Kickstart deploys cloud and multi-cloud networks in minutes without any efforts. Once the hub/spoke transit network is built in the cloud, it will act as core networking layer on which one can add more use-cases as needed later.
The light weight automation script deploys Aviatrix controller and an Aviatrix transit architecture in AWS (and optionally in Azure). Everything is self contained in a docker image. You do not need to install anything beside docker run time on your laptop/desktop/VM/instance.
Cost
Customer/students are responsible for paying all the cost for running the instances in the Cloud (AWS/Azure/GCP/OCI/etc) and Aviatrix tunnel cost
The estimated cost for introductory lab is USD $1 per hour. Additional use-cases/labs would require additional cost depending on the instances deployed and Aviatrix tunnel build. Aviatrix cost breakdown is listed on AWS marketplace when you subscribe to the Aviatrix Controller
OpenSource
Important Note
- This procedure works the best for brand new Aviatrix Controller deployment
- It is not recommended to launch the controller if one deployed already
- If you have previously deployed Aviatrix Controller under the AWS account, you will receive following errors. You need to manually remove those roles and policies before moving forward
Error: Error creating IAM Role aviatrix-role-ec2: EntityAlreadyExists: Role with name aviatrix-role-ec2 already exists.
Error: Error creating IAM Role aviatrix-role-app: EntityAlreadyExists: Role with name aviatrix-role-app already exists.
Error: Error creating IAM policy aviatrix-assume-role-policy: EntityAlreadyExists: A policy called aviatrix-assume-role-policy already exists. Duplicate names are not allowed.
Error: Error creating IAM policy aviatrix-app-policy: EntityAlreadyExists: A policy called aviatrix-app-policy already exists. Duplicate names are not allowed.
Brief Deployment Instructions
Before you start the deployment process, you need to have following
- AWS accounts with root access
- AWS Access Key ID
- AWS Secret Access Key
- Subscribe to Aviatrix Controller software in AWS marketplace
- Install Dockers and make sure Docker Desktop is running in your Mac / Linux or Windows / VM / EC2 during the deployment process
- Run the CLI command % docker run -it aviatrix/kickstart:latest bash on your laptop/desktop/VM/EC2
- Follow the prompt to deploy the Aviatrix Controller and hub-spoke transit network
Detailed Deployment Instructions
Step#1: Install Docker
If you already have dockers running, then skip this step.
Install docker desktop on your laptop/desktop/VM/EC2/etc.
Step#2: Run the Docker Container
Run this command on your machine % docker run -it aviatrix/kickstart:latest bash
shahzadali@shahzad-ali ~ % docker run -it aviatrix/kickstart:latest bash
Unable to find image 'aviatrix/kickstart:latest' locally
latest: Pulling from aviatrix/kickstart
18ffc243a628: Pull complete
9736576402f3: Pull complete
cb464b6dee45: Pull complete
Digest: sha256:11f3.........
Status: Downloaded newer image for aviatrix/kickstart:latest
#
# # # # # ## ##### ##### # # #
# # # # # # # # # # # # #
# # # # # # # # # # # ##
####### # # # ###### # ##### # ##
# # # # # # # # # # # # #
# # ## # # # # # # # # #
# #
# # # #### # # #### ##### ## ##### #####
# # # # # # # # # # # # # #
### # # #### #### # # # # # #
# # # # # # # # ###### ##### #
# # # # # # # # # # # # # # #
# # # #### # # #### # # # # # #
___.----.____
__,--(_,-' ,-'
_,-' ,-'
_,-' ,-'
,-' () ,-'
,-' () ,-'
,-' __..--"" ,-'
,-'.--"" ,-' ,-'
|\ __..--"" ,-' ,-':
| \__..--"" ______ ,-' _,-' :
__..--"" ,-'\_____/-' _,-' :
__..--"" ,-' ,-' ,-' _,-'____/ :
`---...___ ,-' ,-' ,-' _,-' _,-' :
```-,-' ,-' ,-' _,-' _,-' :
|--\,-'___,-'--"" ___,-'-...___ :
|_..--"" ```---..:
--> Going to get your AWS API access keys. They are required to launch the Aviatrix controller in AWS. They stay local to this container and are not shared. Access keys can be created in AWS console under Account -> My Security Credentials -> Access keys for CLI, SDK, & API access.
--> Enter AWS access key ID: AKIAIWZQNXNAYK2NRV5A
--> Enter AWS secret access key: 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
--> Do you want to launch the controller? (y/n)? y
--> Generating SSH key for the controller...
--> Done.
--> OK.
--> Go to https://aws.amazon.com/marketplace/pp?sku=b03hn7ck7yp392plmk8bet56k and subscribe to the Aviatrix platform. Click on "Continue to subscribe", and accept the terms. Do NOT click on "Continue to Configuration". Press any key once you have subscribed.
--> Now opening the settings file for the controller. You can leave the defaults or change to your preferences. Press any key to continue. In the text editor, press :wq when done.
--> The controller user configuration is now complete. Now going to launch the controller instance in AWS. The public IP of the controller will be shared with Aviatrix for tracking purposes. Press any key to continue. Close the window, or press Ctrl-C to abort.
Initializing modules...
- avtx_controller_instance in aviatrix-controller-build
- avtx_iam_role in aviatrix-controller-iam-roles
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "http" (hashicorp/http) 1.2.0...
- Downloading plugin for provider "aws" (hashicorp/aws) 3.6.0...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.aws: version = "~> 3.6"
* provider.http: version = "~> 1.2"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
module.avtx_iam_role.data.http.iam_policy_assume_role: Refreshing state...
module.avtx_iam_role.data.http.iam_policy_ec2_role: Refreshing state...
module.avtx_controller_instance.data.http.avx_iam_id: Refreshing state...
data.aws_caller_identity.aws_account: Refreshing state...
module.avtx_controller_instance.data.aws_region.current: Refreshing state...
module.avtx_iam_role.data.aws_caller_identity.current: Refreshing state...
module.avtx_iam_role.aws_iam_role.aviatrix-role-ec2: Creating...
module.avtx_iam_role.aws_iam_policy.aviatrix-assume-role-policy: Creating...
module.avtx_iam_role.aws_iam_policy.aviatrix-app-policy: Creating...
aws_key_pair.avtx_ctrl_key: Creating...
aws_vpc.avtx_ctrl_vpc: Creating...
module.avtx_controller_instance.aws_eip.controller_eip[0]: Creating...
module.avtx_iam_role.aws_iam_role.aviatrix-role-app: Creating...
aws_key_pair.avtx_ctrl_key: Creation complete after 1s [id=avtx-ctrl-key]
module.avtx_controller_instance.aws_eip.controller_eip[0]: Creation complete after 2s [id=eipalloc-07d733f600622dbb9]
module.avtx_iam_role.aws_iam_role.aviatrix-role-ec2: Creation complete after 3s [id=aviatrix-role-ec2]
module.avtx_iam_role.aws_iam_instance_profile.aviatrix-role-ec2_profile: Creating...
module.avtx_iam_role.aws_iam_policy.aviatrix-app-policy: Creation complete after 4s [id=arn:aws:iam::972532942650:policy/aviatrix-app-policy]
aws_vpc.avtx_ctrl_vpc: Creation complete after 5s [id=vpc-013d2e5ec7c72d056]
aws_internet_gateway.gw: Creating...
module.avtx_controller_instance.aws_security_group.AviatrixSecurityGroup: Creating...
aws_subnet.avtx_ctrl_subnet: Creating...
module.avtx_iam_role.aws_iam_role.aviatrix-role-app: Creation complete after 5s [id=aviatrix-role-app]
module.avtx_iam_role.aws_iam_role_policy_attachment.aviatrix-role-app-attach: Creating...
aws_subnet.avtx_ctrl_subnet: Creation complete after 2s [id=subnet-05fd444e1ae8befad]
module.avtx_iam_role.aws_iam_policy.aviatrix-assume-role-policy: Creation complete after 7s [id=arn:aws:iam::972532942650:policy/aviatrix-assume-role-policy]
module.avtx_iam_role.aws_iam_role_policy_attachment.aviatrix-role-ec2-attach: Creating...
module.avtx_iam_role.aws_iam_role_policy_attachment.aviatrix-role-app-attach: Creation complete after 2s [id=aviatrix-role-app-20200913020110879300000001]
module.avtx_iam_role.aws_iam_instance_profile.aviatrix-role-ec2_profile: Creation complete after 4s [id=aviatrix-role-ec2]
aws_internet_gateway.gw: Creation complete after 3s [id=igw-01c58c44031894c8e]
aws_default_route_table.default: Creating...
