AWS Startup Guide

Welcome. Your Aviatrix product experience starts here.

The Aviatrix Controller provides a single pane of glass for all your network connectivity tasks. Once you have a Controller instance launched in a VPC, you can start building a Transit Network, remote user VPN, or multi-cloud peering, etc.

To learn about all the Aviatrix use cases, read the Aviatrix overview.

In this guide, we’ll walk you through the first 4 steps. By the end, you’ll be ready for your first use case.

You can also watch a video for this startup guide.

Before you start, you need to have an AWS account. Create a new account or login to an existing IAM account.

Important

• We require this AWS IAM account to have permissions to create AWS IAM roles, IAM policies and launch EC2 instances.
• The Controller instance must be launched on a public subnet in a VPC.
• All AMIs should be launched by CloudFormation template provided by Aviatrix, as described in the next section.

Step 1. Subscribe to an Aviatrix AMI

1.1 Select an AMI

Select the right AMI that meets your use case and subscription preference. Click an AMI link will take you to the AWS Marketplace to complete step 1.2 only. (Open a new tab on the selected AMI so you can follow along with this guide.)

• Metered AMI Aviatrix Secure Networking Platform PAYG - Metered AMI is a pay as you go cloud consumption model for all use cases:

  • Next-Generation Transit VPC Network
  • VPC Egress Security
  • Remote User VPN (OpenVPN®)
  • Multicloud Peering
  • Encrypted Peering
  • Site to Cloud IPSEC VPN
  • FREE - EC2 FlightPath Troubleshooting Tool
  • FREE – Two Tunnels (Free Forever)

• Private Offer AMI Aviatrix Secure Networking Platform - Custom AMI includes a 14-day free trial and is a utility model for use cases that build IPSEC and SSL VPN:

  • Next-Generation Transit VPC Network
  • Remote User VPN (OpenVPN®)
  • Multicloud Peering
  • Encrypted Peering
  • Site to Cloud IPSEC VPN

• Utility User VPN AMI We offer a range of OpenVPN® User Access AMIs. You can choose 10 User VPN Server, 25 User VPN Server, 50 User VPN Server, 100 User VPN Server.
• BYOL AMI Aviatrix for Cloud Interconnect, Cloud Peering and VPN (BYOL) offers BYOL license for all use cases. Contact support@aviatrix.com for a 30 day free trial license.

1.2 Subscribe to the selected AMI

1.2.1 Continue to Subscribe

For example, if you select Inter-Region VPC Peering 5 Tunnel AMI, click Continue to Subscribe. Subscribing means that you can begin deploying the software in later steps via the CloudFormation template.

1.2.2 Accept Software Terms

Click Manual Launch and Accept Software Terms. Return to this guide and continue. (Do not proceed with install of the Controller instance from the marketplace.)

1.2.3 Product Support Connection

Enter your contact information to connect this subscription to Aviatrix’s technical support system and obtain a free upgrade to 24x7x365 support. You can choose to sign up later, or edit/remove your details at any time. Click Register Product Support

Tip

If the VPC where the Controller is deployed in has a custom DNS server (via DHCP option), make sure the Controller instance can reach this DNS server.

Step 2. Launch the Controller with CloudFormation

Now that you have subscribed to an AMI, you are ready to install the Controller instance.

Each Aviatrix AMI in AWS marketplace has a companion CloudFormation template. The template is used to launch the Controller instance. Highlight and copy the CloudFormation Template URL Link Address for the AMI you intend to launch.

Subscribed Controller AMI	CloudFormation Template URL Link Address
Secure Networking Platform PAYG - Metered	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/aws-cloudformation-aviatrix-metering-controller.json
Secure Networking Platform - Custom	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/avx-awsmp-5tunnel.template
SSL VPN Server - 10 users	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/aviatrix-sslvpn-10-users.template
SSL VPN Server - 25 users	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/aws-cloudformation-aviatrix-sslvpn-25-users.json
SSL VPN Server - 50 users	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/aviatrix-ssl-vpn-server-50-user.template
SSL VPN Server - 100 users	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/aws-cloudformation-aviatrix-sslvpn-100-users.json
SSL VPN Server Bundle (10 users + 1 peering)	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/aws-cloudformation-sslvpnbundle.json
Cloud Interconnect BYOL	https://s3-us-west-2.amazonaws.com/aviatrix-cloudformation-templates/avx-awsmp-BYOL.template

2.1. In the AWS console, change to the region where you would like to install the Aviatrix Controller.

2.2. Once in the correct region, go to the CloudFormation service.

2.3. Click Create new stack or Create Stack

2.4. Select Specify an Amazon S3 template and paste the CloudFormation Template URL Link Address for the AMI you selected in the above table.

