Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update the AWS docs to use SSM for console access #816

Merged
merged 1 commit into from
Oct 11, 2023
+22 −22
Merged

Update the AWS docs to use SSM for console access #816

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 22 additions & 22 deletions docs/deployment/zaio-aws.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,21 @@ To follow this tutorial, you will need an admin access to the AWS web console

*Note: This tutorial is only a first step toward a production deployment on AWS.*

## Create an EC2 instance profile

To give a specific identity to the ZAIO instance, and allow the access to the instance console without SSH, we need to create an EC2 instance profile, and attach a managed policy to it.

In the _IAM_ section of the AWS console, click the _Create role_ button. Select _AWS service_ as Trusted identity type. Then select _EC2_ as Service, and _EC2 Role for AWS Systems Manager_ as Use case, then click the _Next_ button.

You should see the _AmazonSSMManagedInstanceCore_ selected in the next screen. Click _Next_.

Give the role a name, optionally a description and some tags, and click _Create role_. We will be referencing this role when launching the instance.

## Start a new instance

In the AWS EC2 console, in one of the supported region (`us-east-1`, `us-west-2`, `eu-central-1`), click on the _Launch instances_ button. Pick a Name.

## Select a _Zentral all in one_ AMI
### Select a _Zentral all in one_ AMI

Click on the _Browse more AMIs_ link. Select _Community AMIs_. Use _zaio_ as search term.

Expand All @@ -23,29 +33,29 @@ AMIs name pattern: `zaio-ARCH-YYYYMMDD-HHMMSS`

The ZAIO AMIs are available for ARM64 and AMD64 architectures.

## Pick an instance type
### Pick an instance type

You can start with a `t4g.medium` instance type – if you have picked the ARM64 AMI. We strongly advice against using any kind of "smaller" (< 4GB RAM) instances. A lot of software will be running on the instance (elasticsearch, postgres, rabbitmq, prometheus, grafana, django app, …)

Then click on the _Next: Configure Instance Details_ button.

## Key pair

It will be required for the first login. You can use an existing key pair, or create a new one. The username for the login is `ubuntu`.
### Network settings

## Network settings

The required open ports are 22, 80, and 443.
The required open ports are 80, and 443.

If you are new to this, just create a new security group for the Zentral instance.

Select _Create security group_ and tick the three boxes for `SSH`, `HTTP` and `HTTPS` (you can restrict the allowed ip ranges if you like).
Select _Create security group_ and tick the two boxes for `HTTP` and `HTTPS`. No need to tick the `SSH` box. We use Systems Manager for access to the instance console.

## Add storage
### Add storage

You can start with one 20GB general purpose SSD (`gp2`) volume. But that would be only enough to store a limited amount of events. As a rule of thumb, you will need about 20GB + 1GB for every million of events stored, but that can vary a lot depending on your inventory sources, and the kind of events you are collecting.

## Launch the instance
### Set the IAM role

**IMPORTANT** to get access to the instance without SSH, we need to use the EC2 role we have just created. Unfold the _Advanced details_ section of the wizzard, and select the EC2 instance profile in the _IAM instance profile_ dropdown.

### Launch the instance

Click on the _Launch_ button.

Expand All @@ -59,16 +69,6 @@ Zentral requires a domain name resolving to the IP address of the launched insta

## Log onto your instance

You need the path to the key pair you have just setup. The default username is `ubuntu`.

```cmd
ssh -i ~/.ssh/TheNameOfTheKeyPairFile [email protected]
```

**IMPORTANT** Make sure the key is only readable for your user:

```cmd
chmod 400 ~/.ssh/TheNameOfTheKeyPairFile
```
Pick the EC2 instance you have launched in the list of all instances, click on the _Connect_ button. Select the _Session Manager_ tab, click on the _Connect_ button. You should be redirected to a console in the browser. For a better experience, launch `bash` as shell.

Once logged in, you can use a [command line tool to setup your instance](../zaio-setup). Because this last step is the same for a Google Cloud deployment, we have kept it on a separate wiki page.