module.avtx_controller_instance.aws_security_group.AviatrixSecurityGroup: Creation complete after 3s [id=sg-050f2a2e9ed5df58b]
module.avtx_controller_instance.aws_security_group_rule.ingress_rule: Creating...
module.avtx_controller_instance.aws_security_group_rule.egress_rule: Creating...
module.avtx_controller_instance.aws_network_interface.eni-controller[0]: Creating...
module.avtx_iam_role.aws_iam_role_policy_attachment.aviatrix-role-ec2-attach: Creation complete after 1s [id=aviatrix-role-ec2-20200913020112299200000002]
module.avtx_controller_instance.aws_security_group_rule.ingress_rule: Creation complete after 1s [id=sgrule-2634938991]
aws_default_route_table.default: Creation complete after 1s [id=rtb-02df83a8f605d6690]
module.avtx_controller_instance.aws_security_group_rule.egress_rule: Creation complete after 2s [id=sgrule-2822486500]
module.avtx_controller_instance.aws_network_interface.eni-controller[0]: Creation complete after 2s [id=eni-0498ad1bd3a12ebc3]
module.avtx_controller_instance.aws_instance.aviatrixcontroller[0]: Creating...
module.avtx_controller_instance.aws_instance.aviatrixcontroller[0]: Still creating... [9s elapsed]
module.avtx_controller_instance.aws_instance.aviatrixcontroller[0]: Still creating... [19s elapsed]
module.avtx_controller_instance.aws_instance.aviatrixcontroller[0]: Still creating... [29s elapsed]
module.avtx_controller_instance.aws_instance.aviatrixcontroller[0]: Still creating... [39s elapsed]
module.avtx_controller_instance.aws_instance.aviatrixcontroller[0]: Creation complete after 47s [id=i-080e2edfe63019a4d]
module.avtx_controller_instance.aws_eip_association.eip_assoc[0]: Creating...
module.avtx_controller_instance.aws_eip_association.eip_assoc[0]: Creation complete after 3s [id=eipassoc-071ace306b7a1c0bd]
Apply complete! Resources: 19 added, 0 changed, 0 destroyed.
Outputs:
aws_account = 912345678912
controller_private_ip = 10.255.0.10
controller_public_ip = 3.231.68.241
--> Controller successfully launched.
AWS_ACCOUNT: 912345678912
CONTROLLER_PRIVATE_IP: 10.255.0.10
CONTROLLER_PUBLIC_IP: 3.231.68.241
{"controllerIP":"3.231.68.241"}
{}
--> Waiting 5 minutes for the controller to come up... Do not access the controller yet.
1 second(s))
--> Enter recovery email: shahzad@aviatrix.com
--> Enter new password:
--> Confirm new password:
{'results': 'User login:admin in account:admin has been authorized successfully on controller 3.231.68.241. - Please check email confirmation.', 'return': True, 'CID': 'zWUI1XBEEF7iUy5BRINr'}
Connecting to Controller
b'{"return":true,"results":"User login:admin password has been changed successfully on controller 3.231.68.241."}'
{'results': 'User login:admin in account:admin has been authorized successfully on controller 3.231.68.241. - Please check email confirmation.', 'return': True, 'CID': '6VywJCnncq7zdhG5TeZO'}
b'{"return":true,"results":"admin email address has been successfully added"}'
b'{"return":true,"results":"true"}'
Created AWS Access Account: b'{"return":true,"results":"An email confirmation has been sent to shahzad@aviatrix.com"}'
Upgrading controller. It can take several minutes
b'{"return":true,"results":"userConnect has been upgraded to version UserConnect-6.0.2483. Please log out and login again for the new changes to take effect."}'
--> Controller is ready. Do not manually change the controller version while Kickstart is running.
--> Do you want to launch the Aviatrix transit in AWS? (y/n)?
--> Now opening the settings file for the AWS deployment. You can leave the defaults or change to your preferences. You only need to complete the AWS settings. Go to https://raw.githubusercontent.com/AviatrixSystems/terraform-solutions/master/solutions/img/kickstart.png to view what is going to be launched. In the text editor, press :wq when done.
