Installation – Amazon Web Services

Deployment Process within AWS

  1. Please submit a ticket requesting access to the Device42 AMI (Amazon Machine Image). Be certain to include the following information:

– AWS Region for Device42 Deployment
– AWS Account Number

  1. After Device42 Support has granted access to the Device42 AMI, navigate to your EC2 Dashboard and launch a new instance.

  2. Select “My AMIs” (ensure to select “Shared with Me”), and deploy your appliance. Device42 recommends a t2.xlarge as the minimum instance size.

Sample IAM Policy

A sample IAM policy (with minimum appropriate permissions) for AWS discovery is listed below. The discovery requires the following:

  • AmazonEc2ReadOnly
  • AmazonElastiCacheReadOnlyAccess
  • AmazonRDSReadOnlyAccess
  • AmazonS3ReadOnlyAccess
JSON example of an IAM policy containing the minimum permissions.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:Describe*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:Describe*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudwatch:ListMetrics",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:Describe*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:Describe*",
            "Resource": "*"
        },
        {
            "Action": [
                "elasticache:Describe*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        },
        {
            "Action": [
                "rds:Describe*",
                "rds:ListTagsForResource",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeVpcs"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Action": [
                "cloudwatch:GetMetricStatistics",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Configuring Instance Access

Given the nature of discovery and the inherent access it requires, Device42 does not recommend direct access from unrestricted internet sources. Instead, Device42 recommends access to the Device42 instance be protected through VPN connections and security groups. While these requirements will vary from environment to environment, Device42 recommends strict adherence to the principle of least privilege.

For additional visibility, Device42 recommends AWS CloudTrail is enabled as a security and operational best practice: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html

Appliance Manager

All maintenance operations are performed through the Device42 appliance manager. The appliance manager listens on port 4343 (https://YOUR_DEVICE42_INSTANCE:4343). Software updates, Device42 backups and restores, and certificate management are all performed through the appliance manager.

Software Updates

Security patches are bundled with Device42 software updates. There is no need to manually apply patches to your Device42 instances outside of software updates. Software updates can be downloaded from https://www.device42.com/update/.

The following video demonstrates updating your Device42 instance: https://docs.device42.com/how-to-videos/update-d42-how-to/

Backup / Restore

Device42’s backup facility is accessible through the appliance manager Backups can be executed immediately with the ability to download a backup file or scheduled with automatic saving to SFTP, NFS or AWS S3.

For more information on backups / restores, see our documentation: https://docs.device42.com/device42-appliance-manager/setting-up-backup-device42-appliance-manager/