Controller

Why are IAM policies important?

During the launch of your Aviatrix Controller, two IAM roles(aviatrix-role-ec2 & aviatrix-role-app) are created and two associated IAM policies(aviatrix-assume-role-policy & aviatrix-app-policy) are also created. These roles and policies allow the Controller to use AWS APIs to launch gateway instances, create new route entries and build networks and hence very important to keep your network operational. Please check out IAM Policies, Requirements, Customization and IAM for Secondary Access Accounts. After a software upgrade, please do update your IAM policies using the instructions in the above links - these updates have to be done for all accounts that have the Controller and the gateway.

Why should I upgrade my Controller Software?

Our engineering team works very hard to fix issues on a continuous basis. We also continue to add new features and try to enhance the systems to keep your network working effectively and securely. Please take advantage of this and stay on the latest releases. Controller upgrade does not affect your tunnels. Please keep the your controller’s size at > t2.large and please don’t encrypt the root devices!!

Does Aviatrix Controller support automation?

Aviatrix Controller supports a comprehensive set of REST API to enable automation

We also support Terraform. Please check out Aviatrix Terraform Tutorial, Aviatrix Terraform Provider, Transit Network using Terraform and our Github Repository.

Can I use an SSL Certificate from AWS ACM?

You can place your controller behind an ELB in AWS and use your certificate from AWS ACM. Remember to increase the default ELB idle connection timeout from 60 seconds to at least 300 seconds.

How do I backup my Aviatrix System?

Please checkout backup functionality on your Aviatrix controller.

  • If you have a ”.”/period character in the S3 bucket name, please ensure you are running software version 4.0.685 or later.)
  • We strongly recommend the “Multiple Backup” setting to be turned Controller/Settings/Maintenance/Backup&Restore. After turning this option - click on Disable and then Enable and then click on “Backup Now” and check in your S3 bucket to make sur e that the backup function is successful.
  • We support backup using AWS encrypted storage
  • Please do not use AWS’s AMI to take snapshots - this is not a valid backup mechanism and will not work

How can I customize Controller GUI?

  • On the Gateway page, you can customize the columns and add more information(click on the “Name, State, ...” drop down list box and select fields you are interested in). You can also sort and filter on any column by clicking on header.
  • On the gateay page, you can adjust the number of gateways you can see at a time - the default is 5 gateways

How can I troubleshoot connectivity issues?

Please check out Aviatrix Flightpath!!

Does Aviatrix support High Availability?

We have HA built into our system through Gateway HA and Transit HA

Aviatrix Controller HA does not support HA in multiple regions, but works across multiple AZ’s. More information here

Does Controller send alerts when Gateway status changes?

Aviatrix Controller monitors the gateways and tunnels and whenever there is a state change, it will send an email to the admin of the system. You can always override the admin email by updating “ControllerUi/Settings/Controller/Email/StatusChangeEventEmail”. If you do not want to see these emails, you can set it to an invalid email address.

As an alternative, you can also set Cloudwatch Event Alerts in AWS to be alerted when Gateway/Controller Instances are Started or Stopped.