show a list of all your running EC2 instances.

Step 10: Locate the Instance Created by CloudFormation

1. Find the instance that was created by your CloudFormation stack - (named similar to enforza-firewall-instance)
2. You can search by Instance ID or look at the Name field if you have named your instances.

Step 11: View Instance Tags

1. Select the instance by clicking on the Instance ID.
2. Scroll down to the Tags section in the Instance Summary.
3. Look for a tag named EnforzaClaimKey.

The tag will look something like this:

Key	Value
EnforzaClaimKey	xxxxxx-xxxxxx-xxxxxx

6. Save the EnforzaClaimKey securely for use in the enforza Portal.

---

Option 2: Deploy Using AWS CLI

Step 1: Download the CloudFormation Templates

1. For Single-AZ Deployment: Download the Single-AZ CloudFormation Template
2. For Multi-AZ Deployment: Download the Multi-AZ CloudFormation Template

Step 2: Use AWS CLI to Deploy the Stack

1. For Single-AZ Deployment:

aws cloudformation create-stack
--stack-name enforza-firewall-single-az
--template-url https://prod-enforza-public.s3.eu-west-2.amazonaws.com/cloudformation/aws-single-az-boilerplate-cfn.yaml
--parameters ParameterKey=VPCCidr,ParameterValue=10.1.0.0/16 ParameterKey=TrustedManagementIPs,ParameterValue="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"

2. For Multi-AZ Deployment:

aws cloudformation create-stack
--stack-name enforza-firewall-multi-az
--template-url https://prod-enforza-public.s3.eu-west-2.amazonaws.com/cloudformation/aws-multi-az-boilerplate-cfn.yaml
--parameters ParameterKey=VPCCidr,ParameterValue=10.1.0.0/16 ParameterKey=TrustedManagementIPs,ParameterValue="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"

3. Monitor the Stack Creation:

Use the following command to monitor the progress of your stack:

aws cloudformation describe-stacks --stack-name enforza-firewall-single-az

Step 3: Retrieve the EnforzaClaimKey / claimKey0 directly

You can also retrieve the EnforzaClaimKey / claimKey0 directly with a more specific query:

aws ec2 describe-tags --filters "Name=resource-id,Values=<your-instance-id>" "Name=key,Values=EnforzaClaimKey" --query 'Tags[*].Value' --output text

This command will return the claimKey0 directly, making it easy to copy and save.

Example:

If the instance ID is i-0123456789abcdef0, the command would look like this:

aws ec2 describe-tags --filters "Name=resource-id,Values=i-0123456789abcdef0" "Name=key,Values=EnforzaClaimKey" --query 'Tags[*].Value' --output text

---

By following these steps, you’ll be able to deploy the enforza Gateway in AWS using CloudFormation, either through the AWS Management Console or the AWS CLI. Choose the Single-AZ or Multi-AZ template based on your availability and failover requirements.

Check out the Tutorials on how to claim your device and associate with your account.