Create an Instance on Amazon Web Services

Overview

You can use NGINX Controller to create an NGINX Plus data path instance on Amazon Web Services (AWS).

This tutorial walks through the steps to deploy NGINX Plus on AWS using an Instance Template.

See Also:
For instructions on how to add an existing Instance to NGINX Controller, see Manage Your NGINX Instances.
Important:
You are responsible for applying software and security updates on your data plane Instances. NGINX Controller does not manage these updates for you.

Create an Integration

Create an Integration for your AWS system.

Before You Begin

IAM User

To create an NGINX Controller Integration for AWS, you need to configure an AWS IAM user with the following roles:

"ec2:*Instance*",
"ec2:*Tags*"

AWS Security Credentials

You’ll need to supply the following AWS security credentials to complete the NGINX Controller Integration setup for AWS:

  • access key ID
  • secret access key ID

Steps

Note:
  • Select AWS_Location for the Integration type.
  • Select AWS_ACCESS_KEY for the credential type.

Take the following steps to create an Integration:

  1. Open the NGINX Controller user interface and log in.
  2. Select the NGINX Controller menu icon, then select Platform.
  3. On the Platform menu, select Integrations.
  4. On the Integrations menu, select the Create Integration quick action.
  5. Add a name.
  6. (Optional) Add a display name.
  7. (Optional) Add a description.
  8. (Optional) Add tags.
  9. Select the Integration type.
  10. (Optional) Type the service endpoint URL.
  11. Select the credential type.
  12. For AWS integrations:
    1. Type the access key ID.
    2. Type the secret access key ID.
  13. Select Submit.

Create a Location

Note:
To deploy to AWS, select AWS_Location for the Location type.

Take the following steps to create a Location:

  1. Open the NGINX Controller user interface and log in.

  2. Select the NGINX Controller menu icon, then select Infrastructure.

  3. On the Infrastructure Menu, select Locations.

  4. On the Quick Action menu, select Create Location.

  5. On the Create Location page, provide the Location name.

  6. (Optional) Add a display name.

  7. Select the Location type:

    • Select OTHER_LOCATION to create a location that’s not an orchestrated cloud environment.
    • Select AWS_LOCATION to allow NGINX Controller to orchestrate deployments on Amazon Web Services.
  8. For an AWS_LOCATION type, provide the following information:

    1. Integration Reference. See Manage Your NGINX Integrations for instructions on how to create Integrations.
    2. Add the AWS VPC ID.
    3. Add the AWS region.
    4. (Optional) Add a description.
    5. (Optional) Add tags.
  9. (Optional) Add a description.

  10. (Optional) Add tags.

  11. Select Submit.

Create an Instance Template

An Instance Template defines the parameters to use when creating a data plane instance.

Before You Begin

Before creating an Instance Template, first gather the following required AWS information. You may need to look up this information in your AWS account.

Amazon Machine Image (AMI)

The AMI that you select should be secure and hardened. We recommend closing ports that are not needed and updating the AMI to include the latest security patches. NGINX Controller will not secure or update this Instance for you.

The AMI must be an operating system that is supported by the NGINX Controller Agent. For the list of supported OSes, see the NGINX Controller Technical Specifications Guide.

The AMI image must have the following software packages installed:

  • NGINX Plus (R19, R20, R21, or R22)
  • Python 2.7 (for NGINX Controller 3.6 and earlier)
  • Golang (for NGINX Controller 3.7 and newer)
  • OpenSSL
  • cURL 7.32 or newer
  • libxerces-c3.2
  • Cloud-init

ECS Instance Type

After you’ve configured the AMI, you need to define the EC2 Instance size. You can find the EC2 Instance sizes that your region supports here: https://aws.amazon.com/ec2/instance-types/.

Subnet ID

The SubnetId identifies the specific subnet contained within your VPC that you want to deploy your Instance into.

Security Group IDs

The security group controls traffic flowing to and from your NGINX Instances. You need to use the GroupId from the security group to configure your Instance Template.

The GroupId that you select must have ports 22, 443, and 8443 opened to allow communication from NGINX Plus to NGINX Controller. We recommend opening only ports 22 and 8443 to the IP address that NGINX Controller is using. The ports that your applications use will require other ports to be open. If your HTTP application is running on this NGINX Plus Instance, you need to open port 80.

The security group you select should use the same VPC ID that was configured with your Location.

AWS Public Key

The AWS public key is the key that allows NGINX Controller to communicate with your NGINX Plus orchestrated Instance. You need this key so you can install updates. If you do not want to provide your public key, you need to install the NGINX Controller agent manually. You will copy/paste your ssh key name into this field.


Steps

Take the following steps to create an Instance Template:

  1. Open the NGINX Controller user interface and log in.
  2. Select the NGINX Controller menu icon, then select Infrastructure > Instance Templates.
  3. On the My Instance Templates menu, select the Create Instance Template quick action.
  4. Add a name.
  5. (Optional) Add a display name.
  6. (Optional) Add a description.
  7. (Optional) Add tags.
  8. Select a Location in the list, or select Create New to create a Location.
  9. Select the Instance Template type.
  10. For an AWS_INSTANCE_TEMPLATE, provide the following information. You may need to look up this information in your AWS account.
    1. Add the Amazon Machine Image ID.
    2. Add the EC2 Instance Type.
    3. Add the Subnet ID.
    4. (Optional) Add the Security Group IDs.
    5. (Optional) Add the AWS Public Key.
Note:
Enabling WAF via the App Security add-on is not supported when deploying Instances with an Instance Template.

Create an Instance Using a Template

Take the following steps to create an Instance using an Instance Template:

  1. Open the NGINX Controller user interface and log in.
  2. Select the NGINX Controller menu icon, then select Infrastructure.
  3. On the Infrastructure menu, select Instances.
  4. On the Instances overview page, select Create.
  5. Select Create a new instance using a template.
  6. Add a name.
  7. Select a Location in the list, or select Create New to create a Location.
  8. Select an Instance Template in the list, or select Create New to create an Instance Template.
  9. Select Submit.

Troubleshooting

When deploying an NGINX Plus instance, the deployment may fail because the Controller Agent install script doesn’t download. When this happens, an error similar to the following is logged to /var/log/agent_install.log: “Failed to download the install script for the agent.”

Take the following steps to troubleshoot the issue:

  • Ensure that ports 443 and 8443 are open between NGINX Controller and the network where the NGINX Plus instance is being deployed.
  • Verify that you can communicate with NGINX Controller from the NGINX Plus instance using the NGINX Controller FQDN that you provided when you installed NGINX Controller.
  • If you’re deploying an NGINX Plus instance on Amazon Web Services using a template, ensure that the Amazon Machine Image (AMI) referenced in the instance_template has a cURL version of 7.32 or newer.

What’s Next


This documentation applies to the following versions of NGINX Controller Documentation:
3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 3.12.