Amazon Web Services (AWS) deploy tasks

Deploying to Amazon Web Services includes the following tasks:


Amazon Web Services import tasks

Task Description Related Topics
Download the latest OVA Download current version of the Access Gateway OVA.

Install the AWS Command Line Interface

Many of the tasks required for AWS can be done at the command line.

Determine AWS Region AWS regions represent geographical locations where virtual machines are housed.
Upload Access GatewayOVA

Uploading the Access Gateway into AWS involves:

  • Creating an S3 bucket.
  • Uploading the OVA to the bucket.
Convert Access Gateway OVA to AWS AMI

AWS requires AMI rather then OVA files. To convert an OVA to an AMI:

  • Create required roles and policy.
  • Grant role to bucket.
  • VMImport OVA from bucket.
Perform AWS Specific post installation tasks

Most virtualization environments require some post installation tasks. For AWS this includes:

  • Launch instance.
  • Obtain and AWS Elastic IP Address.

Post deployment tasks

All Access Gateway deployments require a set of common tasks:

Task Description Related Topics

First sign in

  • Reset the Access Gateway Management console password.
  • Reset the virtual appliance at the command line.

[Optional but recommended]
Specify the hostname

  • Access Gateway defaults to a known gateway hostname which can be changed.

[Optional] Specify a fixed IP address

  • Many installations require Access Gateway to use a fixed known IP address.

[Optional] Specify DNS servers

  • Many installations use a split DNS process where multiple DNS servers are required.

[Optional] Specify proxy

  • Some installations require a proxy server for Access Gateway
Determine the IP Address assigned and configure DNS
  • Determine Access Gateway IP address.

  • Configure required /etc/hosts admin entry.
  • Configure required DNS entries.

First login to the Access Gateway Admin UI console

  • Connect to the Access Gateway Admin UI console and reset the default password.

  • First sign in to Access Gateway Admin UI console
Initialize Access Gateway
  • Initialize the cookie domain and instance hostname.
Configure an identity provider
  • Configure Okta tenant as an identify provider.

Configure SAML access to Access Gateway from your Okta tenant

  • Configure Okta tenant to allow access to Access Gateway using SAML.

Review security best practices

  • Examine and execute a set of common Access Gateway security best practices.

Important Note


When creating a set of Access Gateway nodes for use in a high availability cluster, ensure that nodes are named appropriately.
Also, node names must be resolvable between Access Gateway instances before configuring high availability.

High availability and load balancer tasks

Organizations which are implementing high availability and load balancing will also want to perform the following tasks.

Task Description Related Topics
Configure Load Balancer Configure a load balancer and related health checks. Configure Amazon Web Services load balancers
Improve health checks Improve load balancer health monitoring by creating apps which return HTTP 200. Improve AWS load balancer health monitoring

Manage TLS termination

Determine where certificates and TLS will be managed.

Managing SSL/TLS termination