Deploy Aviatrix Controller through CSP Consoles

This guide provides step-by-step instructions for manually launching the Aviatrix Controller in AWS, Azure, and GCP using their respective cloud consoles or CLI tools.

Prerequisites

  • An active AWS, Azure, or GCP account with the required permissions

  • IAM roles and policies

  • Security group or firewall rules allowing required ports

Deploy Aviatrix Controller in AWS Console

Create IAM Role

  1. Sign in to the AWS IAM Console.

  2. Navigate to RolesCreate Role.

  3. Select EC2 as the trusted entity.

  4. Attach the Aviatrix IAM Policy. See AWS IAM Policies.

Launch EC2 Instance from AMI

  1. Go to the AWS EC2 Console.

  2. Click AMIs on the left-side menu.

  3. Search for avx-controller-g4 from the Public images tab.

  4. Select the latest image.

  5. Click Launch instance from AMI.

    Select AMI

Configure Instance Details

Follow the steps below to configure the instance details:

  1. Enter an instance name.

  2. Choose an instance type (must be t3.large or larger).

  3. Select or create a key pair. Download and store the .pem or .ppk file securely.

  4. Network settings:

    1. Choose the appropriate VPC and subnet with a route to the Internet.

    2. Enable auto-assign Public IP.

    3. Create or select a security group allowing inbound traffic on ports 22 and 443.

  5. Storage configuration as needed.

  6. Under Advanced Details:

    1. Set IAM Role to aviatrix-role-ec2.

    2. Add the following user data:

      #cloud-config
avx-controller:
  avx-controller-version: latest
      Instance Configuration

  7. Review and launch the instance. Wait until its status is running.

(Optional) Associate Elastic IP with your Instance

It is recommended to associate an Elastic IP with your instance for a stable public IP address.

  1. Navigate to the Elastic IPs section in the EC2 Console.

  2. Click Allocate Elastic IP address.

  3. Select the instance and click Associate Elastic IP address.

  4. Select the EC2 instance you just launched and click Associate.

Deploy Aviatrix Controller in Azure Portal

This section provides instructions for deploying the Aviatrix Controller in Azure using the Azure Portal.

Launch from Azure Marketplace

  1. Sign in to the Azure Portal.

  2. Click Create a resource.

  3. Search for Aviatrix Controller and select Aviatrix Cloud Network Controller.

  4. Click Create > Aviatrix Controller G4.

    Azure Marketplace

Configure VM Settings

  • Choose an existing Resource Group or create a new one.

  • Enter a VM Name.

  • Choose a Region (such as, East US).

  • Choose an availability zone.

  • Choose a security type (such as, Standard).

  • Choose a VM size (must be Standard_D2s_v3 or higher).

  • Select Authentication type and SSH key.

  • For the inbound port rules, allow:

    • HTTPS (443)

    • SSH (22)

      VM Configuration

      1. Under Networking, choose Virtual Network, Subnet and Public IP.

        1. Ensure the subnet has a route to the internet (NAT Gateway or Internet Gateway).

        2. For the public IP, you can either create a new one or use an existing one.

        3. For the inbound port rules, ensure the following ports are allowed:

    • SSH (22)

    • HTTPS (443)

      1. Under Advanced, add the following user data script to automatically configure the Controller:

        #cloud-config

avx-controller:
  avx-controller-version: latest
        Instance Configuration

      2. Click Review + Create to complete the deployment.

Deploy Aviatrix Controller in GCP CLI

This section provides instructions for deploying the Aviatrix Controller in GCP using the GCP CLI.

Due to recent changes in the Google Cloud Platform (GCP) portal, deploying the Aviatrix Controller through the portal UI is currently not supported. This section provides instructions for CLI-based deployment as an alternative.

Prerequisites

  • A Google Cloud project with billing enabled

  • IAM permissions (Compute Admin and Service Account Admin)

  • An SSH key pair

  • User-data (cloud-init) file for the Aviatrix Controller configuration

  • Network and firewall rules allowing access

Install Google Cloud CLI

Make sure you have the Google Cloud SDK (gcloud CLI) installed on your local machine.

To verify that the gcloud CLI has been installed, run the following command in your terminal:

gcloud --version

Initialize Google Cloud CLI

After installing, authenticate and set your default project:

gcloud init

This command will:

  • Open a browser to authenticate your Google account.

  • Let you choose your Google Cloud project.

  • Optionally set default region/zone.

Launch from Google Cloud Marketplace

  1. Go to the Marketplace and search for Aviatrix Cloud Network Controller.

  2. Select the Aviatrix Cloud Network Controller.

  3. Click Launch.

  4. Click the Command Line tab. This tab shows you pre-filled gcloud commands that you can run from your terminal to deploy the Aviatrix Controller VM manually.

