The Aviatrix cloud network solution consists of two components, controller and gateway, both are AWS instances. Gateways are launched from the controller browser console by using your account IAM roles and AWS APIs. This guide helps you to launch the Controller instance in AWS. The Controller image is also available in Azure Marketplace and GCloud.

Create an AWS EC2 Account

You need to have an AWS EC2 account to use the solution. Note that the Controller supports multiple accounts with each one associated with a different AWS IAM role or account, but there needs to be at least one to start with.

This AWS account can be a root account, IAM role, IAM administrator account or IAM user account with access privileges required by the Aviatrix solution.

We strongly recommend you to use IAM role for security reasons.

Subscribe to Aviatrix on AWS Marketplace

You must subscribe to one of the Aviatrix AMIs on AWS marketplace prior to launch the Controller.

Search “aviatrix” on AWS marketplace and accept the terms and conditions to use the software. After subscription, follow the instructions in the next sections to launch the Controller.

If you choose the BYOL image, you need a customer ID (license ID) to use Aviatrix solution. Send an email to to obtain one.

DNS Server Connectivity Check

If the VPC where the Controller is deployed in has a custom DNS server (via DHCP option), make sure the Controller instance can reach this DNS server.


Any resources created by the Controller, such as Aviatrix gateways, route entries, ELB, SQS queues, etc, must be deleted from the Controller console. If you delete them directly on AWS console, the Controller’s view of resources will be incorrect which will lead to features not working properly.

Launch Aviatrix Controller

Controller must be launched on a public subnet of a VPC.

The recommended way to launch the Controller is by our CloudFormation script. Follow the instruction here to launch a controller instance in a selected region.

To launch the controller manually, follow this document.

Access the Controller

After the Controller instance is in running state in AWS, you can access the Controller via a browser by https://Controller_public_EIP, where Controller_public_EIP is the Elastic IP address of the Controller.

The initial password is the private IP address of the instance.

Follow the steps to go through an initial setup phase to download the latest software. After the latest software is downloaded, re-login again to go through the onboarding process.


The purpose of onboarding is to help you setup an account on Aviatrix Controller that corresponds to an IAM role with policies so that the Controller can launch gateways and build networks using AWS APIs.

If you launched the Controller via CloudFormation script, the required IAM roles and policies are already setup, follow this instruction to complete account creation.

Note you can create a single Aviatrix account that corresponds to AWS, Azure and GCloud account credentials. This is a multi cloud platform.

To create a Global Transit Network, click Transit VPC on the main navigation bar to start.

Setup for Operations

If this Controller is for your production, we strongly recommend you to enable Controller Backup/Restore feature. This allows you to backup configurations on the Controller to an S3 bucket sothat you can recover the configurations in a disaster situation.

Controller HA

To enable Controller HA in AWS, follow the instructions here.

Controller Monitoring

If Controller HA is not enabled, we recommend you to use AWS CloudWatch to configure alarms and actions to reboot the controller when it fails Status Check.