Amazon Web Services Identity Router Deployment Requirements

Document created by RSA Information Design and Development on Nov 16, 2018
Version 1Show Document
  • View in full screen mode
 

Before you deploy the identity router in your Amazon Web Services (AWS) cloud-computing environment, you must configure the virtual environment to meet the following requirements. See your AWS documentation for instructions.

  • The identity router Amazon Machine Image (AMI) must be shared with your Amazon account. For instructions, see Obtain the Identity Router Image.
  • Your Amazon account must have access to deploy t2.large or better instance types.
  • Your Amazon Virtual Private Cloud (VPC) must include public and private subnets based on your deployment needs. For example, you might deploy the identity router in a public subnet and host identity sources or RSA Authentication Manager instances in a private subnet, or you might deploy identity routers in multiple subnets across availability zones for high availability. For more information, see Amazon Web Services Identity Router Deployment Models.
  • The DHCP options set for your VPC must specify the DNS servers required for your deployment.
  • You can assign static values for private IP addresses within your VPC, or permit Amazon to assign private IP addresses using DHCP.
  • You can use default values dynamically assigned by Amazon for public IP addresses, but each time an instance in your environment is restarted, it may receive a different public address. If your organization manages its own DNS service, RSA recommends allocating a persistent Elastic IP address through AWS, and assigning it to the identity router instance after you complete the instance launch process.
 

Amazon Virtual Server Instance Hardware Requirements

The virtual instance you configure when deploying the identity router AMI must meet the following requirements.

                                
Hardware Component Minimum Requirement
FamilyGeneral purpose
Typet2.large
vCPUs 2
Memory 8 GB
Disk Space54 GB
 

Port and Protocol Requirements

You must configure security groups, route tables, and network access control lists in your AWS environment to allow either public or private network access for each identity router service, depending on how your resources will connect to the identity router, and according to the requirements specified in Identity Router Network Interfaces and Default Ports.

 

 

You are here
Table of Contents > Identity Routers > Planning Your Identity Router Deployment > Amazon Web Services Identity Router Deployment Requirements

Attachments

    Outcomes