Menu
ClassicLink Mirror on AWS
ClassicLink Mirror on AWS

Automated Deployment

Before you launch the automated deployment, please review the architecture, configuration, and other considerations discussed in this guide. Follow the step-by-step instructions in this section to configure and deploy ClassicLink Mirror into your account.

Time to deploy: Approximately five (5) minutes

Prerequisites

Enable AWS CloudTrail

ClassicLink Mirror requires AWS CloudTrail in order to use API calls to generate a CloudWatch event. Therefore, you must turn on AWS CloudTrail before deploying this solution. For detailed instructions, refer to the AWS CloudTrail documentation.

Configure a Test Environment

It is best practice to test an automated solution before deploying it to production resources. This solution includes an AWS CloudFormation template that creates a simple EC2-Classic stack for testing purposes (see Testing).

Alternatively, you can launch some EC2-Classic instances for a test deployment, and then configure and modify their security groups to verify the ClassicLink Mirror functionality.

What We'll Cover

The procedure for deploying this architecture on AWS consists of the following steps. For detailed instructions, follow the links for each step.

Step 1. Launch the Stack

  • Launch the AWS CloudFormation template into your AWS account.

  • Enter values for the required parameter: Stack Name

Step 2. Create a VPC

  • Create the VPC to mirror to, and enable ClassicLink on that VPC.

Step 3. Tag Your EC2-Classic Security Groups

  • Apply the custom tag to applicable security groups in EC2 Classic.

Step 1. Launch the Stack

This automated AWS CloudFormation template deploys ClassicLink Mirror on the AWS Cloud.

Note

You are responsible for the cost of the AWS services used while running this solution. See the Cost section for more details. For full details, see the pricing webpage for each AWS service you will be using in this solution.

  1. Log in to the AWS Management Console and click the button below to launch the classiclink-mirror AWS CloudFormation template.

    
                            ClassicLink Mirror launch button

    You can also download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region Region by default. To launch the ClassicLink Mirror in a different AWS Region, use the region selector in the console navigation bar.

    Note

    This solution is for EC2-Classic customers and uses the AWS Lambda service. You must launch this solution in an AWS Region that supports both AWS Lambda and EC2-Classic: Asia Pacific (Tokyo) Region, US West (N. California) Region, US East (N. Virginia) Region, and US West (Oregon) Region.

  3. On the Select Template page, verify that you selected the correct template and choose Next.

  4. On the Specify Details page, assign a name to your ClassicLink Mirror stack.

  5. On the Options page, choose Next.

  6. On the Review page, review and confirm the settings. Be sure to check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  7. Choose Create to deploy the stack.

    You can view the status of the stack in the AWS CloudFormation console in the Status column. You should see a status of CREATE_COMPLETE in roughly five (5) minutes.

  8. To quickly test the ClassicLink Mirror AWS Lambda function, you can make a relevant API call (see the appendix), and then check the ClassicLink Mirror log files in CloudWatch Logs to confirm the Lambda function was invoked. Note that ClassicLink Mirror will not make changes to your resources at this point because you have not yet tagged any EC2-Classic security groups to be managed.

Step 2. Create a VPC

You must create the VPC that you will migrate your EC2-Classic resources to. After you create the VPC, there are no ongoing configuration tasks to complete because ClassicLink Mirror will fully manage it, ensuring that it mirrors your EC2-Classic environment throughout the duration of your migration.

  1. Open the Amazon VPC console, make sure you are in the correct AWS Region, and in the left pane, choose Your VPCs.

  2. Choose Create VPC and configure your network as necessary. (See Amazon VPC documentation for guidance.)

  3. Enable ClassicLink on your new VPC. Select the VPC, right-click, and choose Enable ClassicLink.

  4. Note the VPC ID (vpc-xxxxxxxx) to use in the next step of this deployment.

Step 3. Tag Your EC2-Classic Security Groups

You must assign tags to each EC2-Classic security group that you want ClassicLink Mirror to manage.

Use the following format:

  • Tag name: classicmirror:linkToVPC

  • Tag value: <The VPC ID noted in the previous procedure, e.g., vpc-11112222>

Within a few minutes, you will see that the AWS Lambda function was invoked and completed the following actions: created a VPC security group analogous to the EC2-Classic security group that you tagged; copied over its rules; and linked (via ClassicLink) any member EC2 instances to that VPC security group.