Amazon Web Services (AWS) deploy tasks

Deploying to Amazon Web Services includes the following tasks:

Amazon Web Services import tasks
Post deployment tasks

Amazon Web Services import tasks

Task	Description	Related Topics
Download the latest OVA	Download current version of the Access Gateway OVA.	Download the latest OVA image
Install the AWS Command Line Interface	Many of the tasks required for AWS can be done at the command line.	Install and configure AWS command line support
Determine AWS Region	AWS regions represent geographical locations where virtual machines are housed.	Determine your AWS region
Upload Access GatewayOVA	Uploading the Access Gateway into AWS involves: Creating an S3 bucket. Uploading the OVA to the bucket.	Create AWS S3 Bucket Upload an OVA to an S3 Bucket
Convert Access Gateway OVA to AWS AMI	AWS requires AMI rather then OVA files. To convert an OVA to an AMI: Create required roles and policy. Grant role to bucket. VMImport OVA from bucket.	Create and associate AWS roles Import an OVA to AWS
Perform AWS Specific post installation tasks	Most virtualization environments require some post installation tasks. For AWS this includes: Launch instance. Obtain and AWS Elastic IP Address.	Launch AWS instance Obtain AWS Elastic IP address

Post deployment tasks

All Access Gateway deployments require a set of common tasks:

Task	Description	Related Topics
First sign in	Reset the Access Gateway Management console password. Reset the virtual appliance at the command line.	First sign in to command line console Initialize Access Gateway command line
[Optional but recommended] Specify the hostname	Access Gateway defaults to a known gateway hostname which can be changed.	Set Access Gateway instance hostname
[Optional] Specify a fixed IP address	Many installations require Access Gateway to use a fixed known IP address.	Set Access Gateway instance IP address
[Optional] Specify DNS servers	Many installations use a split DNS process where multiple DNS servers are required.	Set Access Gateway DNS Servers
[Optional] Specify proxy	Some installations require a proxy server for Access Gateway	Set Access Gateway proxy server
Determine the IP Address assigned and configure DNS	Determine Access Gateway IP address. Configure required /etc/hosts admin entry. Configure required DNS entries.	Determine Access Gateway IP address for non-AWS instances. Configure admin /etc/hosts entry Configure Access Gateway DNS
First login to the Access Gateway Admin UI console	Connect to the Access Gateway Admin UI console and reset the default password.	First sign in to Access Gateway Admin UI console
Initialize Access Gateway	Initialize the cookie domain and instance hostname.	Initialize Access Gateway console
Configure an identity provider	Configure Okta tenant as an identify provider.	Configure your Okta tenant as an identity provider
Configure SAML access to Access Gateway from your Okta tenant	Configure Okta tenant to allow access to Access Gateway using SAML.	Add an Access Gateway Admin UI console application
Review security best practices	Examine and execute a set of common Access Gateway security best practices.	Security best practices

Important

When creating a set of Access Gateway nodes for use in a high availability cluster, ensure that nodes are named appropriately.
Also, node names must be resolvable between Access Gateway instances before configuring high availability.

High availability and load balancer tasks

Organizations which are implementing high availability and load balancing will also want to perform the following tasks.

Task	Description	Related Topics
Configure Load Balancer	Configure a load balancer and related health checks.	Configure Amazon Web Services load balancers
Improve health checks	Improve load balancer health monitoring by creating apps which return HTTP 200.	Improve AWS load balancer health monitoring
Manage TLS termination	Determine where certificates and TLS will be managed.	Managing SSL/TLS termination