--> Now going to launch gateways in AWS. Press any key to continue.
Initializing the backend...
Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "aws" (hashicorp/aws) 3.6.0...
- Downloading plugin for provider "aviatrix" (terraform-providers/aviatrix) 2.15.1...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.aws: version = "~> 3.6"
Warning: registry.terraform.io: For users on Terraform 0.13 or greater, this provider has moved to AviatrixSystems/aviatrix. Please update your source in required_providers.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
data.aws_availability_zones.az_available: Refreshing state...
aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Creating...
aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Creating...
aviatrix_vpc.aws_spoke_vpcs["aws_spoke1_vpc"]: Creating...
aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Still creating... [10s elapsed]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Still creating... [10s elapsed]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke1_vpc"]: Still creating... [10s elapsed]
aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Creation complete after 12s [id=AWS-EW1-Transit-VPC]
aviatrix_transit_gateway.aws_transit_gw: Creating...
aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Still creating... [20s elapsed]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke1_vpc"]: Still creating... [20s elapsed]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke1_vpc"]: Creation complete after 22s [id=AWS-EW1-Spoke1-VPC]
aviatrix_transit_gateway.aws_transit_gw: Still creating... [10s elapsed]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Still creating... [30s elapsed]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Creation complete after 32s [id=AWS-EW1-Spoke2-VPC]
aviatrix_transit_gateway.aws_transit_gw: Still creating... [20s elapsed]
aviatrix_transit_gateway.aws_transit_gw: Creation complete after 2m22s [id=AWS-EW1-Transit-GW]
aviatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Creating...
aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Creating...
d]
aviatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Creation complete after 4m13s [id=AWS-EW1-Spoke1-GW]
aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Still creating... [4m20s elapsed]
aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Creation complete after 4m22s [id=AWS-EW1-Spoke2-GW]
Warning: Resource targeting is in effect
You are creating a plan with the -target option, which means that the result
of this plan may not represent all of the changes requested by the current
configuration.
The -target option is not for routine use, and is provided only for
exceptional situations such as recovering from errors or mistakes, or when
Terraform specifically suggests to use it as part of an error message.
Warning: Applied changes may be incomplete
The plan was created with the -target option in effect, so some changes
requested in the configuration may have been ignored and the output values may
not be fully updated. Run the following command to verify that no other
changes are pending:
terraform plan
Note that the -target option is not suitable for routine use, and is provided
only for exceptional situations such as recovering from errors or mistakes, or
when Terraform specifically suggests to use it as part of an error message.
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
--> Do you want to launch test EC2 instances in the AWS Spoke VPCs? (y/n)? y
--> Re-opening the settings file. Make sure your key pair name is correct under aws_ec2_key_name. This is your own key pair, not Aviatrix keys for controller or gateways. Also make sure you are in the region where you launched the Spoke gateways. Press any key to continue.
--> Make sure that your AWS quota allows us to have more that 5 Elastic IPs. You can check your quota and request an increase at https://console.aws.amazon.com/servicequotas if needed. Press any key to continue.
--> Launching instances now
data.aws_availability_zones.az_available: Refreshing state...
data.aws_ami.amazon-linux-2: Refreshing state...
aviatrix_vpc.aws_spoke_vpcs["aws_spoke1_vpc"]: Refreshing state... [id=AWS-EW1-Spoke1-VPC]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Refreshing state... [id=AWS-EW1-Spoke2-VPC]
aws_security_group.icmp_ssh["aws_spoke1_vpc"]: Creating...
aws_security_group.icmp_ssh["aws_spoke2_vpc"]: Creating...
aws_security_group.icmp_ssh["aws_spoke1_vpc"]: Creation complete after 7s [id=sg-02313afee80050388]
aws_security_group.icmp_ssh["aws_spoke2_vpc"]: Creation complete after 7s [id=sg-091514a4744f83eaf]
aws_instance.test_instances["spoke2_vm"]: Creating...
aws_instance.test_instances["spoke1_vm"]: Creating...
Warning: Resource targeting is in effect
You are creating a plan with the -target option, which means that the result
of this plan may not represent all of the changes requested by the current
configuration.
