Deploy an Ubuntu or Debian Amazon Web Services server with user data and an enrollment token

This guide provides the information you need to deploy an Ubuntu or Debian Amazon Web Services cloud server with systemd to your Advanced Server Access team. Depending on your target server and enrollment type some topics in this guide may not apply to you, such as if your team's project will not be using enrollment tokens, or if you plan to add a different server type to your project. Modify these steps as needed to fit your team or refer to another cloud deployment guide.

Creating a cloud server with user data means installing the Advanced Server Access server agent simultaneously while you create a server with a cloud provider. You can use user data to determine the specific software to install software on a new cloud server. Installing the Advanced Server Access server agent on a cloud server doesn't need to be done when the cloud server is created, but running the installation as a startup script alongside a server's creation ensures that your cloud deployment is as safe and secure as possible.


You need the following permissions and resources to deploy an Amazon Web Services server with user data:

Amazon Web Services

Requirement Description
Amazon Web Services Account An Amazon Web Services account is needed to access the AWS Management console, where you can create a virtual machine for your team.

Advanced Server Access

Requirement Description
Advanced Server Access team This is the top-level object that is representing an organization within Advanced Server Access.
Advanced Server Access project This is the authorization-scope of your team, organizing your users, groups, and servers.

Create an enrollment token

  1. In Advanced Server Access, click Projects.
  2. Select the project that you want to add your server to.
  3. Click the Enrollment tab, then click Create Enrollment Token.

    Note: You can use the same enrollment token every time you add a server to your team. If you've already created an enrollment token, skip this step.

  4. Create a description for your new enrollment token if prompted, and click Submit.
  5. After the token has been successfully created, copy the string of numbers from the Token field and save it for a later step.

Create and enroll your Amazon Web Services server with user data

  1. Sign in to the Amazon Web Services Management Console.

  2. Click the Services tab at the top of the console and select the EC2 option in the Compute category to create a new EC2 server.
  3. Click Launch Instance.The Choose an Amazon Machine Image (AMI) page appears.
  4. Find Ubuntu server 16.04 LTS (HVM), SSD Volume Type in the image list and click Select to set your new instance as an Ubuntu/Debian server with systemd. The Choose an Instance Type page appears.
  5. Click Next: Configure Instance Details. The Configure Instance Details page appears.
  6. Expand Advanced Details.
  7. Copy the following into the User data field:


    echo "Add an enrollment token"

    sudo mkdir -p /var/lib/sftd

    echo "<enrollment-token>" | sudo tee /var/lib/sftd/enrollment.token

    export DEBIAN_FRONTEND=noninteractive

    echo "Add a basic sftd configuration"

    sudo mkdir -p /etc/sft/

    sftcfg=$(cat <<EOF


    # CanonicalName: Specifies the name clients should use/see when connecting to this host.

    CanonicalName: "ubuntu-target"



    echo -e "$sftcfg" | sudo tee /etc/sft/sftd.yaml

    echo "Retrieve information about new packages"

    sudo apt-get update

    sudo apt-get install -y curl

    echo "Add the ScaleFT testing apt repo to your /etc/apt/sources.list system config file"

    echo "deb linux main" | sudo tee -a /etc/apt/sources.list

    echo "Trust the repository signing key"

    curl -C - | sudo apt-key add -

    echo "Retrieve information about new packages"

    sudo apt-get update

    echo "Install sftd"

    sudo apt-get install scaleft-server-tools

    Note: This script creates an sftd.yaml file for your server and uses ubuntu-target as its canonical name. Modify and generate this information as needed to fit your team and project environments.

  8. Replace <enrollment_token> in the user data field with the enrollment token that you created earlier.
  9. Click Review and Launch, then click Launch. The Select an existing key pair or create a new key pair dialog box appears.
  10. Select the Proceed without a key pair option from the drop-down box.
  11. Confirm and acknowledge your choice by selecting the relevant check box, then click Launch Instances.
  12. Click View Instances. You should see the new server being initialized on the Instances page.

Confirm that your new servers are listed in the Server tab of your Advanced Server Access project before you attempt to connect to them.

Next steps

Verify server enrollment