Deploy an AWS server with an enrollment token

This topic explains how to deploy an Ubuntu or Debian Amazon Web Services (AWS) cloud server with systemd to your Advanced Server Access team. You may need to modify this process to fit your specific needs.

Creating a cloud server with user data means installing the Advanced Server Access server agent simultaneously while you create a server with a cloud provider. You can use user data to determine the specific software to install software on a new cloud server. Installing the Advanced Server Access server agent on a cloud server doesn't need to be done when the cloud server is created, but running the installation as a startup script alongside a server's creation ensures that your cloud deployment is as safe and secure as possible.

Prerequisites

Amazon Web Services

Requirement

Description
Amazon Web Services Account An Amazon Web Services account is needed to access the AWS Management console, where you create virtual machines for your team.

Advanced Server Access

Requirement

Description
Advanced Server Access team The top-level object that represents an Okta org within Advanced Server Access.
Advanced Server Access project The authorization-scope of your team, organizing your users, groups, and servers.

Create an enrollment token

  1. From the Advanced Server Access dashboard, click Projects.
  2. Select the project you want to add the server to.

  3. Go to the Enrollment tab and click Create Enrollment Token.

    Note: You can use the same enrollment token every time you add a server to your team. If you have already created an enrollment token, skip this step.

  4. Enter a description for the token, then click Submit.

After the token has been successfully created, note the string of characters from the Token field and store them in a safe location.

Create and enroll your AWS server with user data

  1. Access the AWS Management Console.
  2. Click the Services tab at the top of the console and select the EC2 option in the Compute category to create a new EC2 server.
  3. Click Launch Instance.

    The Choose an Amazon Machine Image (AMI) page opens.

  4. Identify a supported Ubuntu/Debian version and click Select.
    For details, see Supported operating systems.

    The Choose an Instance Type page opens.

  5. Click Next: Configure Instance Details.

    The Configure Instance Details page opens.

  6. Expand Advanced Details.
  7. Enter the following into the User data field: #!/bin/bash echo "Add an enrollment token" sudo mkdir -p /var/lib/sftd echo "<enrollment-token>" | sudo tee /var/lib/sftd/enrollment.token export DEBIAN_FRONTEND=noninteractive echo "Add a basic sftd configuration" sudo mkdir -p /etc/sft/ sftcfg=$(cat <<EOF --- # CanonicalName: Specifies the name clients should use/see when connecting to this host. CanonicalName: "ubuntu-target" EOF ) echo -e "$sftcfg" | sudo tee /etc/sft/sftd.yaml echo "Retrieve information about new packages" sudo apt-get update sudo apt-get install -y curl echo "Add the ScaleFT testing apt repo to your /etc/apt/sources.list system config file" echo "deb http://pkg.scaleft.com/deb/ linux main" | sudo tee -a /etc/apt/sources.list echo "Trust the repository signing key" curl -C - https://dist.scaleft.com/pki/scaleft_deb_key.asc | sudo apt-key add - echo "Retrieve information about new packages" sudo apt-get update echo "Install sftd" sudo apt-get install scaleft-server-tools

    Note: This script creates an sftd.yaml file for your server and uses ubuntu-target as its canonical name. Modify and generate this information as needed to fit your team and project environments.

  8. Replace <enrollment_token> in the user data field with the enrollment token that you created earlier.
  9. Click Review and Launch, then click Launch.

    The Select an existing key pair or create a new key pair dialog opens.

  10. Select the Proceed without a key pair option from the dropdown menu.
  11. Confirm and acknowledge your choice by selecting the relevant checkbox, then click Launch Instances.

Next steps

Verify server enrollment