Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)`
- Click to
Instances
andLaunch Instance
- On the marketplace search "VyOS"
- Choose the instance type. Minimum recommendation start from
m3.medium
- Configure instance for your requirements. Select number of instances / network / subnet
- Additional storage. You can remove additional storage
/dev/sdb
. First root device will be/dev/xvda
. You can skeep this step.
- Configure Security Group. It's recommended that you configure ssh access only from certain address sources. Or permit any (by default).
- Select SSH key pair and click
Launch Instances
- Find out your public IP address.
- Connect to the instance by SSH key.
ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3 vyos@ip-192-0-2-10:~$
To use Amazon CloudWatch Agent, configure it within the Amazon SSM Parameter Store. If you don't have a configuration yet, do :ref:`configuration_creation`.
- Create an :abbr:`IAM (Identity and Access Management)` role for the :abbr:`EC2 (Elastic Compute Cloud)` instance to access CloudWatch service, and name it CloudWatchAgentServerRole. The role should contain two default policies: CloudWatchAgentServerPolicy and AmazonSSMManagedInstanceCore.
- Attach the created role to your VyOS :abbr:`EC2 (Elastic Compute Cloud)` instance.
- Ensure that amazon-cloudwatch-agent package is installed.
$ sudo apt list --installed | grep amazon-cloudwatch-agentNote
The amazon-cloudwatch-agent package is normally included in VyOS 1.3.3+ and 1.4+
- Retreive an existing CloudWatch Agent configuration from the :abbr:`SSM (Systems Manager)` Parameter Store.
$ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:<your-configuration-name>This step also enables systemd service and runs it.
Note
The VyOS platform-specific scripts feature is under development. Thus, this step should be repeated manually after changing system image (:doc:`/installation/update`)
Creating the Amazon Cloudwatch Agent Configuration in Amazon :abbr:`SSM (Systems Manager)` Parameter Store.
- Create an :abbr:`IAM (Identity and Access Management)` role for your :abbr:`EC2 (Elastic Compute Cloud)` instance to access the CloudWatch service. Name it CloudWatchAgentAdminRole. The role should contain at two default policies: CloudWatchAgentAdminPolicy and AmazonSSMManagedInstanceCore.
Note
CloudWatchAgentServerRole is too permisive and should be used for single configuration creation and deployment. That's why after completion of step #3 higly recommended to replace instance CloudWatchAgentAdminRole role with CloudWatchAgentServerRole.
- Run Cloudwatch configuration wizard.
$ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
- When prompted, answer "yes" to the question "Do you want to store the config in the SSM parameter store?".