AWS Quick Start

You can be up and running HTTPS/TLS Egress filtering for your AWS VPC in no-time! Just follow these steps in CloudFormation. For Terraform, visit our Terraform Registry page.

Preparation

  1. Think about the Egress filtering that you need to apply. We suggest having a look at our Configuration Examples page and modifying one to suit your needs. Copy the contents of your final configuration.

    The configuration can be changed later on-the-fly from the AWS Console at Systems Manager -> Parameter Store, or through a RESTful API call to the AmazonSSM.PutParameter endpoint.The parameter name is computed as /<deployment name>/whitelist .
     
  2. If you are planning to deploy a new VPC, think about the IP Address ranges you would like to deploy. A good place to start is VPCs and Subnets over at AWS documentation. We have provided well thought out defaults on our Deployment with CloudFormation page though.

Deployment

  1. Head over to our Deployment with CloudFormation page and examine the various scenarios to see what would fit your circumstances best.
  2. Click on the Launch Stack button for the scenario of your choice.
  3. Paste the Egress filtering configuration you developed above into the Whitelist field.

    The configuration can be changed later on-the-fly from the AWS Console at Systems Manager -> Parameter Store, or through a RESTful API call to the AmazonSSM.PutParameter endpoint. The parameter name is computed as /<deployment name>/whitelist .
     
  4. Select a suitable InstanceType depending on your bandwidth requirements and number of clients. We suggest you start with something smaller and cheaper to see if it works well with your workload and upgrade when nearing capacity.
  5. You may choose to populate the KeyPairName field with a valid and present KeyPair name in AWS EC2. Unless you need to modify the operating system of this firewall, we suggest you leave this blank as that protects the firewall from malicious modifications.
  6. To customise the IP Address ranges, etc., feed in your network addresses thought out above in the Network Configuration section.

Video Walk-through

This test drive will walk you through the following aspects of the firewall on AWS in just a few minutes:

  1. Deploying
  2. Testing
  3. Checking audit logs
  4. Re-configuring
  5. Testing with downgraded TLS version

Video has closed captions and is best watched full-screen.