Deploy an AWS server with an enrollment token

This topic explains how to deploy an Ubuntu or Debian Amazon Web Services (AWS) cloud server with systemd to your Advanced Server Access team. You may need to modify this process to fit your specific needs.

Creating a cloud server with user data means installing the Advanced Server Access server agent simultaneously while you create a server with a cloud provider. You can use user data to determine the specific software to install software on a new cloud server. Installing the Advanced Server Access server agent on a cloud server doesn't need to be done when the cloud server is created, but running the installation as a startup script alongside a server's creation ensures that your cloud deployment is as safe and secure as possible.

Prerequisites

Amazon Web Services

Requirement

Description

Amazon Web Services Account An Amazon Web Services account is needed to access the AWS Management console, where you create virtual machines for your team.

Advanced Server Access

Requirement

Description

Advanced Server Access team The top-level object that represents an Okta org within Advanced Server Access.
Advanced Server Access project The authorization-scope of your team, organizing your users, groups, and servers.

Create an enrollment token

  1. From the Advanced Server Access dashboard, click Projects.
  2. Select the project you want to add the server to.
  3. Go to the Enrollment tab and click Create Enrollment Token.

    Note: You can use the same enrollment token every time you add a server to your team. If you have already created an enrollment token, skip this step.

  4. Enter a description for the token, then click Submit.

After the token has been successfully created, note the string of characters from the Token field and store them in a safe location.

Create and enroll your AWS server with user data

  1. Access the AWS Management Console.
  2. Click the Services tab at the top of the console and select the EC2 option in the Compute category to create a EC2 server.
  3. Click Launch Instance.

    The Choose an Amazon Machine Image (AMI) page opens.

  4. Identify a supported Ubuntu/Debian version and click Select.
    For details, see Supported operating systems.

    The Choose an Instance Type page opens.

  5. Click Next: Configure Instance Details.

    The Configure Instance Details page opens.

  6. Expand Advanced Details.
  7. When creating a server in your AWS Management console, you must install Advanced Server Access server agent. Use the User data field to install the Advanced Server Access server agent. See Install the Advanced Server Access server agent for instructions.
  8. Click Review and Launch, then click Launch.

    The Select an existing key pair or create a new key pair dialog opens.

  9. Select the Proceed without a key pair option from the dropdown menu.
  10. Confirm and acknowledge your choice by selecting the relevant checkbox, then click Launch Instances.

Next steps

Verify server enrollment