Anapaya EDGE on AWS¶
This section will guide you through the steps to get the Anapaya EDGE Appliance from the AWS Marketplace up and running.
Prerequisites¶
Before you can start, you need to have an AWS account. If you do not have one yet, you can create one here. You also need to have a SCION access into the AWS cloud. If you do not have one yet, please contact the Anapaya Customer Success team.
Installation¶
The Anapaya EDGE Appliance is available on the AWS Marketplace, under the name “Anapaya EDGE”. The appliance is available in many different regions. After subscribing to the product, you can launch it directly from the AWS Marketplace in your preferred region.
We recommend starting with a t3.medium or similar instance type, which is
the smallest instance type that is supported by the appliance. You can always
change the instance type later on if you want to increase performance.
Warning
Make sure to select an SSH key pair that you have access to. You will need this key pair to connect to the appliance via SSH.
Cloud-Init¶
You can use cloud-init to configure the appliance during the launch process, for example
to set the password or SSH keys for the anapaya user.
#cloud-config
users:
- name: anapaya
ssh_authorized_keys:
- ...
Refer to the cloud-init documentation for more examples and details.
Warning
The Anapaya EDGE appliance will overwrite the SSH keys of the anapaya user
as soon as the first configuration is applied. This means that the SSH keys you
set in the cloud-init configuration will be removed. If you want to keep the
SSH keys, you need to configure them in the appliance configuration during initial
configuration.
VPC Configuration¶
We recommend to launch the appliance in a VPC that has at least two subnets. One subnet is used for the management interface and can have Internet access. The other subnet is used for the SCION interface towards the SCION network and the IP addressing details of this subnet are provided by your SCION access provider. Ideally, you should also have a third subnet that is used to connect the EDGE appliance to your applications.
Security Group Configuration¶
If you want to access the appliance from the Internet via SSH, you need to
configure the security group to allow incoming SSH connections. The appliance
uses port 22 for SSH.
Connecting to the Appliance¶
Once the appliance is launched, you can connect to it via SSH. The appliance
uses the anapaya user for SSH access and the SSH key pair that you selected
during the launch process.
Configuration¶
After connecting to the appliance, you can configure it using the appliance-cli. Refer to the Initial Configuration section in the general getting started guide for more details
Warning
The appliance is configured to use DHCP on initial launch. When you
start changing the appliance configuration, you should first configure the
interfaces section with the DHCP values for the management interface that were
assigned by AWS. Otherwise, you might lose connectivity to the appliance.
NAT Configuration¶
In some scenarios you might need to configure NAT on the appliance. Refer to the Network Address Translation (NAT) section in the general configuration guide for more details.