Deploy an Ubuntu/Debian Amazon Web Services Server with Userdata and a Linked Cloud Account


This guide provides the information you need to deploy an Ubuntu/Debian Amazon Web Services Cloud Server with systemd to your Advanced Server Access team. Depending on your target server and enrollment type some topics in this guide may not apply to you, such as if your team's project does not have a Cloud account added or you plan to add a different server type to your project. Modify your steps as needed to fit your team, or refer to a different guide on the cloud deployments page.

Creating a cloud server with Userdata means installing the Advanced Server Access AgentA software agent is a lightweight program that runs as a service outside of Okta. It is typically installed behind a firewall and allows Okta to tunnel communication between an on-premises service and Okta's cloud service. Okta employs several agent types: Active Directory, LDAP, RADIUS, RSA, Active Directory Password Sync, and IWA. For example, users can install multiple Active Directory agents to ensure that the integration is robust and highly available across geographic locations. simultaneously while you create a server with a cloud provider. Using user data to install software on a new cloud server can be done through any cloud provider, though the user data that is used helps dictate the specific software that's needed. For Advanced Server Access, user data is used is to install the Advanced Server Access Agent on your cloud server. Installing the Advanced Server Access Agent on a Cloud Server doesn't need to be done when the cloud server is created, but running the installation as user data alongside a server's creation ensures that your Cloud Deployment is as safe and secure as possible.


You need the following permissions and resources to deploy an Amazon Web Services Server with Userdata

Amazon Web Services

Requirement Description
Amazon Web Services Account An Amazon Web Services account is needed to access the AWS Management console, where you can create a Virtual Machine for your team.

Advanced Server Access

Requirement Description
Advanced Server Access Team This is the top-level object that is representing an organization within Advanced Server Access.
Advanced Server Access Project This is the authorization-scope of your team, organizing your Users, Groups, and Servers.


Deploying an Amazon Web Services Server with Userdata has two major sections: Creating your team's server within the Amazon Web Services Management Console and Enrolling your new Server in your Advanced Server Access project. Click each link below to navigate to the instructions for each process.

  1. Create a Server within the Amazon Web Services Management Console
  2. Enroll your Server in Advanced Server Access by linking your Cloud Account

Create a Server within the Amazon Web Services Management Console

  1. Log into the Amazon Web Services Management Console.

  2. Click the Services tab at the top of the console and select the EC2 option in the Compute category to create a new EC2 Server
  3. Click the Launch Instance button to begin setup
  4. On the Choose an Amazon Machine Image page, scroll down the page and click the Select button for Ubuntu server 16.04 LTS (HVM), SSD Volume Type. Doing this sets your new instance as an Ubuntu/Debian Server with systemd
  5. On the Choose an InstanceAn instance, or computer instance, is a virtual machine (VM) or individual physical computer, used to host a software appliance. Type page, click the Next: Configure Instance Details button
  6. Select the Advanced Details dropdown on the Configure Instance Details page to access the User Data text box
  7. Within the User data text box, copy and paste the following text:

    echo "deb linux main" | sudo tee -a /etc/apt/sources.list
    curl -C - scaleft_deb_key.asc | sudo apt-key add -
    sudo apt-get update
    sudo atp-get install -y scaleft-server-tools
  8. Click the Review and Launch button and then press Launch at the bottom right corner of the screen.
  9. Select the dropdown in the Select an existing key pair or create a new key pair window and choose the Proceed without a key pair option
  10. Confirm and acknowledge your choice by selecting the relevant checkbox before clicking the Launch Instances button
  11. Select the View Instances button, and you should see your new server initializing on the Instances page

Enroll your Server in Advanced Server Access by linking your Cloud Account

  1. Within the Amazon Web Services management console, select the dropdown next to your profile name at the top of the page and click My Account
  2. Copy your Account ID number under Account Settings
  3. Navigate to your team's dashboard within the Advanced Server Access console

  4. Click the Projects header at the top of the console and select a Project for your server.
  5. Click the Enrollment tab within your project's console
  6. Select the Add Cloud Account button
  7. Paste your Amazon Web Services Account ID number in the Account ID text box, and add a description if needed.
  8. Click Submit
  9. Navigate to the Servers tab and confirm that your new Cloud Server is listed

Ensure that your new server is listed in your Project's Server tab within the Advanced Server Access console before trying to SSH into your team's servers.