Skip to main content
Version: 2023.3

Create a Management VPC and Networks using CloudFormation

The CloudFormation service creates the Management VPC, subnet within the Management VPC, and then launches three AWS EC2 instances, two with an execution server and one with QualiX. The execution servers then need to be configured to access the on-prem Quali Server. To set up a deployment where Quali Server is also installed on AWS, see Integrating AWS with Cloud-based CloudShell Installation.

Important:

We strongly recommend using the new and improved AWS 2nd Gen shell. If you're using the 1st Gen version of the shell that comes out of the box with CloudShell, see this version of the online help.

To create a Management VPC and the required networks:

  1. Make sure you have the information required for this process, as listed in Required Permissions for AWS Deployment.

  2. As an admin, open your AWS management account, search for "cloudformation" and click the CloudFormation service.

  3. Click the Create Stack drop-down list and select With new resources (standard).

  4. In the Create stack page, specify the appropriate Quali template. There are two template URLs for AWS integration and they are provided in CloudShell Download Center for each CloudShell release version:

    • 0_Main.yaml: Deploys the cloud infrastructure that is needed for the deployment type of your choice - internal or external deployments. This includes the management VPC and a peering to your local network's gateway for external deployments where Quali Server is installed locally. In this mode, a sandbox VPC is created for each sandbox.

      • In an internal deployment, the QualiX instance has only a Private IP associated with it. The Private IP is accessible from the networks that are connected to the Management VPC (such as the network in which the Quali Server resides).
      • In an external deployment, the QualiX instance has a Public IP associated with it.
    • 3_Shared_VPC.yaml: Is optionally deployed after the 0_Main.yaml and enables you to define an existing VPC that will host the cloud infrastructure (instead of creating a new sandbox VPC for each sandbox). Defines the shared VPC's account, IP ranges and transit gateway. For details, see Create a Shared VPC using CloudFormation.

  5. Click Next.

  6. In the Specify Details page, enter a Stack name and fill in the installation parameters.

    ParameterDescription
    Network

    Determines how the network infrastructure is deployed. Options are:

    • NAT: Used for internal deployment, where the QualiX instance has only a Private IP associated with it. This option doesn’t expose a public IP to the internet. This option deploys QualiX and the Execution Servers on AWS while CloudShell is installed on prem and communicates with the AWS stack via VPN. It is also possible to have CloudShell installed on AWS. For details, see Integrating AWS with Cloud-based CloudShell Installation.
    • Local: Used for deployments where internet access is provided via the on prem VPN.
    • Public (Elastic IP): Used for external deployment, where the QualiX instance has a Public IP associated with it.
    VPN Attachment

    Determines if to create a VPN connection to the on-prem network and how it will be attached to the management VPC. Options are:

    • Transit gateway: Connects the VPC to the on-prem network via a central hub.
    • VPC gateway: Connects the management VPC directly to the on-prem network.
    • No VPN: Does not create a VPN connection. Use this option if you plan on having CloudShell installed on AWS and don’t need on-prem access. This option does the following:
    Management VPC CIDR

    The IP range (in CIDR notation) to be used for the Management VPC. Select a class C CIDR (/24).

    note

    The Management VPC will be later connected via VPN with your on-premise network so select an IP range that does not conflict with your other networks.

    Key PairThe KeyPair to use for all instances that will be created in the Management VPC.
    Instance TypeThe instance type to be used for the execution server and QualiX instances. The minimum recommended instance type is c4.large.
    High Availability Mode

    Use this option if you wish to set up AWS integration in High Availability mode. In this mode, the integration will create two additional execution servers, es-shells-b and es-commands-b that will be used for failover scenarios.

    note

    Before enabling High Availability mode, please take into account that the failover instances will incur additional costs.

    VPN Address

    The public IP address of the router on the network in which Quali Server resides.

    Leave empty if you set VPN Attachment to No VPN.

    On-premise CIDRThe IP range (in CIDR notation) of the private network in which the Quali Server resides (outside of the management VPC).
    Enhanced S3 Bucket SecuritySelect True to enable this option to encrypt and block public access from the S3 bucket.

    Configure the execution servers (created by the CloudFormation process) to work with the Quali Server:

    Leave the below parameters empty if you set VPN Attachment to No VPN and Network to Public (Elastic IP).

    CloudShell Server IPThe IP Address of the Quali Server
    CloudShell UsernameThe CloudShell admin user
    CloudShell PasswordThe CloudShell admin password

    For example:

  7. Click Next.

  8. In the Options page, click Next.

  9. In the Review page, at the bottom, select the I acknowledge that AWS CloudFormation might create IAM resources check box.

  10. Click Create.

The stack is created.

If stack creation fails with the below subscription error, make sure to subscribe to the CentOS 7 Marketplace image and try again.

  1. Note the Outputs tab at the bottom of the page. You will need this information when you Add an AWS EC2 Cloud Provider Resource.

  1. In the VPC Dashboard, open VPN Connections to see the VPN connection settings:

  1. Next, do one of the following: