AWS Getting Started for Aviatrix Cloud Network Security PaaS

This guide provides information to get you signed up for the Aviatrix Cloud Network Security PaaS: Managed Firewall & Security offer on AWS Marketplace.

For more information about how Aviatrix PaaS can help make your network more secure, see:

You can subscribe, onboard, and secure your cloud resources in four simple steps:

process flow for AWS signup: subscribe on AWS, onboard AWS to aviatrix platform, onboard VPCs, protect traffic

Subscribe to Aviatrix PaaS Free Trial Offer

You can subscribe to a free trial offer for Aviatrix Cloud Network Security Platform-as-a-Service (Aviatrix PaaS) on the AWS Marketplace.

If you subscribe to the free trial, you can upgrade anytime to a paid subscription.

process flow subscribe
  1. Go to the Aviatrix PaaS listing on AWS Marketplace and select Aviatrix Cloud Network Security PaaS: Managed Firewall & Security offer.

  2. On the Aviatrix PaaS description page, click Try for Free.

    Aviatrix PaaS details on AWS marketplace
  3. On the Subscribe page, review the information about the offer and click Subscribe.

    AWS subscribe page
  4. In the notification that displays at the top of the page click Set up your account.

    set up your account button
  5. On Aviatrix Sign Up, enter your name and a valid corporate email address.

    Personal email addresses are not accepted.

    sign-up page
  6. Agree to the Aviatrix Terms of Service and Privacy Policy and click Finish Sign Up.

    An email is sent to your corporate address.

  7. In the email, click the link to Complete Sign Up and Begin Trial.

    You are redirected to the Aviatrix PaaS console. After several seconds, a Welcome screen displays, from which you can onboard your AWS cloud account.

You can upgrade to a paid plan at any time. For more information, see Upgrade a Free Trial to a Term Subscription on AWS.

Next Steps

After subscribing to Aviatrix Cloud Network Security Platform-as-a-Service (Aviatrix PaaS), onboard your cloud account and VPCs.

Onboard Cloud Account

Onboarding connects your cloud account to Aviatrix Platform and allows the platform to discover your cloud resources, such as VPCs, subnets, and VMs.

process flow onboard cloud
Onboard Your AWS Cloud Account (click to expand)

After signing up with Aviatrix PaaS, the Aviatrix Platform opens to a Welcome page. From this page you can connect your cloud accounts with the Aviatrix Platform. The onboarding process creates the AWS roles and resources required for Aviatrix Platform to monitor and manage your AWS network.

  1. On Welcome to Aviatrix PaaS, click Begin.

  2. In Begin Aviatrix Journey, select AWS and then click Launch CloudFormation.

    The AWS CloudFormation quick create stack template opens.

  3. In the template, you can optionally modify the stack name and IAM role or leave them with their default settings.

    Do not modify the AviatrixPrincipalArn. This is the IAM role owned by Aviatrix and permitted to assume the aviatrix-platform-app role.

    50%

  4. Under Capabilities, click the acknowledgment and then click Create stack.

  5. On AWS CloudFormation > Stacks > Events, watch the Status column for CREATE_COMPLETE to display.

    50%

    Refresh the list periodically to see updates.

  6. When creation completes, click the Outputs tab and copy the Value for AviatrixRoleAppARN.

    This is the ARN in the format arn:aws:iam::<account-id>:role/aviatrix-platform-app.

    50%

  7. Return to the Aviatrix Onboard Cloud Account dialog box, paste the value into the field AWS Role ARN, and click Next.

    As your account is onboarded, the cloud assets in your account are discovered. When the discovery process completes, a success message displays.

  8. Click Close.

    It can take a couple of minutes before your VPCs display under Cloud Resources > Cloud Assets.

    Your onboarded regions will also display in the Dashboard geographic map.

If you want to onboard another cloud account, you can do so from Cloud Resources > Cloud Accounts.

Next Step:

Onboard VPCs

Onboarding VPCs allows Aviatrix Platform to manage the cloud resources you select.

process flow onboard VPCs
Onboard VPCs (click to expand)

After onboarding your cloud account in Aviatrix, the VPCs or VNets associated with the account display as unmanaged resources in Aviatrix Platform. You can see a list of VPCs and VNets, and associated VM resources, on the Cloud Assets page.

To bring the resources under Aviatrix management, you must onboard the VPCs or VNets. The recommended (default) performance size for VPCs and VNets is Medium.

It is recommended that you deploy each VPC or VNet with at least two subnets in two different zones to provide high availability. You can select one subnet per availability zone.

For information about Kubernetes clusters, see "Onboard Kubernetes Clusters".

During onboarding, an Aviatrix Spoke Gateway is created on each subnet in the managed VPC or VNet. This gateway is displayed on the Topology map, along with other network resources.

Aviatrix Platform will onboard only one VPC or VNet at a time, but you can begin the onboarding process for multiple VPCs or VNets at the same time. You do not have to wait until a VPC or VNet finishes onboarding to start the onboarding process for another one.

You can also onboard, monitor, and protect VPCs and VNets from Security > Egress > Protected VPC/VNets.

To onboard your VPCs or VNets, do the following.

  1. Go to Cloud Resources > Cloud Assets > VPC/VNets & Subnets.

  2. Click the Onboard link for a VPC or VNet you want Aviatrix to manage.

    You can only onboard resources that have public IPs. By default, the 10.0.0.0/16 CIDRs are private.

  3. On Onboard a VPC/VNet you can do the following:

    1. From Performance Size, select the instance size for your VPC or VNet.

      The recommended default size is Medium.

    2. Remove a subnet from the onboarding list by clicking the "x" next to the subnet IP address.

      This action only removes the subnet from being managed, it does not remove the subnet from the VPC or VNet.

    3. Add a subnet to the list by clicking the down arrow and selecting the subnet IP address.

    4. Click Onboard.

      The Aviatrix Managed column changes status to In Progress. When onboarding of all subnets for the VPC or VNet is complete, status changes to Yes.

  4. Expand the VPC or VNet listing to see the status of individual subnets in the VPC or VNet.

  5. Click the Name of the VPC or VNet to display related route tables.

As subnets are onboarded, they also appear in the Cloud Fabric > Topology map as managed resources.

You can monitor and protect onboarded VPCs and VNets from Security > Egress > Protected VPC/VNets.

You can offboard a VPC or VNet from the Aviatrix Platform by using the Manage menu.

Secure Your Network

Use either the Distributed Cloud Firewall (DCF) or Egress Security workflow.

process flow secure traffic