Quickstart using AWS Console
Why Use This Method?
Automated Provisioning: By inserting a command into EC2 user data, you can automate tasks like generating keys, downloading software, or configuring network services during instance startup. This avoids the need for manual intervention and ensures consistency across deployments.
Cloud-Based Provisioning: For environments using cloud platforms like AWS or Azure, this method is ideal for environments where you don’t have direct access to the console of each individual instance and need to inject setup commands dynamically during instance creation.
Enhanced Security: By opting not to use SSH keys and instead disabling SSH access entirely (either at the operating system level or by restricting access through the security group), you can further lock down your EC2 instances. This minimizes the attack surface, making the system less vulnerable to unauthorized access, since management and retrieval of critical information (like claimKey) can be done through user data and console logs without any need for SSH access.
This quickstart guide assumes that you:
- have your VPC, subnets and route-tables in place
- want to deploy an enforza Gateway in your public subnet
- are comfortable with configuring your route-tables in order to forward traffic to the enforza gateway
- know what you are doing
For a more detailed tutorial of this installation method, click here.
Follow these steps to create an EC2 instance in AWS, insert a command in the user data that will install the enforza agent at provision time, and retrieve the claimKey from the console log after provisioning.
Step 1: Log in to AWS Management Console
- Go to the AWS Management Console.
- Log in with your credentials.
Step 2: Navigate to EC2 Dashboard
- From the AWS Management Console, in the search bar at the top, type EC2.
- Select EC2 from the dropdown to open the EC2 Dashboard.
Step 3: Launch a New EC2 Instance
- In the EC2 Dashboard, click on Launch Instance.
- You will be directed to the Launch Instance Wizard.
Step 4: Configure the Instance
Step 1: Choose an Amazon Machine Image (AMI):
- Select an Debian or Ubuntu AMI based on your preference.
- Check the Recommended Specifications here
Step 2: Choose an Instance Type:
- Select an instance type based on your needs (e.g., t3.medium).
- Check the Recommended Specifications here
Step 3: Configure Instance Details:
- Scroll down to the Advanced Details section.
- In the User Data field, paste the following command:
!#/bin/bash
curl -s -L https://efz.io/install | sudo bash
This will be executed during instance initialization.
Step 4: Add Storage:
- Adjust the storage size if necessary (default is usually 8 GB).
Step 5: Add Tags:
- (Optional) Add tags to organize your resources.
Step 6: Configure Security Group:
- Either create a new security group or select an existing one.
- Ensure that SSH (port 22) is open for your trusted management IP address(es)
Step 7: Review and Launch:
- Review your instance configuration and click Launch.
- You will be prompted to select or create a new key pair for SSH access. Choose your preferred option and click Launch Instances.
Step 5: Check the Console Log for claimKey0
- After the instance is launched, navigate back to the EC2 Dashboard.
- On the left-hand side, click Instances.
- Find your newly launched instance from the list and click on the Instance ID to open the instance details page.
- In the Instance Details view, scroll down and click View Console Output under Instance Settings.
- Look through the console log for the output:
"claimKey0": "xxxxxx-xxxxxx-xxxxxx"
This will show the claimKey0 generated by the command inserted into the user data.
Step 6: Retrieve and Save the claimKey0
- Copy the
claimKey0from the console log. - Save it securely for use in your Enforza Portal for device claiming and activation.
Check out the Tutorials on how to do this.
By following these steps, you’ll be able to provision an EC2 instance with a custom command in user data, and retrieve the necessary claimKey0 from the console log.