Create an Instance on Amazon Web Services
Overview
You can use NGINX Controller to create an NGINX Plus data path instance on Amazon Web Services (AWS).
This tutorial walks through the steps to deploy NGINX Plus on AWS using an Instance Template.
See Also:
For instructions on how to add an existing Instance to NGINX Controller, see Manage Your NGINX Instances.
Important:
You are responsible for applying software and security updates on your data plane Instances. NGINX Controller does not manage these updates for you.
Create an Integration
Create an Integration for your AWS system.
Before You Begin
IAM User
To create an NGINX Controller Integration for AWS, you need to configure an AWS IAM user with the following roles:
"ec2:*Instance*",
"ec2:*Tags*"
AWS Security Credentials
You’ll need to supply the following AWS security credentials to complete the NGINX Controller Integration setup for AWS:
- access key ID
- secret access key ID
Steps
Note:
- Select
AWS_Location
for the Integration type.- Select
AWS_ACCESS_KEY
for the credential type.
Take the following steps to create an Integration:
- Open the NGINX Controller user interface and log in.
- Select the NGINX Controller menu icon, then select Platform.
- On the Platform menu, select Integrations.
- On the Integrations menu, select the Create Integration quick action.
- Add a name.
- (Optional) Add a display name.
- (Optional) Add a description.
- (Optional) Add tags.
- Select the Integration type.
- (Optional) Type the service endpoint URL.
- Select the credential type.
- For AWS integrations:
- Type the access key ID.
- Type the secret access key ID.
- Select Submit.
Create a Location
Note:
To deploy to AWS, selectAWS_Location
for the Location type.
Take the following steps to create a Location:
-
Open the NGINX Controller user interface and log in.
-
Select the NGINX Controller menu icon, then select Infrastructure.
-
On the Infrastructure Menu, select Locations.
-
On the Quick Action menu, select Create Location.
-
On the Create Location page, provide the Location name.
-
(Optional) Add a display name.
-
Select the Location type:
- Select
OTHER_LOCATION
to create a location that’s not an orchestrated cloud environment. - Select
AWS_LOCATION
to allow NGINX Controller to orchestrate deployments on Amazon Web Services.
- Select
-
For an
AWS_LOCATION
type, provide the following information:- Integration Reference. See Manage Your NGINX Integrations for instructions on how to create Integrations.
- Add the AWS VPC ID.
- Add the AWS region.
- (Optional) Add a description.
- (Optional) Add tags.
-
(Optional) Add a description.
-
(Optional) Add tags.
-
Select Submit.
Create an Instance Template
An Instance Template defines the parameters to use when creating a data plane instance.
Before You Begin
Before creating an Instance Template, first gather the following required AWS information. You may need to look up this information in your AWS account.
Amazon Machine Image (AMI)
The AMI that you select should be secure and hardened. We recommend closing ports that are not needed and updating the AMI to include the latest security patches. NGINX Controller will not secure or update this Instance for you.
The AMI must be an operating system that is supported by the NGINX Controller Agent. For the list of supported OSes, see the NGINX Controller Technical Specifications Guide.
The AMI image must have the following software packages installed:
- NGINX Plus (R19, R20, R21, or R22)
- Python 2.7 (for NGINX Controller 3.6 and earlier)
- Golang (for NGINX Controller 3.7 and newer)
- OpenSSL
- cURL 7.32 or newer
- libxerces-c3.2
- Cloud-init
ECS Instance Type
After you’ve configured the AMI, you need to define the EC2 Instance size. You can find the EC2 Instance sizes that your region supports here: https://aws.amazon.com/ec2/instance-types/.
Subnet ID
The SubnetId identifies the specific subnet contained within your VPC that you want to deploy your Instance into.
Security Group IDs
The security group controls traffic flowing to and from your NGINX Instances. You need to use the GroupId from the security group to configure your Instance Template.
The GroupId that you select must have ports 22, 443, and 8443 opened to allow communication from NGINX Plus to NGINX Controller. We recommend opening only ports 22 and 8443 to the IP address that NGINX Controller is using. The ports that your applications use will require other ports to be open. If your HTTP application is running on this NGINX Plus Instance, you need to open port 80.
The security group you select should use the same VPC ID that was configured with your Location.
AWS Public Key
The AWS public key is the key that allows NGINX Controller to communicate with your NGINX Plus orchestrated Instance. You need this key so you can install updates. If you do not want to provide your public key, you need to install the NGINX Controller agent manually. You will copy/paste your ssh key name into this field.
Steps
Take the following steps to create an Instance Template:
- Open the NGINX Controller user interface and log in.
- Select the NGINX Controller menu icon, then select Infrastructure > Instance Templates.
- On the My Instance Templates menu, select the Create Instance Template quick action.
- Add a name.
- (Optional) Add a display name.
- (Optional) Add a description.
- (Optional) Add tags.
- Select a Location in the list, or select Create New to create a Location.
- Select the Instance Template type.
- For an
AWS_INSTANCE_TEMPLATE
, provide the following information. You may need to look up this information in your AWS account.- Add the Amazon Machine Image ID.
- Add the EC2 Instance Type.
- Add the Subnet ID.
- (Optional) Add the Security Group IDs.
- (Optional) Add the AWS Public Key.
Note:
Enabling WAF via the App Security add-on is not supported when deploying Instances with an Instance Template.
Create an Instance Using a Template
Take the following steps to create an Instance using an Instance Template:
- Open the NGINX Controller user interface and log in.
- Select the NGINX Controller menu icon, then select Infrastructure.
- On the Infrastructure menu, select Instances.
- On the Instances overview page, select Create.
- Select Create a new instance using a template.
- Add a name.
- Select a Location in the list, or select Create New to create a Location.
- Select an Instance Template in the list, or select Create New to create an Instance Template.
- Select Submit.
Troubleshooting
When deploying an NGINX Plus instance, the deployment may fail because the Controller Agent install script doesn’t download. When this happens, an error similar to the following is logged to /var/log/agent_install.log
: “Failed to download the install script for the agent.”
Take the following steps to troubleshoot the issue:
- Ensure that ports 443 and 8443 are open between NGINX Controller and the network where the NGINX Plus instance is being deployed.
- Verify that you can communicate with NGINX Controller from the NGINX Plus instance using the NGINX Controller FQDN that you provided when you installed NGINX Controller.
- If you’re deploying an NGINX Plus instance on Amazon Web Services using a template, ensure that the Amazon Machine Image (AMI) referenced in the
instance_template
has a cURL version of 7.32 or newer.
What’s Next
This documentation applies to the following versions of NGINX Controller Documentation:
3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 3.12.