Planning your Controller Deployment

There are two ways to deploy an Aviatrix Controller:

  1. Through one of the CSP (Cloud Service Provider) marketplaces: AWS, Azure, GCP, or OCI.

  2. Through Terraform. Click here to access the Aviatrix Terraform modules.

Terraform is the recommended method. See this document for more information.

The sections below describe the prerequisites for deploying from CSP marketplaces. After completing these steps, see the "Next Steps" section below for links to deployment instructions.

Prerequisites for Deploying through a CSP Marketplace

Prerequisites for all Clouds

Saving the Management CIDR Range

Find and save the CIDR range for the device of the main Aviatrix Controller and CoPilot user.

To find a device’s IP address and determine this CIDR range, search for “what is my IP” on the browser’s search engine. You can also check or

AWS Prerequisites


Before launching the Aviatrix Platform from your AWS account, complete the following prerequisites:

Creating a New VPC

  1. Log into your AWS account, preferably an Infrastructure OU – Networking or Shared Services account.

  2. Go to VPC > Create VPC. Make sure this new VPC has the following settings:

    Region – Before configuring any settings, click on the dropdown menu in the top right and select the region in which to locate this VPC.

    In the example below, the current region is Oregon.

    Choose VPC Region
    Setting Value

    Resources to create

    Select the VPC and more radio button.

    Name tag

    Enter a clear and recognizable name (such as “aviatrix-mgt” or “aviatrix-management”).

    IPv4 CIDR block

    Enter the IPv4 CIDR block for the Controller VPC. The minimum is /24; the maximum is /16. A best practice is to use RFC1918 ranges.

    IPv6 CIDR block

    No IPv6 CIDR block



    Number of Availability Zones (AZs)

    Select 1 if you choose not to configure HA. One Availability Zone offers a simpler deployment but no resiliency.

    Select 2 if you require Controller resiliency through HA.

    Number of public subnets

    1 if you selected 1 Availability Zone above.

    2 if you selected 2 Availability Zones.

    Number of private subnets


    NAT gateways ($)


    VPC endpoints


    DNS options

    Leave these settings at their defaults (both checkboxes marked).

  1. Click Create VPC. See the screenshot below to confirm your settings. This example VPC uses two Availability Zones and two public subnets to enable HA.

    Create VPC Settings

Optional steps (not required for deployment):

  • Create an S3 bucket for storage. An S3 bucket is not required to launch the Aviatrix Platform, but is required for HA (High Availability) and Backup and Restore Configuration.

    The S3 bucket you use or create for Controller HA and Backups should be configured to restrict public access.

  • Create an Application Load Balancer with a Web Application Firewall (WAF) for additional security. This configuration requires a second subnet in a different Availability Zone. See this article for more information.

AWS Prerequisite Checklist

Make sure you have completed these prerequisites before launching your Controller:

  • Create a new, dedicated VPC for the Controller and CoPilot

  • Saved the CIDR range for the main user of the Controller

  • Reviewed the optional steps above (creating an S3 bucket and an Application Load Balancer) and completed them if needed for your configuration

Azure Prerequisites

You only need to find and save the CIDR range for the device of the main Aviatrix Controller and CoPilot user, as explained in Prerequisites for all Clouds.

GCP Prerequisites


Get a Customer ID from Aviatrix

The Aviatrix Controller for Google Cloud Platform (GCP) is available on the Google Cloud Marketplace for BYOL license. Send an email to or open a support ticket at Aviatrix Support Portal with your organization name to request a customer ID. We offer a 30-day free trial license.

Creating a GCP Account

Aviatrix Cloud Connect is a software product that is launched in your own GCP account. The Controller and the Gateways created from the Controller are all in your own network perimeter and completely under your control.

Create a GCP account ( If you already have an account, skip this step and go to the next step.

The Controller supports multiple accounts and each account is associated with a different GCP project. But you must have at least one account.

Creating a GCP Project

Log in to your Google Cloud Platform (GCP) account and go to the project page:

Create a project. Go on to the next step if you have already created one. The project ID will be used in referencing this project by Aviatrix Controller.

For example, in a project called Aviatrix-UCC, the project ID is aviatrix-ucc-1214.

(Optional) Creating Networks

This step creates a network in the project created in the previous step.

When a new project is created, a default network is created. You may skip this step if you do not need to customize the network address range by creating a new network, or go on to the next step if you have done so.

The Aviatrix Controller handles a GCP network like a VPC in AWS. Whenever a network configuration is mentioned for Google, the term VPC is used. (The VNet is used for Azure.)

At the GCP console, select the project that you copied the Aviatrix Controller image to. Click the 3 bars. At the dropdown menu, select VPC Network. Click [+] Create Network. Use the automatic subnet creation mode; otherwise ensure there is a subnet allocated for each region where a Gateway will be deployed.

If you plan to have multiple projects, we suggest you plan your subnets so that the network addresses do not overlap. Select Custom to create subnets.

OCI Prerequisites

See the "Prerequisites for all Clouds" section above.

Next Steps

After completing the prerequisites for all clouds and for the specific CSP marketplace, see the relevant Getting Started Guide to deploy your Controller in one of the CSPs: