AWS Getting Started Guide

Ensure you have enough VPCs, gateways, and elastic IPs available for deployment in your AWS region.

See Preparing for Your AWS Deployment for pre-deployment considerations.

AWS Simple Product Launch Overview

Aviatrix provides a product launch experience with automation and a simple UI guided flow to make it easy for you to begin using the product.

The launch experience is currently available for AWS at launch.aviatrix.com. The launch experience automates the following:

Creation of a VPC for Controller and CoPilot
Deployment and configuration of IAM
Deployment of Controller and CoPilot into the newly created VPC
Creation of security groups securing platform access to only your IP
Initialization of Controller and CoPilot to current version
Configuration and integration between Controller and CoPilot

The entire process completes in about 15 minutes when orchestrated with CloudFormation.

The guided flow involves four simple steps. The details for each step are outlined in Launch Step Details.

Step 1: Aviatrix License

Step 2: Platform Subscription

Step 3: Configuration

Step 4: Deployment

Log in to CoPilot

The default username is admin, and the password is what you entered in the CloudFormation template.

Required Aviatrix License and Marketplace Offers

Three AWS Marketplace subscriptions, described in the following table, are required. You will subscribe to these offerings through the Launch Aviatrix guided experience.

License or Offer	Description
Aviatrix Cloud Network License Service	The Aviatrix Cloud Network License Service provides the customer IDs (licenses) that are needed to access the Aviatrix Cloud Network Controller and Aviatrix Cloud Network CoPilot. This service also calculates Aviatrix bills based on usage, which are then sent to AWS Marketplace for customer billing purposes. A free trial is available with this offer.
Aviatrix Cloud Network Controller ¹	This Bring Your Own License (BYOL) offer is for the Aviatrix Cloud Network Controller. This offer integrates with the Aviatrix Cloud Network License Service which issues a license and calculates billing.
Aviatrix Cloud Network CoPilot	This BYOL offer is for the Aviatrix Cloud Network CoPilot. This offer integrates with the Aviatrix Cloud Network License Service which issues a license and calculates billing.

License or Offer

Description

Aviatrix Cloud Network License Service

The Aviatrix Cloud Network License Service provides the customer IDs (licenses) that are needed to access the Aviatrix Cloud Network Controller and Aviatrix Cloud Network CoPilot. This service also calculates Aviatrix bills based on usage, which are then sent to AWS Marketplace for customer billing purposes. A free trial is available with this offer.

Aviatrix Cloud Network Controller ¹

This Bring Your Own License (BYOL) offer is for the Aviatrix Cloud Network Controller. This offer integrates with the Aviatrix Cloud Network License Service which issues a license and calculates billing.

Aviatrix Cloud Network CoPilot

This BYOL offer is for the Aviatrix Cloud Network CoPilot. This offer integrates with the Aviatrix Cloud Network License Service which issues a license and calculates billing.

If you subscribe to the free trial license, you receive notification emails 14, seven, and one day before the free trial expires and billing begins.

Launch Step Details

The Aviatrix launch experience guides you through a quick configuration process to get the Aviatrix Cloud Networking Platform up and running in your AWS environment.

You can access the Aviatrix launch experience from launch.aviatrix.com.

Step 1: Register an Aviatrix License

In the Launch Aviatrix licensing window, do one of the following:
- If you need a license, click AWS Marketplace to open the Marketplace listing in a separate tab and continue to the next step.
- If you already have a license, enter the key in the License Key field and skip to Platform Subscription.
  
  You received the key in an email when you originally registered. The key is not retained anywhere else. If you do not have the key, contact your account manager.
On the Marketplace page, click View purchase options.
Under Purchase, click Subscribe, and then click Set up your account.
- To deploy Controller version 7.1.3958:
  - From the AWS Marketplace, choose Aviatrix Secure Networking Platform - BYOL as the license.
  - Select g3-202406050042 as the software version.
You will be redirected back to the Launch Aviatrix window.
Enter your business email address and click Verify Email.

