Installing PO Box to AWS With CloudFormation
Overview
Zilla PO Box is a container that simplifies integration with on-prem applications by extending into customer environments and making outbound API calls to push user and account information to Zilla. PO Box can be deployed using AWS CloudFormation, and this playbook outlines the prerequisite activities and configuration steps.
Refer to the list below for a summary of what will be deployed with this template.
An ECS cluster on which the PO Box infrastructure will be spun up
Secrets stored within Secrets Manager
An EC2 instance for the ECS cluster
An S3 bucket for storing logs and outputs from systems
This article covers the following topics:
Prerequisites
Zilla Support Ticket
You need to submit a support ticket to request whitelisting of your AWS account and to obtain a refresh token for the PO Box instance that will be used by Zilla to authorize API calls being sent by PO Box
The ticket should contain:
The request for the refresh token
The request to whitelist your AWS account
Your Zilla tenant name
Your AWS Account ID
Click
Submit a request
in the upper right corner of the Help Center to begin creating the ticket
Admin Access to AWS
The user deploying PO Box needs the ability to deploy CloudFormation templates and create ECS, S3, EC2, and CloudWatch resources
Virtual Private Cloud (VPC)
You must have a Virtual Private Cloud (VPC) with access to the internet
Allow Outbound Calls over Port 443
Ensure Outbound Calls are allowed over Port 443 on the ACL associated with the VPC on which you plan to put these resources
AWS Resources
PO Box is a containerized solution that runs on a single t3 small EC2 instance using minimal resources. Approximately, the base infrastructure will be an additional $15-$20/month in total. Minimal charges will be incurred based on the number of secrets being stored. Refer to the secrets manager pricing outlined by AWS for additional information.
Configuration
Login into your AWS Account as an admin.
Click
Launch Stack
to directly navigate to the CloudFormation template.
Alternately, if you prefer to install in a different AWS region, use the search bar
to search for and select the CloudFormation
page from the results.
Click
Create stack
and selectWith new resources (standard)
.
Ensure that the template source is Amazon S3 URL. Paste the following url in the
Amazon S3 URL
field:
https://zilla-cloudformation-template-quickstart.s3.amazonaws.com/zinc/zincCloudFormationTemplateForPROD.ymlClick
Next
.
Type a name for the CloudFormation stack into the
Stack name
field.Paste the Refresh Token provided by Zilla Support into the
RefreshToken
field. Keep this tab open and open another browser tab.
Go to the VPC console at https://console.aws.amazon.com/vpc/, expand the
Virtual private cloud
dropdown on the left side of the page, and selectYour VPCs
. Select the VPC to which you want to tie PO Box resources and copy theVPC ID
.
Paste the value into the
VpcId
field of theParameters
section within theCreate stack
page.
On the VPC console page, click the
Subnets
tab on the left side of the page. Select a private subnet from the VPC and copy theSubnet ID
.
Paste the value into the
SubnetId
field on theCreate stack
page and clickNext
.
Click
Next
at the bottom of the page.
Check the
box
at the bottom of the page to acknowledge that CloudFormation may create IAM resources with custom names and clickSubmit
.
AWS will then start creating the resources and the stack will be in the status CREATE_IN_PROGRESS
. This will take between 5-10 minutes.
Once this is process is done, the status of the stack will change to CREATE_COMPLETE
.
Next Steps
You can now move on to adding the credentials and configurations in Zilla. Please see Creating Service Accounts for PO Box for details.