AWS EC2 Installation

An AWS EC2 configuration example is shown in the figure below. We offer an Ansible script for quick and easy AWS installation. Further below are the installation instructions.

@startuml
!define AWSPUML ../../images/AWS-PlantUML/dist
!include AWSPUML/common.puml
!include AWSPUML/NetworkingContentDelivery/AmazonVPC/router/router.puml
!include AWSPUML/General/client/client.puml
!include AWSPUML/General/Internetalternate1/Internetalternate1.puml
!include AWSPUML/General/corporatedatacenter/corporatedatacenter.puml
!include AWSPUML/General/virtualprivatecloud/virtualprivatecloud.puml
!include AWSPUML/General/AWScloud/AWScloud.puml
!include AWSPUML/NetworkingContentDelivery/AmazonVPC/VPCNATgateway/VPCNATgateway.puml

left to right direction
hide stereotype
skinparam shadowing false
skinparam rectangle {
    borderColor<<awscloud>> #black
    roundCorner<<awscloud>> 50
    borderColor<<virtualprivatecloud>> #black
    roundCorner<<virtualprivatecloud>> 50
    borderColor<<site>> #black
    roundCorner<<site>> 50
    borderColor Transparent
    backgroundColor Transparent
    fontColor #black
    stereotypeFontColor Transparent
}
skinparam linetype polyline
skinparam linetype ortho

AWSCLOUD(AWC1, "Region1", rectangle) {
    VPCNATGATEWAY(GW1, "Gateway 13.53.107.28\n13.53.107.28 <--> 172.18.254.76", rectangle)
    VIRTUALPRIVATECLOUD(VPC1, "172.18.0.0/16", rectangle) {
        cloud "AWS WAN\n172.18.254.x/24" as WAN
        ROUTER(R2, "flexiWAN\nRouter2", rectangle,"#Teal")
        CORPORATEDATACENTER(CDC1, Server1, rectangle)
        cloud "AWS LAN\n172.18.1.x\24" as LAN
        CORPORATEDATACENTER(CDC2, Server2, rectangle)
        note right of CDC1 : Default GW=172.18.1.254
        note bottom of R2 : Default GW=172.18.254.1\n192.168.56.x/24 via 10.100.0.4
        note right of CDC2 : Default GW=172.18.1.254
    }
}
INTERNETALTERNATE1(INT,"Internet",rectangle,"#RoyalBlue")
rectangle Site as SITE <<site>> {
    CLIENT(C1, Client1, rectangle)
    note top of C1 : Default GW=192.168.56.105
    cloud "Site LAN\n192.168.56.x/24" as SL
    ROUTER(R1, "flexiWAN\nRouter1", rectangle,"#Teal")
    note left of R1 : Default GW=77.77.77.1\n172.18.1.x/24 via 10.100.0.5
}

GW1 .[thickness=7,#LimeGreen]. INT
GW1 <--> INT
GW1 -[hidden]- INT
INT ..[thickness=7,#LimeGreen] R1
INT <--> R1 : "77.77.77.77"
GW1 <-> WAN : "172.18.254.1"
GW1 .[thickness=7,#LimeGreen] WAN
WAN <--> R2 : "172.18.254.76"
WAN .[thickness=7,#LimeGreen]. R2
LAN <--> CDC1 : "172.18.1.178"
R2 <--> LAN : "172.18.1.254"
LAN <--> CDC2 : "172.18.1.219"
C1 <--> SL
SL <-> R1 : "192.168.56.105"
R1 <..[hidden].> R2
INT ..[hidden] R1
INT ..[hidden] R1
INT ..[hidden] R1
INT ..[hidden] R2
INT ..[hidden] R2

@enduml

Installation Steps

Prerequisites

The Ansible script described below can be executed from any Linux machine that has access to your AWS account. Once ran, the script will create a flexiWAN instance on your AWS account. Please note that the script will not install flexiWAN on the device you’re running it from, it will create a new instances on AWS.

Before starting the installation process, make sure you have the following things:

  1. An Amazon EC2 account for installing the flexiEdge device

  2. An Ansible environment on your Linux machine.

    If you are running under Ubuntu 18.04 you can install it by:

    sudo apt update
    sudo apt install software-properties-common
    sudo apt-add-repository ppa:ansible/ansible
    sudo apt update
    sudo apt install ansible python-boto3 python3-boto3 python-boto python3-boto
    

    When using Ubuntu 21.10 or newer, run the following commands:

    sudo apt update
    sudo apt install software-properties-common
    sudo apt-add-repository ppa:ansible/ansible
    sudo apt-get install python3-pip
    sudo pip3 install boto
    sudo apt install ansible
    
  3. A valid AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY.

    The keys can be found in the IAM management console of Amazon EC2. More information on how to find and update the access keys is detailed here

Installation

  1. Download the Ansible script

    mkdir ansible
    cd ansible
    wget https://sandbox.flexiwan.com/Utils/ansible.v0.1.6.tar.gz
    
  2. Unzip the tar.gz:

    tar -vxf ansible.v0.1.6.tar.gz
    cd ansible.v0.1.4/
    
  3. Export the AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY

    export AWS_ACCESS_KEY=**********************
    export AWS_SECRET_ACCESS_KEY=***********************************************
    
  4. Run the Ansible script to create your AWS flexiEdge device

    Use the following parameters in the script command line:

    Ansible parameters

    Parameter

    Description

    region

    Region in Amazon EC2 used for creating the flexiEdge device

    vpc_name

    A string for naming the VPC

    vpc_cidr_block

    The CIDR for the VPC. Note: This should be a globally unique CIDR, as our goal is to create a tunnel between VPCs

    cidr_lan

    The CIDR for the LAN network

    lan_ip_address

    The LAN IP address

    flexiwan_token

    The organization token created in your flexiManage account

    stack

    A sting for tagging the resource in EC2

    Example: the following command creates a VPC in Ohio region (us-east-2), the LAN and WAN subnets, the Internet Gateway and one m5.large EC2 instance with Ubuntu 18.04 and the flexiEdge software (as shown in the figure above). Once the script completes successfully, a new flexiEdge device should appear in the flexiManage Devices menu automatically. The SSH key to access the EC2 instance is saved in the directory under the string name used for the stack parameter.

    ansible-playbook ec2_create_customer.yml --extra-vars "region=us-east-2 vpc_name=VPC vpc_cidr_block=172.18.0.0/16 cidr_lan=172.18.1.0/24 cidr_wan=172.18.254.0/24 lan_ip_address=172.18.1.254 flexiwan_token=ey****** stack=Ohio"
    
  5. To access the instance via SSH

    SSH with your key, and the public IP allocated for the flexiEdge device

    ssh -i Ohio -l ubuntu 13.53.107.28