An email is sent to you from launch@email.aviatrix.com with the subject line "Verify Your Identity," that contains a verification code.
Copy the code from the email, enter it in the field in Launch Aviatrix, and then click Next.

A success page displays and shows your unique license key. This key and subscription ID are also emailed to you.

This license key is not available anywhere else. Save the key and subscription ID in a safe place. You need them in the future.
Click Next.

Step 2: Platform Subscription

Subscribe to Aviatrix Cloud Network Controller and Aviatrix Cloud Network CoPilot.

Click Subscribe to Controller.

The AWS Marketplace listing opens on a separate tab.
On the Marketplace page, click Continue to Subscribe.
On the subscription page, click Accept Terms.

Your subscription is submitted and Pending displays in the table on this page. You can continue to the next step while the subscription process completes, which takes about a minute.

Do not click Continue to Configuration in AWS Marketplace.
Return to Launch Aviatrix and click Subscribe to CoPilot.
On the Marketplace page, click Continue to Subscribe.
On the subscription page, click Accept Terms.

Your subscription is submitted and Pending displays in the table on this page. You can continue to the next step while the subscription process completes, which takes about a minute.

Do not click Continue to Configuration.
Return to Launch Aviatrix and check both boxes indicating you subscribed to Controller and CoPilot.
Click Next.

Step 3: Configuration

Select the AWS region for deployment, and then click Next.

An IP address populates automatically based on your client IP. You can change this post-provisioning by modifying AWS Security Groups. The /32 is appended to the address to ensure that only the IP that initiated provisioning can initially access the Controller and CoPilot UIs.

Step 4: Deployment

Select the configuration method for the deployment, either CloudFormation or Terraform.

The automated CloudFormation method is recommended over the manual Terraform method.

Launch the Stack with CloudFormation

You can subscribe to the Aviatrix platform and launch the Aviatrix stack directly from the Aviatrix launch experience at launch aviatrix.com. It is recommended you use the default settings in the CloudFormation template. The only input required is the Administrator password. You can modify other settings after deployment.

Ensure you have at least 1 VPC, 1 gateway, and two elastic IPs (EIPs) available in the AWS region you are deploying to. If these are not available, the deployment will fail.

The IP address pre-populated in the IPv4 CIDR field, under Connection Configuration, is the IP you are currently using. The /32 is appended to the address to ensure that only this user can initially access the Controller. You can add more users later in CoPilot.

To deploy by using CloudFormation, perform the following steps in Launch Aviatrix.

In Step 4: Deployment in Launch Aviatrix, click Execute CloudFormation.
In the AWS Quick create stack template, scroll to the Administrator Password and Confirm Administrator Password fields and enter a password.

Password requirements: minimum 8 characters with at least 1 upper case, 1 lower case, 1 special character, and 1 number.

This is the password you will use to log in to the CoPilot and Controller UIs. The default username is admin.
Scroll to the Capabilities section at the bottom of the Template and check the box, "I acknowledge that AWS CloudFormation might create IAM resources."
Click Create Stack to run CloudFormation.

A browser tab opens to the AWS CloudFormation > Stacks page for your stack.

If nothing happens when you click Create Stack, scroll through the AWS CloudFormation template to check for error messages.
To monitor the progress of the stack creation in AWS, see Monitor the CloudFormation Stack.

It takes about 15 minutes for the stack creation to complete.

After the CloudFormation stack is created, you can access your CoPilot instance.

Deploy with Terraform

You can deploy Aviatrix by using Terraform, directly from the Aviatrix launch experience at launch aviatrix.com.

Ensure you have at least 1 VPC, 1 gateway, and two elastic IPs (EIPs) available in the AWS region you are deploying to. If these are not available, the deployment will fail.

You should be familiar with Terraform modules to use this method. If you choose to deploy with Terraform, you must meet the following prerequisites:

Install Boto3.
Configure authentication for AWS.
Install a minimum version of Terraform 0.13 and Python3.

To deploy by using Terraform, perform the following steps in Launch Aviatrix.

