Launch the Identity Router for Amazon Web Services

Use the identity router Amazon Machine Image (AMI) provided by RSA to launch the identity router as a virtual instance in your Amazon Web Services (AWS) cloud environment. You configure your Amazon environment and deploy AMIs using the Elastic Compute Cloud (EC2) web-based interface.

Before you begin 

1. Sign into Amazon EC2.
2. Follow the AWS documentation provided by Amazon to install the virtual instance using the AMI.
   When prompted, specify the following:

   Setting	Description
   AMI template	The AMI template image provided by RSA.
   Instance type	Determines presets for the virtual instance. The identity router requires a t2.large instance or greater.
   Virtual Private Cloud (VPC)	The section of your Amazon environment where you will deploy the identity router.
   Subnet	A subnetwork within your VPC where you will deploy the identity router. The subnet can be public or private, depending on how resources and users will connect to the identity router.
   Auto-assign Public IP	Determines whether Amazon issues dynamic public IP addresses for the identity router, or the IP address is determined by the subnet settings. If your organization manages its own DNS service and the AWS IDR's Single Sign-On Portal needs to be publicly accessible, it is recommended to allocate a persistent Elastic IP address through AWS. This is crucial if the IDR is not behind Network Address Translation (NAT) or an AWS-based load balancer. Once the instance launch process is complete, assign the Elastic IP address to the identity router instance.
   Storage	Virtual storage space. The identity router requires 54 GB General Purpose SSD (GP2) storage.
   Tags	Optional labels that describe this identity router. RSA recommends adding a tag specifying the Fully Qualified Domain Name, which acts as a unique identifier to differentiate this identity router from others in your deployment.
   Security groups	Firewall rules that control traffic to and from the identity router. Add security groups that allow necessary traffic from other network resources according to your deployment model. See Identity Router Network Interfaces and Default Ports.
   Advanced details	Advanced settings that control metadata access for IDR. RSA strongly recommends enabling the Metadata Accessible option and selecting V2 Only from Metadata Version dropdown list.

3. Review the configuration and launch the instance.
4. If prompted to select a key pair, select Proceed without a keypair.
5. Use the Get instance screenshot feature to monitor instance deployment status. When deployment is complete, the screenshot displays the URL for the Identity Router Setup Console.