Deploy an AWS server with a cloud account

This topic explains how to deploy an Ubuntu or Debian Amazon Web Services (AWS) cloud server with systemd to your Advanced Server Access team. You may need to modify this process to fit your specific needs.

Creating a cloud server with user data means installing the Advanced Server Access server agent when you create a server with a cloud provider. Using user data to install software on a new cloud server can be done through any cloud provider, though the user data that is used helps dictate the specific software that's needed. For Advanced Server Access, user data is used is to install the Advanced Server Access agent on your cloud server. Installing the Advanced Server Access server agent on a cloud server doesn't need to be done when the cloud server is created, but running the installation as user data alongside a server's creation ensures that your cloud deployment is as safe and secure as possible.

Prerequisites

Amazon Web Services

Requirement

Description

Amazon Web Services Account An Amazon Web Services account is needed to access the AWS Management console, where you create virtual machines for your team.

Advanced Server Access

Requirement

Description

Advanced Server Access team The top-level object that represents an Okta org within Advanced Server Access.
Advanced Server Access project The authorization-scope of your team, organizing your users, groups, and servers.

Create a server from the AWS Management console

  1. Sign in to the AWS Management console.
  2. Click the Services tab at the top of the console and select the EC2 option in the Compute category to create a new EC2 Server.
  3. Click Launch Instance.
  4. On the Choose an Amazon Machine Image page, scroll down and select Ubuntu server 16.04 LTS (HVM), SSD Volume Type.

    Doing this sets your new instance as an Ubuntu/Debian Server with systemd.

  5. On the Choose an Instance Type page, click Next: Configure Instance Details.
  6. Select the Advanced Details box on the Configure Instance Details page to access the User Data field.
  7. Enter the following text into the User data field:

    #!/bin/bash

    echo "deb http://pkg.scaleft.com/deb linux main" | sudo tee -a /etc/apt/sources.list

    curl -C - https://dist.scaleft.com/pki/scaleft_deb_key.asc | sudo apt-key add -

    sudo apt-get update

    sudo apt-get install -y scaleft-server-tools

  8. Click Review and Launch, then click Launch.

    The Select an existing key pair or create a new key pair dialog appears.

  9. Select the Proceed without a key pair option from the dropdown menu.
  10. Confirm and acknowledge your choice by selecting the relevant checkbox, then click Launch Instances.
  11. Click View Instances.

    You should see the new server being initialized on the Instances page.

Enroll your server in Advanced Server Access by attaching your cloud account

  1. In the Amazon Web Services management console, select the dropdown menu next to your profile name at the top of the page and click My Account.
  2. Copy your account ID number under Account Settings.
  3. Navigate to your team's dashboard within the Advanced Server Access console.
  4. Click the Projects header at the top of the console and select a project for your server.
  5. Click the Enrollment tab within your project's console.
  6. Click Add Cloud Account.
  7. Paste your Amazon Web Services account ID number in the Account ID field, and add a description if needed.
  8. Click Submit.
  9. Go to the Servers tab and confirm that your new server is listed.

Confirm that your new servers are listed in the Server tab of your Advanced Server Access project before you attempt to connect to them.

Next steps

Verify server enrollment