The -target option is not for routine use, and is provided only for
exceptional situations such as recovering from errors or mistakes, or when
Terraform specifically suggests to use it as part of an error message.
Warning: Applied changes may be incomplete
The plan was created with the -target option in effect, so some changes
requested in the configuration may have been ignored and the output values may
not be fully updated. Run the following command to verify that no other
changes are pending:
terraform plan
Note that the -target option is not suitable for routine use, and is provided
only for exceptional situations such as recovering from errors or mistakes, or
when Terraform specifically suggests to use it as part of an error message.
--> Do you want to launch the Aviatrix transit in Azure? (y/n)? n
--> Aviatrix Kickstart is done. Your controller IP is 3.231.68.241.
root@c6de98c3284e:~#
Destroying the AWS Transit LAB
Step#1
Inside the docker image, go inside the mana folder and terraform destroy
root@fe60ea0b0ed2:~/mcna# terraform destroy
data.aws_availability_zones.az_available: Refreshing state...
data.aws_ami.amazon-linux-2: Refreshing state...
aviatrix_vpc.aws_spoke_vpcs["aws_spoke2_vpc"]: Refreshing state... [id=AWS-EW1-Spoke2-VPC]
aviatrix_vpc.aws_spoke_vpcs["aws_spoke1_vpc"]: Refreshing state... [id=AWS-EW1-Spoke1-VPC]
aviatrix_vpc.aws_transit_vpcs["aws_transit_vpc"]: Refreshing state... [id=AWS-EW1-Transit-VPC]
aws_security_group.icmp_ssh["aws_spoke2_vpc"]: Refreshing state... [id=sg-08cfa3c48064d464d]
aws_security_group.icmp_ssh["aws_spoke1_vpc"]: Refreshing state... [id=sg-02c9ec75bbab8990d]
aviatrix_transit_gateway.aws_transit_gw: Refreshing state... [id=AWS-EW1-Transit-GW]
aws_instance.test_instances["spoke2_vm"]: Refreshing state... [id=i-0c285bede90cd3428]
aws_instance.test_instances["spoke1_vm"]: Refreshing state... [id=i-0fafa7e8959faa1c9]
aviatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Refreshing state... [id=AWS-EW1-Spoke1-GW]
aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Refreshing state... [id=AWS-EW1-Spoke2-GW]
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aviatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Destroying... [id=AWS-EW1-Spoke1-GW]
aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Destroying... [id=AWS-EW1-Spoke2-GW]
aws_security_group.icmp_ssh["aws_spoke1_vpc"]: Destroying... [id=sg-02313afee80050388]
aws_security_group.icmp_ssh["aws_spoke2_vpc"]: Destroying... [id=sg-091514a4744f83eaf]
aws_security_group.icmp_ssh["aws_spoke2_vpc"]: Destruction complete after 2s
aws_security_group.icmp_ssh["aws_spoke1_vpc"]: Destruction complete after 2s
aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Still destroying... [id=AWS-EW1-Spoke2-GW, 10s elapsed]
aviatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Still destroying... [id=AWS-EW1-Spoke1-GW, 10s elapsed]
aviatrix_spoke_gateway.aws_spoke_gws["spoke2"]: Still destroying... [id=AWS-EW1-Spoke2-GW, 20s elapsed]
aviatrix_spoke_gateway.aws_spoke_gws["spoke1"]: Still destroying... [id=AWS-EW1-Spoke1-GW, 20s elapsed]
Destroy complete! Resources: 8 destroyed.
root@c6de98c3284e:~/mcna#
Step#2
In the controller folder use terraform destroy
root@c6de98c3284e:~/mcna# cd ../controller/
root@c6de98c3284e:~/controller# terraform destroy
module.avtx_iam_role.data.http.iam_policy_assume_role: Refreshing state...
module.avtx_iam_role.data.http.iam_policy_ec2_role: Refreshing state...
module.avtx_controller_instance.data.http.avx_iam_id: Refreshing state...
module.avtx_iam_role.data.aws_caller_identity.current: Refreshing state...
Plan: 0 to add, 0 to change, 19 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_default_route_table.default: Destroying... [id=rtb-02df83a8f605d6690]
aws_default_route_table.default: Destruction complete after 0s
Destroy complete! Resources: 19 destroyed.
root@c6de98c3284e:~/controller#
Comments are closed