ZAIO deployment on AWS / EC2

This is a guide to run a fully functional Zentral instance on Amazon AWS. We will be using the Zentral all in one pre-build AMI (Amazon image).

Note: We also provide a guide for a Google Cloud based setup – please look here.

To follow this tutorial, you will need an admin access to the AWS web console – Getting Started with Amazon EC2 .

Note: This tutorial is only a first step toward a production deployment on AWS.

Create an EC2 instance profile

To give a specific identity to the ZAIO instance, and allow the access to the instance console without SSH, we need to create an EC2 instance profile, and attach a managed policy to it.

In the IAM section of the AWS console, click the Create role button. Select AWS service as Trusted identity type. Then select EC2 as Service, and EC2 Role for AWS Systems Manager as Use case, then click the Next button.

You should see the AmazonSSMManagedInstanceCore selected in the next screen. Click Next.

Give the role a name, optionally a description and some tags, and click Create role. We will be referencing this role when launching the instance.

Start a new instance

In the AWS EC2 console, in one of the supported region (us-east-1, us-west-2, eu-central-1), click on the Launch instances button. Pick a Name.

Select a Zentral all in one AMI

Click on the Browse more AMIs link. Select Community AMIs. Use zaio as search term.

Owner account ID: 221790496544

AMIs name pattern: zaio-ARCH-YYYYMMDD-HHMMSS

The ZAIO AMIs are available for ARM64 and AMD64 architectures.

Pick an instance type

You can start with a t4g.medium instance type – if you have picked the ARM64 AMI. We strongly advice against using any kind of "smaller" (< 4GB RAM) instances. A lot of software will be running on the instance (elasticsearch, postgres, rabbitmq, prometheus, grafana, django app, …)

Then click on the Next: Configure Instance Details button.

Network settings

The required open ports are 80, and 443.

If you are new to this, just create a new security group for the Zentral instance.

Select Create security group and tick the two boxes for HTTP and HTTPS. No need to tick the SSH box. We use Systems Manager for access to the instance console.

Add storage

You can start with one 20GB general purpose SSD (gp2) volume. But that would be only enough to store a limited amount of events. As a rule of thumb, you will need about 20GB + 1GB for every million of events stored, but that can vary a lot depending on your inventory sources, and the kind of events you are collecting.

Set the IAM role

IMPORTANT to get access to the instance without SSH, we need to use the EC2 role we have just created. Unfold the Advanced details section of the wizzard, and select the EC2 instance profile in the IAM instance profile dropdown.

Launch the instance

Click on the Launch button.

Setup the domain name(s) for your instance

Zentral requires a domain name resolving to the IP address of the launched instance.

  1. In the AWS console, find the public IP address of the instance that is starting. No need to wait for the instance to be available.
  2. Use this IP to setup an A record. (zentral.example.com for the rest of this tutorial)
  3. Test the resolution of this record! You cannot move on to the next section before they are setup.

Log onto your instance

Pick the EC2 instance you have launched in the list of all instances, click on the Connect button. Select the Session Manager tab, click on the Connect button. You should be redirected to a console in the browser. For a better experience, launch bash as shell.

Once logged in, you can use a command line tool to setup your instance. Because this last step is the same for a Google Cloud deployment, we have kept it on a separate wiki page.