/
Installing PO Box to AWS With CloudFormation

Installing PO Box to AWS With CloudFormation

Overview

Zilla PO Box is a container that simplifies integration with on-prem applications by extending into customer environments and making outbound API calls to push user and account information to Zilla. PO Box can be deployed using AWS CloudFormation, and this playbook outlines the prerequisite activities and configuration steps.

Refer to the list below for a summary of what will be deployed with this template.

  • An ECS cluster on which the PO Box infrastructure will be spun up

  • Secrets stored within Secrets Manager

  • An EC2 instance for the ECS cluster

  • An S3 bucket for storing logs and outputs from systems

This article covers the following topics:

Prerequisites

Zilla Support Ticket

  • You need to submit a support ticket to request whitelisting of your AWS account and to obtain a refresh token for the PO Box instance that will be used by Zilla to authorize API calls being sent by PO Box

  • The ticket should contain:

    • The request for the refresh token

    • The request to whitelist your AWS account

    • Your Zilla tenant name

    • Your AWS Account ID

  • Click Submit a request in the upper right corner of the Help Center to begin creating the ticket

Admin Access to AWS

  • The user deploying PO Box needs the ability to deploy CloudFormation templates and create ECS, S3, EC2, and CloudWatch resources

Virtual Private Cloud (VPC)

  • You must have a Virtual Private Cloud (VPC) with access to the internet

Allow Outbound Calls over Port 443

  • Ensure Outbound Calls are allowed over Port 443 on the ACL associated with the VPC on which you plan to put these resources

AWS Resources

PO Box is a containerized solution that runs on a single t3 small EC2 instance using minimal resources. Approximately, the base infrastructure will be an additional $15-$20/month in total. Minimal charges will be incurred based on the number of secrets being stored. Refer to the secrets manager pricing outlined by AWS for additional information. 

Configuration

  1. Login into your AWS Account as an admin.

  1. Click Launch Stack to directly navigate to the CloudFormation template.

Alternately, if you prefer to install in a different AWS region, use the search bar to search for and select the CloudFormation page from the results.

  1. Click Create stack and select With new resources (standard).

  1. Ensure that the template source is Amazon S3 URL. Paste the following url in the Amazon S3 URL field:
    https://zilla-cloudformation-template-quickstart.s3.amazonaws.com/zinc/zincCloudFormationTemplateForPROD.yml

  2. Click Next.

  1. Type a name for the CloudFormation stack into the Stack name field.

  2. Paste the Refresh Token provided by Zilla Support into the RefreshToken field. Keep this tab open and open another browser tab.

  1. Go to the VPC console at https://console.aws.amazon.com/vpc/, expand the Virtual private cloud dropdown on the left side of the page, and select Your VPCs. Select the VPC to which you want to tie PO Box resources and copy the VPC ID.

  1. Paste the value into the VpcId field of the Parameters section within the Create stack page.

  1. On the VPC console page, click the Subnets tab on the left side of the page. Select a private subnet from the VPC and copy the Subnet ID.

  1. Paste the value into the SubnetId field on the Create stack page and click Next.

  1. Click Next at the bottom of the page.

  1. Check the box at the bottom of the page to acknowledge that CloudFormation may create IAM resources with custom names and click Submit.

AWS will then start creating the resources and the stack will be in the status CREATE_IN_PROGRESS. This will take between 5-10 minutes.

Once this is process is done, the status of the stack will change to CREATE_COMPLETE.

Next Steps

You can now move on to adding the credentials and configurations in Zilla. Please see Creating Service Accounts for PO Box for details.

Related content