Set up an identity connector in Amazon Web Services

Before you begin

Create and download a connector for Amazon Web Server. For instructions, see Create and download an identity connector.

You can create an identity connector Amazon Machine Image (AMI) in your Amazon Web Services (AWS) environment.

The connector does not receive traffic from outside but it may need to connect to ETP cloud instances for configuration and other data. Make sure the security group associated with the connector is set up with this policy:

  • Outgoing traffic: Allow all.
  • Incoming traffic: Deny all.

How to

  1. Log in to your AWS console and click AWS services menu > AWS CloudFormation > CREATE STACK.
  2. Under Create Template, select Upload a template to Amazon S3.
  3. Click Choose File.
  4. Select the downloaded CloudFormation template.
  5. Provide a stack name, NAT instance type, VPC ID and subnet information and click Next.
    Note: For the NAT instance type, make sure you use a minimum of m4.large.
  6. Complete the configuration of tags, storage, and other features as needed. Since AWS does not use swap space for storage, use a minimum of 12 GB RAM for memory.
  7. Click CREATE. Once the stack creation is complete, the connector instance starts and automatically connects to ETP cloud.
  8. In ETP, approve the identity connector:
    1. In the navigation menu, click Configuration > Utilities. Click the Identity Connectors tab.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Clients & Connectors > Access and Identity Connectors.
    2. Locate the AWS connector and click Need your approval.
    3. Click Save.