AWS China Startup Guide¶
Welcome. Your Aviatrix product experience starts here.
Click a link below to learn your use case or read an Aviatrix Overview.
The Aviatrix Controller provides a single pane of glass for all your secure networking tasks. You can run the Controller in your own VPC or let Aviatrix manage it in our hosted service.
The following guide applies to running the Controller in your own environment in China.
The first thing you need to do is to launch the Controller instance.
We’ll walk you through the following steps. By the end, you’ll be ready for your first use case.
Before you start, you need to have an AWS account. Create a new account or login to an existing IAM account.
- We require this AWS IAM account to have permissions to create AWS access key, secret access key, IAM policies and launch EC2 instances.
- The Controller instance must be launched on a public subnet in a VPC.
Step 1. Locate the Controller AMI from AWS Community¶
Login to AWS China, select Beijing region, click launch EC2 instance from AWS Community AMIs, search for aviatrix, as shown below. The Aviatrix Controller AMI name is Aviatrix_china_controller_051518_BYOL.
Step 2. Select Controller instance size¶
Select t2.large for the Controller instance, as shown below.
Step 3. Select VPC and subnet to launch¶
Make sure you select a public subnet. We recommend you to enable termination protection.
Step 4. Add storage¶
Make sure you specify 20GB as the storage size, as shown below.
Step 5. Setup security group¶
Open security group 443 to all, as shown below. (You can reduce the scope later)
Step 6. Launch the instance¶
Review the instance, create a new or use an existing key pair to launch the instance.
Step 7. Add EIP¶
Once the Controller instance is launched, you need to associate it with an EIP. Make sure this EIP has been granted legitimacy by the government.
Associate the EIP with the Controller instance.
Step 8. Connect to the Controller¶
Now that Aviatrix Controller instance has been launched, let’s login and go through a few init steps.
Open a browser window to https://AviatrixControllerEIP
You may receive a warning that the connection may not be secure. This is because the certificate is self-signed by the Controller. It is safe to continue to the page.
Step 9. Initial Login¶
9.1 Login with the username admin.
9.2 For the password field, you can find the Controller instance’s private IP address by going to AWS EC2 console, click the Controller instance and locate its private IP address.
9.3 Enter your email address. This email will be used for alerts as well as password recovery (if needed).
9.4. Next, you will be prompted to change the admin password.
9.5. Click Skip in the next page, unless the Controller instance VPC has an HTTP or HTTPS proxy configured for Internet access.
9.6. Finally, the Controller will upgrade itself to the latest software version. Enter 3.3 and click run, as shown below. The process can take up minutes to hours. Read the tip below fore you proceed.
Since the Aviatrix software is hosted in AWS us-west-2, loading software to the Controller from AWS China could take significantly longer time, from tens of minutes to up to an hour. Our experiences have been that if you upgrade software during the early morning hours in China (2am to 7am China time) the download is faster. Once complete, the login prompt will appear. Use the user admin and your new password to login.
Step 10. Create A Primary Access Account¶
10.1 Select AWS China¶
Once logged back in to the Controller, you should be on the Onboarding page or click “Onboarding` on the navigation item. Then click AWS icon.
10.2 Enter Your Customer ID¶
Contact email@example.com to get a trial license if you do not have one.
Enter the Customer ID in the field and click Save.
10.3 Setup an Access Account¶
Follow the instructions in how to create IAM user and policy to fill in the fields below.
Field Expected Value Account Name Enter a name that is unique on the Controller. Example name: AWSOpsTeam. AWS China Account Number The IAM user account’s 12 digit AWS account number. AWS China Access Key ID The IAM user account’s access key id. AWS China Secret Key The IAM user account’s secret key.
Once complete, click the Create button at the bottom of the form, as shown below.
Next: Start a Use Case¶
You are now ready to establish connectivities to/from the cloud. Here are some of the things you can do:
- Build User SSL VPN
- Build Egress Security
- Build Site to Cloud VPN
- Build Multicloud Peering
- Build Encrypted Peering
Any resources created by the Controller, such as Aviatrix gateways, route entries, ELB, SQS queues, etc, must be deleted from the Controller console. If you delete them directly on AWS console, the Controller’s view of resources will be incorrect which will lead to features not working properly.
For technical support, email us at firstname.lastname@example.org
- IAM role is not supported in the current release 3.3 in AWS China.
- Next-Gen Transit Network is not supported in the current release 3.3 in AWS China.
- AWS Ningxia region is not supported in the current release 3.3 in AWS China.
- Native AWS Peering is not supported in the current release 3.3 in AWS China.