Reviewing the VM Image Path

Once you’ve launched from the Marketplace, copy the resource name of the VM image under Review VM images. It will resemble this format:

gcloud compute images list --project=mpi-aviatrix-public
Review VM Image

Preparing for Command-Line Deployment

Prepare User-Data File

Create a user-data.yml file with the following content. This file will be used to configure the Aviatrix Controller during VM initialization.

#cloud-config

avx-controller:
  avx-controller-version: latest

Deploy via gcloud CLI

Use this command to deploy a VM with the Aviatrix Controller image. Replace <instance-name> and <path-to-user-data.yml> with your actual values.

gcloud compute instances create <instance-name> \
  --zone=us-central1-c \
  --machine-type=e2-medium \
  --image=projects/mpi-aviatrix-public/global/images/avx-controller-g4-202506231805 \
  --metadata-from-file,user-data=<path-to-user-data.yml>

Example:

gcloud compute instances create avx-controller \
  --zone=us-central1-c \
  --machine-type=e2-medium \
  --image=projects/mpi-aviatrix-public/global/images/avx-controller-g4-202506231805 \
  --metadata-from-file,user-data=user-data.yml

Create Firewall Rules

Open the required ports to access your VM.

Allow SSH (port 22)

Run the following command to create a firewall rule that allows SSH access, where <YOUR_PROJECT_ID> is your Google Cloud project ID.

gcloud compute firewall-rules create allow-ssh \
  --network=default \
  --allow=tcp:22 \
  --source-ranges=0.0.0.0/0 \
  --project=<YOUR_PROJECT_ID>

Allow HTTPS (port 443)

Run the following command to create a firewall rule that allows HTTPS access, where <YOUR_PROJECT_ID> is your Google Cloud project ID.

gcloud compute firewall-rules create allow-https \
  --network=default \
  --allow=tcp:443 \
  --source-ranges=0.0.0.0/0 \
  --project=<YOUR_PROJECT_ID>

Optional: Internal Traffic

Run the following command to allow internal traffic within your GCP network. This is useful for communication between VMs in the same network, where <YOUR_PROJECT_ID> is your Google Cloud project ID.

gcloud compute firewall-rules create allow-internal \
  --network=default \
  --allow=tcp,udp,icmp \
  --source-ranges=10.128.0.0/9 \
  --project=<YOUR_PROJECT_ID>

(Optional) Set Up the GCP Service Account

After deploying your Controller VM, create a Service Account for Aviatrix to manage your GCP environment.

Create Service Account

You can use an existing Service Account or create a new one specifically for the Aviatrix Controller. If you choose to create a new one, follow these steps:

  1. Go to the Google Cloud Console.

  2. Go to IAM & Admin > Service Accounts in the Cloud Console.

  3. Click + CREATE SERVICE ACCOUNT.

  4. Fill in:

    • Service account name

    • Service Account ID

    • Description: Service Account for Aviatrix Controller

  5. Click CREATE AND CONTINUE.

Assign Required Roles

Grant the following roles:

  • Compute Admin

  • Service Account User

Click DONE to finish.

Create and Download JSON Key

  1. Click the service account you just created.

  2. Go to the Manage Keys tab.

  3. Click ADD KEY > Create new key.

  4. Choose JSON.

  5. Click CREATE.

This will download the JSON key file to your computer. Store it securely.

Post-Deployment Setup

After deploying the Aviatrix Controller, you need to complete the initial setup to configure it for your environment.

Initial Setup of Aviatrix Controller

Follow these steps to complete the setup of your Aviatrix Controller after deployment:

  1. Enter the public IP of the instance in your browser to access the Controller UI.

  2. Login the Controller UI using the default credentials:

    • Username: admin

    • Password: <your private ip>

  3. Follow the setup wizard to change the Controller UI login password.

  4. Enter email address for password recovery.

    • Enter your Customer ID.

    • Click RUN to complete the Initial Setup.

Onboard Cloud Accounts

After the Controller is set up, you can onboard your cloud accounts to manage them through the Aviatrix Controller. Follow the specific onboarding guides for each cloud provider.

Onboard your AWS Account in Aviatrix Controller

After the instance is running, you need to onboard your AWS account in the Aviatrix Controller. See Onboard AWS Account for detailed instructions.

Onboard your Azure Account in Aviatrix Controller

After the VM is created, you need to onboard your GCP account in the Aviatrix Controller. See Onboard GCP Account for detailed instructions.

Onboard your GCP Account in Aviatrix Controller

  1. Access your Aviatrix Controller Web UI via its External IP:

    https://<Controller-External-IP>

  2. Go to Cloud Accounts.

  3. Click Add New Account.

  4. Select GCP as the Cloud Type.

  5. Upload the JSON Key File you downloaded.

  6. Name the account and save.

The Controller now has permissions to manage GCP resources in your project.

See Onboard GCP Account for more detailed instructions.