2.5. Click Next

2.6. Fill in the following fields,

• the Stack name,
• select a VPC in the drop down menu,
• select a public subnet in that VPC (Go to AWS VPC console to make sure the public subnet is indeed in your selected VPC. Read this link if you do not know what public subnet is.)
• and a keypair (Read how to create a keypair to create a keypair in AWS EC2 console if this field is blank.)

Note

The Aviatrix Controller must be launched on a public subnet. If this is the first time you launch Aviatrix Controller, select the default setting New for IAM Role Creation. If Aviatrix IAM role has been created before, select aviatrix-role-ec2 for IAM Role Creation. The Aviatrix Controller instance is termination protected.

2.7. Leave the Controller Size at t2.large and keep the IAM role creation at “New” unless you have already created the Aviatrix IAM roles.

2.8. Click Next

2.9. Optionally, add any key/value tags as required

2.10. Optionally, select an IAM Role if your currently logged in user does not have permission to create instances.

2.11. We recommend you to enable stack termination protection during stack creation time to prevent accidental deletion, as shown below, then click Next

Warning

The Controller instance has Termination Protection enabled. If you need to delete the stack, make sure you first disable the Controller instance Termination Protection at the AWS EC2 console.

2.12. Click the checkbox next to “I acknowledge that AWS CloudFormation ...” and then click Create.

2.13. Once the stack creation completes (Status change to CREATE_COMPLETE), click on the Outputs tab. The values displayed will be needed when configuring primary access account in Aviatrix.

Step 3. Connect to the Controller

Now that Aviatrix Controller instance has been launched, let’s login and go through a few init steps.

3.1. Open a browser window to https://AviatrixControllerEIP, where AviatrixControllerEIP can be found in the Stack Outputs. You can also find the Controller instance EIP by going to AWS EC2 console, click the Controller instance and locate its public IP address.

Tip

You may receive a warning that the connection may not be secure. This is because the certificate is self-signed by the Controller. It is safe to continue to the page.

3.2. Login with the username admin.

For the password field, use the AviatrixControllerPrivateIP. The AviatrixControllerPrivateIP can be found in the Outputs section of the CloudFormation stack. You can also find the Controller instance’s private IP address by going to AWS EC2 console, click the Controller instance and locate its private IP address.

3.3. Enter your email address. This email will be used for alerts as well as password recovery (if needed).

3.4. Next, you will be prompted to change the admin password.

3.5. Click Skip in the next page, unless the Controller instance VPC has an HTTP or HTTPS proxy configured for Internet access.

3.6. Finally, the Controller will upgrade itself to the latest software version after you click on Run. Wait for a few minutes for the process to finish.

Tip

The Controller upgrade takes about 3-5 minutes. Once complete, the login prompt will appear. Use the user admin and your new password to login.

Step 4. Create A Primary Access Account

4.1 Select AWS

Once logged back in to the Controller, you should be on the Onboarding page or click “Onboarding` on the navigation item. Then click AWS icon.

4.2 (Only apply to BYOL AMI) Enter Your Customer ID

Note

This step only applies if you select BYOL AMI. Contact support@aviatrix.com to get a trial license if you do not have one.

Enter the Customer ID in the field and click Save.

4.3 Setup a Primary Access Account

The Aviatrix primary access account contains the following information:

• The Controller instance’s AWS 12 digit account ID.

Check out this link if you have questions regarding Aviatrix access account.

Fill out the fields as follows: (The AWS Account Number can be found at the Stack Outputs section or get from this link.)

Field	Expected Value
Account Name	Enter a name that is unique on the Controller. Example name: AWSOpsTeam.
AWS Account Number	The Controller instance’s 12 digit AWS account number. It can be found in the Stack Outputs section AccoundId.
IAM role-based	Check this box.

Once complete, click the Create button at the bottom of the form.

Next: Start a Use Case

Congratulations!

You are now ready to establish connectivities to/from the cloud. Here are some of the things you can do:

• Build Net-Gen Transit Network
• Build User SSL VPN
• Build Egress Security
• Build Site to Cloud VPN
• Build Multicloud Peering
• Build Encrypted Peering

Warning

Any resources created by the Controller, such as Aviatrix gateways, route entries, ELB, SQS queues, etc, must be deleted from the Controller console. If you delete them directly on AWS console, the Controller’s view of resources will be incorrect which will lead to features not working properly.

For technical support, email us at support@aviatrix.com

Enjoy!