Skip to main content

BlastShield Documentation

AWS Virtual Gateway Installation

This article explains how to install the BlastShield™ Gateway AMI in AWS EC2.

Install the Gateway AMI in AWS EC2

  1. Create a new Gateway in the Orchestrator.

    1. Connect to the Orchestrator and select Gateways from the left Menu.

    2. Select Add New Gateway.

    3. Enter a name for the new Gateway.

    4. Select the Addressing Mode for the Gateway to be IP Address (Source+Destination NAT).

      gw_addressing_mode--source_destination_nat.png

    5. Click the 'Save and download  invitation' button and choose the option to 'Save and copy invitation contents to the clipboard'.

    6. The copied invitation information will be needed later during the configuration of the gateway AMI.

      copy-bsi-info-orchestrator.png

  2. Launch the BlastShield AMI instance.

    1. Choose 'Launch instance' and add a name for the instance.

    2. Then go to the 'Application and OS Images (Amazon Machine Image)' box.

    3. Search for the name 'blastshield' in the search function and choose the latest available BlastShield™ Orchestrator/Gateway instance.

    4. Click on 'Select'.

      Choose-blastshield-ami.png

  3. Choose an instance type and key pair.

    1. Next, go to the 'Instance type' box.

    2. Select a t3.small instance.

    3. Set your key pair as required.

      t3-small-ami.png

  4. Configure the network settings.

    1. Go to the network settings box and configure the following

      1. Network: Choose your desired VPC.

      2. Subnet: Choose your desired subnet.

      3. Auto-assign public IP: Enable.

    2. From the security group section, configure as follows:

      1. No inbound rules are required.

      2. For outbound, ensure all traffic is allowed to all destinations.

        Network-settings-AWS-GW.png

  5. Configure Storage

    1. Add Storage: leave as default

    2. Click next

  6. Add the registration information into the user data field

    1. In the 'Advanced details' box, scroll to the 'User data' section at the bottom.

      1. Select User Data.

      2. Paste the invitation information which you copied from the Orchestrator in step 1 into the User data window.

      3. Leave the 'User data has already been base64 encoded' box unchecked.

        user-data-bsi-info.png

  7. Review and Launch the instance.

    1. Click launch to launch the AMI.

    2. Monitor your instance in the EC2 console until it has launched successfully.

    3. Once the Gateway is online, the online status will be shown in the Orchestrator.

      Gateway-is-online.png

  8. The Gateway is now ready for adding Endpoints. See the following section on how to do that.

You can now go on to the final step to add Endpoints, configure AWS security groups and BlastShield Policy.

In this section: