Agilicus Connector in Private VPC In AWS EC2

24a022e5 cloud

Agilicus Connector in Private VPC In AWS EC2

You have a Virtual Private Cloud (VPC) in AWS EC2. It has private-only IP addressing. You need to ssh to some hosts within it, or remote desktop, or share some folders, etc. In this example we will show how to install the Agilicus Connector onto a t2.micro instance, with no public IP (and no NAT Gateway), and, use that to reach other instances within the VPC directly. There is no routing, no inbound or outbound connectivity otherwise.

Overview

You have a Virtual Private Cloud (VPC) in AWS EC2. It has private-only IP addressing. You need to ssh to some hosts within it, or remote desktop, or share some folders, etc. In this example we will show how to install the Agilicus Connector onto a t2.micro instance, with no public IP (and no NAT Gateway), and, use that to reach other instances within the VPC directly. There is no routing, no inbound or outbound connectivity otherwise.

Note: you can also follow these instructions AWS Doc to install a NAT gateway into your VPC, and then install the Agilicus Connector on a single machine within the VPC. This would allow your other VPC components to reach outbound.

In this example we will show a setup where a dual-homed t2.micro

0aebdc04 agilicus agent aws.drawio

Step 1: Create Private VPC

For this demonstration the private VPC has no NAT gateway, no Internet access. This is an internal only network. You can decide whether it has onwards access to other Amazon services if needed.

cd0510bd image

Step 3: Create private EC2 Server

For demonstration purposes we create an EC2 server to ssh to.

58f82ddf image

cd45307f image

Step 4: Create dual-homed EC2 instance for Agilicus Connector

This machine will act to straddle the private VPC and the public Internet. It does not route, it does not NAT. No traffic will flow from/to it without going through the Agilicus Identity-Aware Firewall.

a83b9a6f image
fefe6b64 image

OK at this stage we have a VPC with no public IP. We have a private server on it with no public IP. We have a 2nd server, with a public IP, that can reach the devices in the VPC. We will now install the Agilicus Connector to facility onwards ssh.

Now, if we look at the config of the private server, we can see its hostname and IP:

03fe7e5c image

Step 5: Install Agilicus Connector

These instructions are as normal for a Linux host. We create the connector in the web front end, it gives us a command line to run.

1a53ec15 image

We are now given a command line to run. We paste it into the ssh on the Agilicus Gateway server (the one with the public IP):

At this stage we are done, and ready to create an SSH resource in the Agilicus Admin GUI. We do this as normal.

Now open Agilicus Launcher and observe we can ssh to the ec2-private server, both from the Web interface, and, from our desktop.

If desired, enter a manual ~/.ssh/config entry to override the private key

At this stage we are done. We can ssh directly there: