Skip to main content
All CollectionsCloudGen Access Docs
How to Deploy a Proxy in Amazon AWS
How to Deploy a Proxy in Amazon AWS
Barracuda Admin avatar
Written by Barracuda Admin
Updated over a year ago

AWS Marketplace

You can subscribe and deploy the CloudGen Access Proxy using the AWS Marketplace. Visit the Barracuda CloudGen Access offer to subscribe, and then deploy using the cloudformation template steps.

Terraform Modules

  1. Get a CloudGen Access Proxy enrollment link by creating a new CloudGen Access Proxy. Since there is still no value for Host parameters, insert a placeholder (e.g., temp.example.org).

  2. Go to Terraform modules for detailed deployment steps.

  3. After the installation, update the created CloudGen Access Proxy Host with the CloudGen Access Proxy DNS name obtained in the terraform output resource Network_Load_Balancer_DNS_Name

Cloudformation Templates

Installation Steps

Notes on configuration:

  • Required: Allow public access to Access Proxy set to True

  • Recommended: Get the latest Access Proxy install scripts set to True

  1. Get a CloudGen Access Proxy enrollment link by creating a new CloudGen Access Proxy. Since there is still no value for Host parameters, insert a placeholder (e.g., temp.example.org).

  2. Choose one of the templates:

    • ASG with NLB

    • ECS on AWS Fargate

  3. Update the created CloudGen Access Proxy Host with the DNS name obtained in the stack output key NetworkLoadBalancerDnsName

  4. Configure access to the desired resources with the security group id obtained in the stack output key SecurityGroupforResources

ASG with NLB

  • Contains all the resources and steps needed to deploy the CloudGen Access Proxy in an ASG behind an NLB.

  • The template creates a highly available / self-healing infrastructure with a minimum of 2 EC2 instances that are part of an ASG and sit behind an NLB.

  • All the resources are created with the security principle of least privilege.

  • The latest AMI for the deployed region is automatically configured, at the date of the deploy.

  • When the parameter EC2ASGDesiredCapacity is more than 1 (defaults to 2), the stack will deploy a Redis Replication Group with 2 nodes on different Availability Zones. This is required for communication between CloudGen Access Orchestrators.
    โ€‹

    cloudformation-launch-stack.png
  • Template available here

ECS on AWS Fargate

  • Contains all the resources and steps needed to deploy the CloudGen Access Proxy in an ECS cluster hosted on AWS Fargate.

  • The template creates the required containers behind an NLB. Required security groups are included. The template will use the latest container versions.

    cloudformation-launch-stack.png
  • Template available here

AMI

  • The templates use the official x64 Amazon Linux 2 AMI.

  • The latest version available at the date of deploy is selected.

  • Optionally, a custom x64 AMI can be selected (CentOS/Ubuntu based).

  • After installing the proxy, a hardening script will be executed. The script includes the following:

    • CIS recommendations for OS and SSH

    • Automated install of security updates via yum-cron/unattended-upgrades

    • Check script here

Upgrading CloudGen Access Proxy

To upgrade your CloudGen Access Proxy to the latest version, execute the following command:

sudo yum upgrade fydeproxy envoy
Did this answer your question?