Install an Access Tier Using AWS CloudFormation

Install the Access Tier on an EC2 instance via CloudFormation stack

  • Updated on Oct 08, 2024
  • 9 minutes to read
  • Contributors

Note: Netagent v2 has been released, simplifying the process of installing and configuring an Access Tier:
1. Use an API key with the access_tier scope for registration
2. All agent configuration is done via the Command Center API and UI

If you need to install Netagent v1, use the legacy v1 guides.

Steps

Install the Access Tier via the following four steps.

Step 1. Register your Access Tier

1.1 Log into the Command Center, and navigate from Networks > Access Tiers.

1.2 Select + Create Access Tier, and configure the required parameters when going through the installation wizard. An existing API key is required; these should appear in the dropdown menu of the API Key field on the Configure tab. If you don’t have an existing API key, navigate from Settings > API Keys and select + Add API Key, then select the access_tier scope.

1.3 If you will be using this Access Tier to secure an existing Service Tunnel, enter the required information to set up Service Tunnels.

1.4 Optional: If you want to enable Private Resource Discovery (to view a summary of commonly accessed private resources accessed by end users via Service Tunnels), then, under Advanced Settings, toggle on Enable Private Resource Discovery.

1.5 Select Continue to proceed to the Install tab.

1.6 Take note of the installation parameters for use in subsequent sections.

2.1 Ensure that you have a VPC with an internet gateway attached and a public or private subnet where you can deploy the Access Tier.

2.2 Ensure your networking policies allow traffic to flow from the Access Tier server to backend machines running the applications and services you need to secure access to.

2.3 An IAM Administrator role is required to deploy an Access Tier on AWS.

3.1 Select your installation location and method in Cloud Secure Edge (CSE)

3.1.1 Select the Amazon Web Service (AWS) environment from the dropdown.

3.1.2 Select CloudFormation as the installation method.

3.2: In AWS, create a stack in CloudFormation

3.2.1 In the AWS Console, navigate to CloudFormation and select Create stack.

3.2.2 Select the With new resources option. On the Create stack page, select Upload a template file.

3.2.3 Upload the banyan-access-tier-v2-<os>.json file, and select Next.

3.2.4 Provide a Stack name (as shown in the Command Center), and configure the remaining mandatory parameters that are not pre-populated:

Provide Access Tier registration details:

  1. API Key: Copy this parameter from the Install wizard, shown above.
  2. Command Center URL: Ensure that this points to the Command Center URL.
  3. Banyan Package: To specify a particular version, use banyan-netagent2=<version_number> (for Ubuntu) or banyan-netagent2-<version_number> (for Amazon Linux 2)

Specify the AWS network configuration:

  1. VPC
  2. Public subnets
  3. Private subnets

3.2.5 Select Next, and then configure stack options according to your deployment needs.

3.2.6 Select Next, and then review the configured parameters before selecting Submit for Access Tier creation.

It may take a few minutes for the stack to generate all components. You can check the progress under the Events tab.

3.2.7 Navigate back to the Command Center, and select Continue once Access Tier status reads Reporting.

Once the Access Tier is installed, check its logs on one of the instances at /var/log/banyan/netagent.log to ensure it is functioning as expected.

Under Networks > Access Tiers > [Your Access Tier] in the Command Center, select Test Connection to verify that your Access Tier is correctly registered.


Additional Notes

Admins can only upgrade from Version 2 of Netagent to a higher version; if you’re on Version 1, you will not be able to upgrade to Version 2, and you need to download a new spec on GitHub.

1. Navigate to the AWS console, select the CloudFormation service, and select your deployed stack.

2. Select Update and then Next (to obtain the stack parameters).

3. Change the banyanPackage parameter to the desired version (i.e., banyan-netagent-[VERSION]).

If your banyanPackage parameter simply reads banyan-netagent (without a [VERSION] appended to it), then you can simply proceed to Update stack and it will automatically update with the latest version.

4. Select Next until you reach Update stack. Then, select Update stack.

Use the steps below to deploy Access Tier on a new VPC and provision all the requisite AWS networking.

1. Download the banyan-network-stack.json file.

2. In the AWS Console, navigate from Services > CloudFormation.

3. Create a stack With new resources (Standard) and upload the banyan-network-stack.json file to provision all the requisite AWS networking.

4. Enter a stack name, and then ensure the Zones are valid for your region.

5. Configure stack options as needed, then select Create stack.

6. Since Access Tier will be deployed in this VPC, ensure the Access Tier has connectivity to the upstream application, server, or host via VPC peering.


Can’t find what you’re looking for?

We’re happy to help. Contact our team.