In Step 4: Deployment of Launch Aviatrix, click Deploy with Terraform.
Ensure you have met all the prerequisites.
Click Download Terraform Configuration File and save the file to an appropriate directory.

A Terraform file named avx-launch.tf downloads.

It is recommended that you install the Terraform modules in a separate directory from the rest of your Terraform pipeline.
In the directory where you saved the TF file, run the following commands:
```
terraform init
terraform plan
terraform apply
```
To monitor the progress of the stack creation, see Monitor the CloudFormation Stack.

After the CloudFormation stack is created, you can access your CoPilot instance.

Advanced Terraform configurations can be implemented using the examples provided in the GitHub repository.

Monitor the CloudFormation Stack

You can monitor CloudFormation progress from the AWS CloudFormation console.

The CloudFormation page in AWS should automatically launch after you submit the CloudFormation or Terraform templates.

If not logged into AWS, log into your account in the target region and go to CloudFormation > Stacks.
Select the name of the stack being created and then click the Resources tab.

The default stack name is AviatrixControlplane.

Use the Refresh button to show more frequent updates to the table.
Scroll through the Resources table to locate the AviatrixPlatformInitStepFunction entry and click on the associated Physical ID link.

It takes about two minutes for the step function entry to display in the table.
On the step functions page, click the Executions tab, and then click the link in the table for the running task.
Under Graph View, you can watch the progress of each step. Wait until all steps turn green.

When all steps are green, the process is complete. This typically takes about 15 minutes.

You can now access your CoPilot instance.

Access the CoPilot UI

Congratulations! You have successfully launched your Aviatrix platform.

You can obtain the CoPilot UI URL from AWS.

Go to CloudFormation > Stacks > <stack name> and click the Outputs tab.

The default stack name is AviatrixControlplane.
Scroll down to locate AviatrixCoPilotURL in the Key column and click the associated link under Value.

The address displayed in the table is the one you will use to access CoPilot.

If the browser displays a Your connection is not private message, click Advanced and Proceed.
Enter the username and the password you defined in CloudFormation and click Log In to open the CoPilot UI.

The default username for the UI is admin, and the password is what you entered in the CloudFormation Quick Create template.
In CoPilot, you can access Controller by clicking the Application Information icon at the top right and selecting Aviatrix Controller.

You can use the CoPilot credentials to log in to Controller.

Access the Controller UI

You can access Aviatrix Controller from the CoPilot UI.

Log into your Aviatrix CoPilot account.
Click the Application Information icon in the top right.
Select the Aviatrix Controller IP address.
Enter your username and password to log into the Controller.

By default, the credentials are the same for CoPilot and Controller.

Troubleshooting if Stack Creation Fails

Ensure that you are subscribed to required marketplace subscriptions.
If you have run the stack more than once, ensure that a unique new name is provided for the stack name. The default is AviatrixControlplane.
Ensure your AWS region has at least 1 VPC, 1 gateway, and 2 elastic IPs (EIPs) available for deployment.

Optional Post-Deployment Steps

Complete the following optional post-deployment steps if they meet your requirements.

Modifying Accidental Termination for AWS Instances

You can enable or disable the AWS option to protect against accidental termination of your EC2 instances. You cannot terminate an instance if termination protection is enabled.

In your AWS account, go to the EC2 > Instances page.
Locate and mark the checkbox for your Aviatrix Controller or CoPilot instance.

You can only modify the Instance Settings for one instance at a time. If you select multiple instances, the menu items under Instance Settings are not available.
Go to Actions > Instance Settings > Change termination protection.
Check Enable or Disable and click Save.
Repeat these steps for other instances.

Disabling Security Group Management Access

Security Group Management is enabled by default. This feature ensures that newly created gateways can access the Controller. You can disable Security Group Management access for your Controller, if needed.

In Aviatrix CoPilot, go to Settings > Configuration.
Under Security, locate the Controller Security Group Management card.
Select the Controller Account.
Set the toggle to Off.

When this feature is enabled, keep each Controller Security Group’s outbound rules at their default, open to Internet or All. This allows your Controller’s IP address to access the Internet.