Free Training
We offer free training sessions. Please don't hesitate to contact us through our training page for further assistance.
Video Tutorial
Deploy the product
First, subscribe to the product on the AWS Marketplace, and then deploy this CloudFormation file.
The First Boot
The boot time of our product may be slower compared to starting an instance from a clean AMI. This is because our custom code needs to be executed to prepare the product for you. As a result, this process may take a few minutes longer than usual.
Connecting to the Server
If you need to connect to the server, obtain its IP address and connect to the instance over SSH using the username ec2-user. Make sure to use the private key you selected during the deployment process. Upon successful connection, you should be greeted with a custom MOTD (Message of the Day) that provides detailed product information.
Working with PGP - Optional
How to make a PGP Key
If you are planning to deploy the product with PGP support, here are the steps to generate a PGP key and modify it to make it compatible with the deployment.
-
First, generate a new key pair.
gpg --quick-generate-key YOUR_EMAIL -
Next, list the keys to obtain the ID of the newly generated key.
gpg --list-secret-keys --keyid-format=long -
Now that you have the ID of the key, you can export it.
gpg --armor --export THE_KEY_ID
You will now see the key on the scree, and this next step is important. Since to deploy the product with the key you just made you have to paste in the CloudFormation form as a long string. This means that you have to get rid of the header and the footer. Then what you are left with is a block of text, which has two parts, the key at the top and the seed at the bottom. The see is literarily the last line, and is not part of the key. Store the seed in a text file so we can use it also at deployment time.
Regarding the key, the block that you are left with needs to be converted into one long line, and that line is what you'll have to paste at deployment time.
Generate keys for users
-
Create a subkey for the user.
gpg --edit-key MAIN_KEY_IDThen "addkey" command in interactive mode. And select option 6.
((6) RSA (encrypt only)) -
List the keys/subkeys to view the new subkey ID.
gpg --list-secret-keys --keyid-format=long -
Export the private key for the user's GPG interface.
gpg --armor --export-secret-key SUB_KEY_ID
Decrypt the data
You can do it with this command: gpg -o decrypted_file.extension --decrypt encrypted_file.extension
Advanced details
Key aspects
- Unlimited storage for uploaded data.
- Ability to easily browse pre-existing EFS drives.
- Optional PGP support for encrypting individual files at rest.
Example use cases
Your imagination is your limit, but here are some ideas worth considering:
- Ingest vast amounts of data at a fixed price.
- Enable secure data sharing with financial institutions.
- Seamlessly browse existing EFS drives within your account and easily access their contents.
- Provide a secure storage solution for highly sensitive data, encrypted with PGP.
Resilience
Our product incorporates built-in resilience measures to prevent data loss and ensure uninterrupted connectivity, even in the event of changing IP addresses. The CloudFormation template we provide offers a streamlined and efficient way to deploy and set up all the necessary components, allowing you to get up and running swiftly with everything you need.
Test the setup
Before going into production, it is important to thoroughly test the product. This is not because we lack confidence in its functionality, but rather to ensure that you become familiar with how it works and can address any potential challenges or issues beforehand. Testing will help you gain confidence in the product's performance and make necessary adjustments, if needed, before deploying it in a live production environment.
Security Concerns
Below we give you a list of potential ideas to consider regarding security, but this list is not exhaustive – it is just a good starting point.
- Limit access to the server to a specific fixed IP.
- Restrict root access to only yourself.
How To
How to change the instance type
Make sure you regularly back up your drive(s). One simple solution would be to use:
- Go to the CloudFormation console
- Click on the stack that you want to update.
- Click the
Updatebutton. - Keep the default selection and click
Next - On the new
Parameterspage, change the instance type from the drop down. - Click
Nexttill the end.
Please wait for the stack to finish updating.
F.A.Q
These are some of the common solutions to problems you may encounter:
Not authorized for images
My CloudFormation stack encountered a failure with the following error: API: ec2:RunInstances Not authorized for images:... in the Event tab.
Solution
Before using our CloudFormation file, please ensure that you accept the subscription from the AWS Marketplace.
The product is misbehaving
I followed all the instructions from the documentation.
Solution
Please verify if the values entered in the UserData section have been successfully passed to the instance itself.
sudo cat /var/lib/cloud/instance/user-data.txt
UserData seams ok
The UserData reached the instance, but the product is not behaving as expected.
Solution
Use the following command to check if there were any errors during the boot process.
sudo cat /var/log/messages | grep 0x4447
Issue with EFS backup restoration
I launched the product using an EFS drive restored from a backup, but unfortunately, the product is not functioning as expected..
Solution
You need to reorganize the EFS drive. AWS restores the data, even on a new and empty drive, in special folders called: aws-backup-restore_timestamp-of-restore. Meaning, AWS does not recreate the original folder structure during the restoration process. Check how AWS restores EFS Backups to learn more.
Before utilizing the restored drive, you have the option to reorganize it using our SFTP product.