Avi Vantage support for AWS Commercial Cloud Services (C2S)

Overview

AWS Commercial Cloud Services enables the U.S. Intelligence Community with the commercial cloud capability across all classification levels: Unclassified, Sensitive, Secret, and Top Secret. For this purpose, the AWS Secret Region is used. For more information on AWS C2S, refer to the followings:

• Cloud Computing for the U.S. Intelligence Community
• AWS Secret Region

Starting with Avi Vantage release 18.2.9, Avi supports application delivery and load balancing in AWS Secret Region, via AWS C2S.

Prerequisites

In addition to the prerequisites specified in the AWS installation guide, the followings AWS C2S specific files are required to integrate AWS C2S with Avi Vantage. The following two files should be obtained from AWS.

• endpoints.json
• ca-chain.cert.pem — Certificate bundle associated with the C2S

Installing Avi in C2S

1. Deploy the Avi Controller. Follow the steps mentioned in Configuring Avi Vantage for Application Delivery in Amazon Web Services for the detailed steps.
2. Once the Avi Controller is deployed, log on to the Avi Controller via SSH access.
3. Copy the following files to the Avi Controller node
   • endpoints.json – This should be obtained from AWS.
   • ca-chain.cert.pem
4. Run the /opt/avi/scripts/copy_endpoints_and_certificates.py script with the path to the files. In the below example, the files are copied to the home directory of the admin user.

   
    admin@controller:~$ sudo /opt/avi/scripts/copy_endpoints_and_certificate.py --ca-bundle &lt<path to certificate bundle&gt< --endpoints-path <path to endpoints.json&gt
    admin@controller:~$ sudo /opt/avi/scripts/copy_endpoints_and_certificate.py --ca-bundle /home/admin/ca-chain.cert.pem --endpoints-path /home/admin/endpoints.json
    

5. The script copies the files to appropriate locations. Use the sudo ls /etc/c2s/ command to verify the final location of the files. As shown below the files are copied to the /etc/c2s directory.

   
    admin@controller:~$ sudo ls /etc/c2s/
    ca-chain.cert.pem endpoints.json 
    

6. Follow the remaining steps to configure the AWS cloud, as specified in Configuring Avi Vantage for Application Delivery in Amazon Web Services. 

Note: In the case of an Avi Controller cluster, the above needs to be performed on each Controller node in the cluster.