Quickstart using AWS Console (userdata)
Why Use This Method?
Automated Provisioning: By inserting a command into EC2 user data, you can automate tasks like generating keys, downloading software, or configuring network services during instance startup. This avoids the need for manual intervention and ensures consistency across deployments.
Cloud-Based Provisioning: For environments using cloud platforms like AWS or Azure, this method is ideal for environments where you don’t have direct access to the console of each individual instance and need to inject setup commands dynamically during instance creation.
Enhanced Security: By opting not to use SSH keys and instead disabling SSH access entirely (either at the operating system level or by restricting access through the security group), you can further lock down your EC2 instances. This minimizes the attack surface, making the system less vulnerable to unauthorized access, since management and retrieval of critical information can be done through user data and console logs without any need for SSH access.
This quickstart guide assumes that you:
- have your VPC, subnets and route-tables in place
- want to deploy an enforza Gateway in your public subnet
- are comfortable with configuring your route-tables in order to forward traffic to the enforza gateway
- know what you are doing
For a more detailed tutorial of this installation method, click here.
Follow these steps to create an EC2 instance in AWS, insert a command in the user data that will install the enforza agent at provision time, and the auto-register to your account.
Step 1: Log in to AWS Management Console
- Go to the AWS Management Console.
- Log in with your credentials.
Step 2: Navigate to EC2 Dashboard
- From the AWS Management Console, in the search bar at the top, type EC2.
- Select EC2 from the dropdown to open the EC2 Dashboard.
Step 3: Launch a New EC2 Instance
- In the EC2 Dashboard, click on Launch Instance.
- You will be directed to the Launch Instance Wizard.
Step 4: Configure the Instance
Step 1: Choose an Amazon Machine Image (AMI):
- Select an Debian or Ubuntu AMI based on your preference.
- Check the Recommended Specifications here
Step 2: Choose an Instance Type:
- Select an instance type based on your needs (e.g., t3.medium).
- Check the Recommended Specifications here
Step 3: Configure Instance Details:
- Scroll down to the Advanced Details section.
- In the User Data field, paste the following command:
- You can get your companyId from the portal (Claim Device).
!#/bin/bash
curl -s -L https://efz.io/install | sudo bash -s -- --companyId=a713a652-f973-435f-ab38-xxxxxxxxxx
This will be executed during instance initialization.
Step 4: Add Storage:
- Adjust the storage size if necessary (default is usually 8 GB).
Step 5: Add Tags:
- (Optional) Add tags to organize your resources.
Step 6: Configure Security Group:
- Either create a new security group or select an existing one.
- Ensure that SSH (port 22) is open for your trusted management IP address(es)
Step 7: Review and Launch:
- Review your instance configuration and click Launch.
- You will be prompted to select or create a new key pair for SSH access. Choose your preferred option and click Launch Instances.
Step 5: Check the enforza Cloud Controller
- Once the gateway has been provisioned, it will auto-claim/register in the enforza Cloud Controller in your account
- Navigate to Devices and your new gateway will appear (my need refresh if you don't see it immediatey)
Step 6: License the gateway (free)
The device will now show up in your account on the enforza Cloud Controller. Next steps are to:
-
Change the device name to something more meaningful to you
-
Important: change the license from Unlicensed to Freemium, or subscribe for higher versions
-
Create a firewall policy and push to the device.
-
Click here for Tutorials
By following these steps, you’ll be able to provision an EC2 instance with a custom command in user data, and have a gateway auto-register in the enforza Cloud Controller portal.