Follow

Deploying VisibleThread Docs in AWS Gov Cloud

Amazon Gov Cloud is an isolated AWS region. To deploy VisibleThread Docs in this region, we require a few extra steps.

 

The basic approach is as follows:

  1. Download a pre-built VisibleThread Docs 2.14 AMI ova file
  2. Upload the ova file to an S3 bucket in your Gov Cloud account
  3. Using the AWS command line tools, import the ova file from S3 to an AMI.

 

Prerequisites

These instructions require the use of the Amazon Web Services Command Line Tools (AWS CLI).

To install the AWS CLI follow instructions here: http://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html

To use the AWS CLI you must have an access key and a secret key for your AWS Gov Cloud account. For more information see here : http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html

 

Download the VisibleThread Docs image

The VisibleThread Docs 2.14 AMI can be downloaded from here:

http://docs.visiblethread.com/download/VisibleThread-Docs-2.14-AWS.ova

 

Upload the image to S3

Create S3 bucket

  1. Login to the AWS Console using your Gov Cloud account.
  2. Navigate to the S3 tool
  3. Create a new bucket in S3, providing a unique name. E.g. <company name>-VTDocsAMI
  4. Upload the ova file downloaded above to the new bucket

 

Import image as an AMI

Create vm-import service role

  1. Create a file named 'trust-policy.json' on your local machine, with the following content:
    
    {
       "Version": "2012-10-17",
       "Statement": [
          {
             "Effect": "Allow",
             "Principal": { "Service": "vmie.amazonaws.com" },
             "Action": "sts:AssumeRole",
             "Condition": {
                "StringEquals":{
                   "sts:Externalid": "vmimport"
                }
             }
          }
       ]
    }
  2. Create the 'vmimport' role in aws, using the aws cli:
    aws iam create-role --role-name vmimport --assume-role-policy-document file://trust-policy.json
  3. Create a file named 'role-policy.json' on your local machine with the following policy, where 'disk-image-file-bucket' is the bucket where the disk images are stored:
    {
       "Version": "2012-10-17",
       "Statement": [
          {
             "Effect": "Allow",
             "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation",
                "s3:FullAccess"
             ],
             "Resource": [
                "arn:aws-us-gov:s3:::disk-image-file-bucket"
             ]
          },
          {
             "Effect": "Allow",
             "Action": [
                "s3:GetObject"
             ],
             "Resource": [
                "arn:aws-us-gov:s3:::disk-image-file-bucket/*"
             ]
          },
          {
             "Effect": "Allow",
             "Action":[
                "ec2:ModifySnapshotAttribute",
                "ec2:CopySnapshot",
                "ec2:RegisterImage",
                "ec2:Describe*",
                "ec2:FullAccess"
             ],
             "Resource": "*"
          }
       ]
    }
  4. Attach the policy to the vmimport role: 
    aws iam put-role-policy --role-name vmimport --policy-name vmimport --policy-document file://role-policy.json
  5. Create a file on your local system named 'containers.json' with the following contents (insert the name of your S3 bucket):
    [
      {
        "Description": "VisibleThread Docs 2.14 AWS OVA",
        "Format": "ova",
        "UserBucket": {
            "S3Bucket": "[insert bucket name]",
            "S3Key": "VisibleThread-Docs-2.14-AWS.ova"
        }
    }]
  6. Import as an ami:
    aws ec2 import-image --description "VisibleThread Docs 2.14 AMI" --license-type BYOL --disk-containers file://containers.json

 

 

The output of this last command should look something like this:


{
    "Status": "active",
    "LicenseType": "BYOL",
    "Description": "VisibleThread Docs 2.14 AWS OVA",
    "Progress": "2",
    "SnapshotDetails": [
        {
            "UserBucket": {
                "S3Bucket": "[insert bucket name]",
                "S3Key": "VisibleThread-Docs-2.14-AWS.ova"
            },
            "DiskImageSize": 0.0,
            "Format": "OVA"
        }
    ],
    "StatusMessage": "pending",
    "ImportTaskId": "import-ami-fg2fnpj9"
}

 Take a note of the ImportTaskId this is what we will use to check the status of the import.

To check the progress of the import run:

aws ec2 describe-import-image-tasks --import-task-ids [import task id]

Once the status is shown as 'Completed', log onto your Gov Cloud AWS console, and under 'EC2' look for the AMI referenced with your ImportTaskId.  

Select the AMI and click 'Launch' to launch an instance.

To configure the new instance, follow these instructions from step 4 onwards 

https://visiblethread.zendesk.com/hc/en-us/articles/214225666-Deploying-VisibleThread-in-Amazon-AWS

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.