Installing PO Box to AWS With CloudFormation

Overview

Zilla PO Box is a container that simplifies integration with on-prem applications by extending into customer environments and making outbound API calls to push user and account information to Zilla. PO Box can be deployed using AWS CloudFormation, and this playbook outlines the prerequisite activities and configuration steps.

Refer to the list below for a summary of what will be deployed with this template.

An ECS cluster on which the PO Box infrastructure will be spun up
Secrets stored within Secrets Manager
An EC2 instance for the ECS cluster
An S3 bucket for storing logs and outputs from systems

This article covers the following topics:

1 Overview
2 Steps to create cloud formation stack
- 2.1 Prerequisites
  - 2.1.1 Zilla Support Ticket
  - 2.1.2 Admin Access to AWS
  - 2.1.3 Virtual Private Cloud (VPC)
  - 2.1.4 Allow Outbound Calls over Port 443
  - 2.1.5 PO Box Client Id and Client Secret
- 2.2 AWS Resources
- 2.3 Configuration
3 Next Steps

Steps to create cloud formation stack

Prerequisites

Zilla Support Ticket

You need to submit a support ticket to request whitelisting of your AWS account to pull PO Box image.
The ticket should contain:
- The request to whitelist your AWS account
- Your Zilla tenant name
- Your AWS Account ID
Click Submit a request in the upper right corner of the Help Center to begin creating the ticket.

Admin Access to AWS

The user deploying PO Box needs the ability to deploy CloudFormation templates and create ECS, S3, EC2, and CloudWatch resources.

Virtual Private Cloud (VPC)

You must have a Virtual Private Cloud (VPC) with access to the internet.

Allow Outbound Calls over Port 443

Ensure Outbound Calls are allowed over Port 443 on the ACL associated with the VPC on which you plan to put these resources.

PO Box Client Id and Client Secret

Provide the Client ID and Secret configured in Zilla in the Authentication step. For additional details on retrieving these values, see https://zilla.atlassian.net/wiki/spaces/ZILLA/pages/3651141644.

AWS Resources

PO Box is a containerized solution that runs on a single t3 small EC2 instance using minimal resources. Approximately, the base infrastructure is an additional $15-$20/month in total. Minimal charges are incurred based on the number of secrets being stored. Refer to the secrets manager pricing outlined by AWS for additional information.

Configuration

Login into your AWS Account as an admin.

Click Launch Stack to directly navigate to the CloudFormation template.

us-east-1

Alternately, if you prefer to install in a different AWS region, use the search bar to search for and select the CloudFormation page from the results.

Click Create stack and select With new resources (standard).

Ensure that the template source is Amazon S3 URL. Paste the following url in the Amazon S3 URL field:
https://zilla-cloudformation-template-quickstart.s3.us-east-1.amazonaws.com/po-box/poboxCloudFormationClientCredentialsForPROD.yml
Click Next.

Type a name for the CloudFormation stack into the Stack name field.
Configure your stack:
1. POBoxClientId: Client ID which you have configured in Zilla.
2. POBoxClientSecret: Client Secret which you have configured in Zilla.
3. Prefix: Defaults to Zilla. If you are deploying multiple PO Boxes in the same region, update this setting to create a unique set of resources for each deployment.
4. S3BucketName: The name of the S3 bucket which can be used by the deployment for saving data.
5. TenantDomain: Your Zilla tenant’s domain.
6. VpcId: Go to the VPC console at https://console.aws.amazon.com/vpc/, expand the Virtual private cloud dropdown on the left side of the page, and select Your VPCs. Select the VPC to which you want to tie PO Box resources and copy the VPC ID. Paste the value into the VpcId field of the Parameters section.
7. SubnetId: On the VPC console page, click the Subnets tab on the left side of the page. Select a private subnet from the VPC, copy the Subnet ID, and paste the value into the SubnetId field of the Parameters section.

Click Next at the bottom of the page.

Check the box at the bottom of the page to acknowledge that CloudFormation may create IAM resources with custom names and click Submit.

AWS starts creating the resources and the stack is in the status CREATE_IN_PROGRESS. This takes between 5-10 minutes.

Once this is process is done, the status of the stack changes to CREATE_COMPLETE.

Next Steps

You can now move on to adding the credentials and configurations in Zilla. Please see Creating Service Accounts for PO Box for details.