AWS Commercial Cloud Services enables the U.S. Intelligence Community with the commercial cloud capability across all classification levels, namely, Unclassified, Sensitive, Secret, and Top Secret. For this purpose, the AWS Secret Region is used. The Avi Load Balancer supports application delivery and load balancing in AWS Secret Region, through AWS C2S.

For more information on AWS C2S, see Cloud Computing for the U.S. Intelligence Community.

Prerequisites

In addition to the prerequisites specified in the Installing Avi Load Balancer in Amazon Web Services section, the following AWS C2S specific files are required to integrate AWS C2S with Avi Load Balancer. The following two files must be obtained from AWS.

  • endpoints.json

  • ca-chain.cert.pem — Certificate bundle associated with the C2S

Installing Avi Load Balancer in C2S

  1. Deploy the Avi Load Balancer Controller.

  2. Once the Controller is deployed, log in to the Controller through SSH access.

  3. Copy the following files to the Controller node.

    • nodeendpoints.json – This must be obtained from AWS.

    • ca-chain.cert.pem

  4. Run the /opt/avi/scripts/copy_endpoints_and_certificates.py script with the path to the files. In the following example, the files are copied to the home directory of the admin user.

    admin@controller:~$ sudo /opt/avi/scripts/copy_endpoints_and_certificate.py --ca-bundle &lt<path to certificate bundle&gt< --endpoints-path <path to endpoints.json&gt
     admin@controller:~$ sudo /opt/avi/scripts/copy_endpoints_and_certificate.py --ca-bundle /home/admin/ca-chain.cert.pem --endpoints-path /home/admin/endpoints.json
  5. The script copies the files to appropriate locations. Use the sudo ls /etc/c2s/ command to verify the final location of the files. As shown below, the files are copied to the /etc/c2s directory.

    admin@controller:~$ sudo ls /etc/c2s/
    ca-chain.cert.pem endpoints.json 
  6. Follow the remaining steps to configure the AWS cloud.

Note:

In the case of an Avi Load Balancer Controller cluster, the above needs to be performed on each Controller node in the cluster.