IRP for Cloud satellite VM
IRP for Cloud service is enabled by a satellite VM running in a customer’s VPC and automating the service.
The following apply:
- Available on the Marketplace
- Requires an assigned IAM role so that it is able to:
- request and install a Virtual Interface/Gateway;
- enable Route propagation from IRP for Cloud service;
- monitor VPC operation and update IRP for Cloud with changes;
- restore to previous configuration in case of incidents.
|Note: AWS Identity and Access Management (IAM) role enables IRP for Cloud running on Amazon EC2 to use temporary security credentials. The role’s permissions determine what the IRP for Cloud is allowed to do. Reliance on IAM roles is one of the Amazon’s best practices to help secure your AWS resources.
Launching IRP for Cloud satellite VM
Launch the IRP for Cloud AMI from the AWS Marketplace and choose the desired EC2 instance type. Create an IAM role or use the existing one with the following characteristics:
- EC2 trusted entity with the following policies
|Note: Refer to the next section to see how to create an IAM role with the above characteristics, otherwise proceed to “IRP for Cloud satellite VM Web interface” section.
In Launch wizard at step 3 assign the VM a corresponding IAM role and proceed to the following steps to launch the instance.
Creating an IAM role for the IRP for Cloud satellite VM
Access your AWS Management Console using your Amazon credentials.
To create an IAM role navigate in your AWS console to:
- “Services” > “Security, Identity & Compliance” > “IAM”
Add an IAM role
Navigate to “Roles” and create a new one.
Set EC2 as a trusted entity
Choose “EC2” when selecting the service that will use the role.
Choose “EC2” again when selecting the use case down below and click “Next:Permissions”.
|Warning: The role must be created for EC2 entity. Roles created for other entities will not work.
Assign allowed policies
Select the following policies to be attached to the new role from the list:
Name the IAM role and submit
While here also review that the following sections are identical to the screenshot below:
- Trusted entities
IRP for Cloud satellite VM Web interface
The satellite VM comes with a simple Web interface that displays the status of various required component of the setup.
Navigate using a web browser to the cloud provider assigned resource and login with admin/instance-id user credentials (paste ‘admin’ value into the username field and the IRP for Cloud instance ID value into the password field):
After a successful login, a similar interface will list the status of various service components.
IRP for Cloud setup process is expected to take 10-15 minutes. The service status page refreshes every 30 seconds.
In case you encounter issues during the setup process, please contact Noction support team by writing to firstname.lastname@example.org or by calling (650) 903-7028.
Once IRP for Cloud is setup, feel free to navigate to the IRP for Cloud frontend at https://cloud.noction.com. Use your cloud provider credentials to login
IRP for Cloud satellite VM CLI command
You can run the following command in your cloud provider CLI application:
IRP for Cloud Status check: