Amazon Web Services Identity Router Deployment Requirements

Before you deploy the identity router in your Amazon Web Services (AWS) cloud-computing environment, you must configure the virtual environment to meet the following requirements. See your AWS documentation for instructions.

  • The identity router Amazon Machine Image (AMI) must be shared with your Amazon account. For instructions, see Obtain the Identity Router Image.
  • Your Amazon account must have access to deploy t2.large or better instance types.
  • Your Amazon Virtual Private Cloud (VPC) must include public and private subnets based on your deployment needs. For example, you might deploy the identity router in a public subnet and host identity sources or Authentication Manager instances in a private subnet, or you might deploy identity routers in multiple subnets across availability zones for high availability. For more information, see Amazon Web Services Identity Router Deployment Models.
  • The DHCP options set for your VPC must specify the DNS servers required for your deployment.
  • You can assign static values for private IP addresses within your VPC, or permit Amazon to assign private IP addresses using DHCP.
  • You can use default values dynamically assigned by Amazon for public IP addresses, but each time an instance in your environment is restarted, it may receive a different public address. If your organization manages its own DNS service, SecurID recommends allocating a persistent Elastic IP address through AWS, and assigning it to the identity router instance after you complete the instance launch process.

Amazon Virtual Server Instance Hardware Requirements

The virtual instance you configure when deploying the identity router AMI must meet the following requirements.

Hardware Component Minimum Requirement
Family General purpose
Type t2.large
vCPUs 2
Memory 8 GB
Disk Space 54 GB

Port and Protocol Requirements

You must configure security groups, route tables, and network access control lists in your AWS environment to allow either public or private network access for each identity router service, depending on how your resources will connect to the identity router, and according to the requirements specified in Identity Router Network Interfaces and Default Ports.