AWS multi-VPC deploy
Steps to setup Akto in AWS multi-VPC environment
Step 1: Deploy Akto dashboard and mongo using helm charts or our cloud formation templates.
Step 2: Setup VPC peering
We need to connect the VPC where Akto is deployed (AktoVPC) and the VPC where App servers (AppServerVPC) are present
Step 2.a: Initiate VPC peering between AppServerVPC and AktoVPC
Initiate VPC peering connection from AppServerVPC to AktoVPC
Once a peering connection request has been initiated, you will see a screen like this
Step 2.b: Accept VPC peering between AppServerVPC and AktoVPC
Log on to AktoVPC and navigate to VPC > Peering connections. Click on Accept request
to accept the peering connection request.
Clicking on Accept request
will open up this pop-up where you can confirm the peering connection request.
After a few seconds the connection status will change to Active
and you will see a screen like this
Step 2.c: Update route tables
We need to update route tables of both VPCs to allow traffic to flow between them.
Step 2.c.1: Update route table of AppServerVPC
Log on to AppServerVPC and navigate to VPC > Route tables.
Click on Edit routes
and add a route to AktoVPC CIDR block with the peering connection as the target.
Step 2.c.2: Update route table of AktoVPC
Log on to AktoVPC and navigate to VPC > Route tables.
Click on Edit routes
and add a route to AppServerVPC CIDR block with the peering connection as the target.
Step 3: Update security groups to allow traffic between VPCs
Update security group for AktoMongoInstance in AktoVPC to allow the data processors to send data to Mongo. Once data processors are up and running (to be setup in step #4), they will start sending data to AktoMongoInstance deployed in AktoVPC. But to make sure that the data reaches mongo instance, we need to update AktoMongoInstance’s security group as follows:
Here we will add Type: Custom TCP, Port range: 27017, CIDR block: 10.0.0.0/16 (Cidr block of the AppServerVPC)
Step 4: Setup data processors
We need to setup data processors in AppServerVPC to send data to AktoMongoInstance deployed in AktoVPC. Use the following cloud formation template to setup data processors in AppServerVPC here To setup this stack you will need to give the following paramenters:
SubnetId: This should be the subnet id where Akto data processor will be deployed.
KeyPair: This key pair will be used to login to the data processor for debugging purposes.
MongoIp: Value here will be : mongodb://{{AKTO_MONGO_IP}}:27017/admini AKTO_MONGO_IP’s value will the AktoMongoInstance's private ip. This can be fetched from AktoVPC > EC2 > AktoMongoInstance > Networking > Private ip address.
That's it! Once all these steps are down, you will now see APIs from your app servers show up on your Akto dashboard.
Last updated