Installing PO Box To AWS With CloudFormation

Owned by Marco Palella (Unlicensed)
Last updated: Apr 25, 2024
4 min read

This guide outlines how to deploy PO Box using Cloud Formation, and highlights the infrastructure Zilla requires to perform this.

Prerequisites

  1. You will need to put in a request by emailing support@zillasecurity.com to obtain a refresh token for your PO-Box instance. The refresh token is used by Zilla to authorize API calls being sent by PO-Box to Zilla

  2. Ability to sign in as a user with AWS Admin Access

    1. specifically, the person deploying this will need the ability to deploy cloudformation templates and create ECS, S3, EC2, and Cloudwatch resources

  3. Ensure Outbound Calls are allowed over Port 443 on the ACL associated with the VPC that you plan to put these resources on.

AWS Resources

PO Box is a containerized solution that runs on a single t3 small EC2 instance, which means it uses minimal resources. In total, the base infrastructure will add up to be around an additional $15-$20/month. There will also be charges based on the number of secrets that you will be storing, but this is minimal. For more info, please see the secrets manager pricing outlined by AWS.

A summary of what will be deployed with this template can be seen below:

  1. An ECS Cluster that will have the PO Box infrastructure spun up on it

  2. Secrets stored within Secrets Manager

  3. An EC2 instance for the ECS Cluster

  4. An S3 Bucket for storing logs and outputs from systems

Please Note that this infrastructure can also be used to automate Zilla Universal Sync syncs. This is our RPA tool that allows us to pull info from a web browser. For information on how we automate these syncs, please see this section.

 

Configuration

Steps to create CloudFormation Stack

  1. Login into your AWS Account

  1. click the yellow button below to directly navigate to the CloudFormation template:

    cloudformation-launch-stack.png
    us-east-1

    If you prefer to install in another AWS region, goto “CloudFormation” page

Click “Create Stack”

In the “Amazon S3 URL” field paste the following url:
https://zilla-cloudformation-template-quickstart.s3.amazonaws.com/zinc/zincCloudFormationTemplateForPROD.yml

  1. Enter the “Stack Name”, which is an arbitrary name for the cloud formation stack.

  2. Enter the “RefreshToken” given to you by Zilla Support.

 

  1. Enter the “VpcId” and the “SubnetId” in which the ZUS in the cloud service should be deployed.
    Then click on Next.

 

To get VPC Id, Go to the VPC console and select the VPC you’d like to tie the PO Box resources to:

To get the Subnet Id, Go to the Subnets console and select a private subnet from the same VPC.

 

  1. Click on Next:

 

 

 

  1. Acknowledge and Submit.

 

 

 

 

  1. AWS will then start creating the resources:

This will take 5 - 10 minutes. Once this is done, you will see CREATE_COMPLETE appear beneath the stack

Next Steps

You can now move on to adding the credentials and configurations in Zilla. Please see Creating Service Accounts For PO Boxfor details.