Deploy CT Connectors on AWS

This topic lists the steps to deploy CT Connectors on the AWS cloud.

Prerequisites

  • Amazon EC2 instances that meet the following minimum sizing - 2 vCPUs, 8 GB RAM, and 1 Gbps throughput. For example, General purpose m5.large and above.

  • EC2 instances used to deploy CT Connectors must resolve the Fully Qualified Domain Name (FQDN) of the Xshield instance to which the Connectors must be registered. 

  • If you plan to use existing Azure network resources, the details of the Virtual Private Cloud (VPC) and Security Group for CT Connectors. 

Deploy CT Connector

AMI images for AWS CT Connectors are available on the AWS cloud. Currently, the latest image available is colortokens-ctconnector-8.0.0.72-58, and this is built on top of Ubuntu 16.04 LTS.

The steps listed here pertain to only deploying the CT Connector on AWS. You must provide additional details such as region, availability zone, storage type and size, tags, and so on that suit your deployment practices.

  1. Log in to the Amazon EC2 console.

  2. Click Images > AMI, select the AMI image, and click Launch.

  3. On the Choose Instance Type page, select the type of EC2 instance and click Configure Instance Details.

  4. On the Configure Instance Details page, select or add a new VPC (in the Network drop-down list) and click Add Storage

  5. On the Add Storage page, select suitable storage (above 50 GB) with the available options, and click Add Tags.

  6. (Optional) On the Add Tags page, add tags and click Add Security Group.

  7. On the Configure Security Group page, select or add a new Security Group and click Review and Launch.

    CT Connectors only need inbound an access rule on port 22 for SSH.

  8. On the Review and Launch page, click Launch

  9. (Optional) For secure SSH to the CT Connectors, use an existing key pair or create a new key pair

Copy the Instance ID of the Connector

  • Go to Instances on the EC2 console and search for the Connector instance and copy the Instance ID of the instance.

Add/register CT Connector to the Xshield instance

Use the Instance ID of the EC2 instance to add/register the Connector with the Xshield instance. CT Connectors obtain the details of the instance for registration after you input the AWS instance ID to add the Ec2 instances to the instance.

If you are registering the first AWS CT Connector for the instance, go to the Xaccess tab on Xshield and initiate  Xaccess Onboarding.

  1. Go to Xaccess > Connectors.

  2. Click Add Connector.

  3. In the Instance ID text box, paste the Instance ID of the EC2 instance.

  4. Click Save.

You may need to wait for a few seconds for Xshield to verify the validity of the Connector with the app instance. Upon successful verification, the CT Connector is registered with the instance.

Successfully deployed

CT Connectors are deployed successfully if they are registered successfully with the instance. Connectors deployed successfully are listed on the Connectors page (Status = Online and State = Enabled).

At this stage, the CT Connectors are only added to the instance. To enable the CT Connectors to discover applications and services, you must specify the IP subnets and domains of the applications. 

Deployment failed

Some of the causes of failed deployments are incorrect EC2 Instance IDs or lack of connectivity to the VPCs. Connectors are not displayed on the Connectors page until they are not registered with the instance.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.