Deploy a Secure Device Connector on an AWS VPC Using a Terraform Module
Before you begin
Review these prerequisites before attempting to deploy an SDC on your AWS VPC:
-
CDO requires strict certificate checking and does not support Web/Content Proxy inspection between the SDC and the Internet. If using a proxy server, disable inspection for traffic between the Secure Device Connector (SDC) andCDO.
-
Review Connect Cisco Defense Orchestrator to the Secure Device Connector to ensure proper network access.
-
You require an AWS account, an AWS VPC with at least one subnet, and an AWS Route53-hosted zone.
-
Ensure you have the CDO bootstrap data, your AWS VPC ID, and its subnet ID handy.
-
Ensure that the private subnet to which you deploy the SDC has a NAT gateway attached.
-
Open traffic on the port on which your firewall management HTTP interface is running, from your firewalls to the Elastic IP attached to the NAT gateway.
Procedure
Step 1 | Add the following lines of code in your Terraform file; make sure you manually enter inputs for variables:
See the Secure Device Connector Terraform module for a list of input variables and descriptions. |
Step 2 | Register
You can use the |
What to do next
For any troubleshooting of your SDC, you need to connect to the SDC instance using AWS SSM. See AWS Systems Manager Session Manager to know more about how to connect to your instance. Note that the ports to connect to the SDC instance using SSH are not exposed because of security reasons.
Note | The CDO Terraform modules are published as Open Source Software under the Apache 2.0 license. You can file issues on GitHub if you require support. |