Outpost server installation
When you order an Outpost server, you are responsible for installation, whether you do it yourself or contract a third party. The party installing requires specific permissions to verify the identity of the new device. For more information, see Grant permissions.
Prerequisite
You must have an Outpost server form factor at your site. For more information, see Create an Outpost and order Outpost capacity.
Note
We recommend that you view the Installing AWS Outposts Servers
Tasks
Step 1: Grant permissions
To verify the identity of the new device, you must have IAM credentials in the AWS account that contains the Outpost. The AWSOutpostsAuthorizeServerPolicy policy grants the permissions required to install an Outpost server. For more information, see Identity and access management (IAM) for AWS Outposts.
Considerations
-
If you are using a third party that does not have access to your AWS account, you must provide temporary access.
-
AWS Outposts supports using temporary credentials. You can configure temporary credentials that last up to 36 hours. Ensure that you give the installer enough time to perform all the steps for server installation. For more information, see Using temporary credentials with AWS Outposts.
Step 2: Inspect
To complete an inspection of the Outposts equipment, you should check the shipping package for damage, unpack the shipping package, and locate the Nitro Security Key (NSK). Consider the following information about inspecting the server:
-
The shipping package has shock sensors located on the two largest sides of the box.
-
The inside flap of the shipping package contains instructions about how to unpack the server and locate the NSK.
-
The NSK is an encryption module. To complete inspection, you locate the NSK. You attach the NSK to the server in a later step.
To inspect the shipping package
-
Before you open the shipping package, observe both shock sensors and note if they have been activated. If the shock sensors have been activated it is possible that the unit has been damaged. Proceed with the installation taking time to note any further damage to the server or accessories. If any part of the system is obviously damaged or the installation fails to proceed as expected contact AWS Support for guidance on replacing your Outposts server.
If the bar in the middle of the sensor is red, the sensor has been activated.
To unpack the shipping package
-
Open the package and ensure it contains the following items:
-
Server
-
Nitro Security Key (encryption module) – packaging marked with "NSK" in red. See the following procedure for locating the NSK from the shipping package for more information.
-
Rack installation kit (2 inner rails, 2 outer rails, and screws)
-
Installation pamphlet
-
Accessory kit
-
Pair of C13/14 power cables ‐ 10 feet (3m)
-
QSFP breakout cable ‐10 feet (3m)
-
USB cable, micro-USB to USB-C ‐ 10 feet (3m)
-
Brush guard
-
-
The NSK is inside the box labelled A that includes the accessories for the server.
Important
Do not use the NSK to destroy data on the server during installation.
The NSK is required to activate the server. The NSK is also used to destroy data on the server when you send the server back. In this installation step, ignore the instructions on the body of the NSK as those instructions are to destroy data.
Step 3: Rack mount
To complete this step, you must attach inner rails to the server, outer rails to the rack, then mount the server on the rack. You need a Phillips-head screwdriver to complete these steps.
Rack mount alternatives
You are not required to mount the server in a rack. If you're not mounting the server in a rack, consider the following information:
-
Ensure a minimum clearance of 6 inches (15 cm) between the server and walls in front of and behind the server to allow the hot air to circulate.
-
Place the server on a stable surface free from mechanical hazards such as moisture or falling objects.
-
To use the networking cables included with the server, you must place the server within 10 feet (3 m) of your upstream networking device.
-
Follow local guidance for seismic bracing and bonding.
To identify left from right, front from back
-
Locate and open the box of rack rails that came with the server.
-
Look at the markings on the rails to determine which is left and right. These markings determine to which side of the server each rail gets attached.
-
Look at the posts on each end of the rails to determine which is front, and which is back.
The front end has three posts.
The back end has two posts.
To attach inner rails to the server
-
Detach the inner rail from the outer rail for both rails. You should have four rails.
-
Attach the right inner rail to the right side of the server and secure the rail with a screw. Make sure you orient the rail correctly with the server. Point the front part of the rail toward the front of the server.
-
Attach the left inner rail to the left side of the server and secure the rail with a screw.
To attach outer rails to the rack
-
Face the rack and use the rail marked R on the right side of the rack. Attach the back of the rail to the rack first, then extend the rail to connect it to the front of the rack.
Tip
Pay attention to the orientation of the rails. Use included pin adapters if necessary.
-
Repeat with the left rail on the left side.
To mount the server in the rack
-
Slide the server into the outer rails you installed on the rack in the previous step and secure the server at the front with two provided screws.
Tip
Use two people to slide the server into the rack.
Step 4: Power up
To complete power up, you attach the NSK, connect the server to a power source, and verify that the server has powered on. Consider the following information about powering the server:
-
The server functions with one power source, but AWS recommends you use two power sources for redundancy.
-
Connect the power cables before you connect the network cables.
-
Use the pair of C13 outlet/C14 inlet power cables to connect the server to a power supply on the rack. If you're not using the C14 inlet power cable to connect the server to a power supply on the rack, you must provide adapters for the C14 inlets that connect to a power source.
You must attach the NSK to the server so it can decrypt data on the server during operation.
Important
-
The side of the NSK has instructions on how to destroy the NSK. Do not follow those instructions now. Follow those instructions only when returning the server to AWS, to cryptographically shred the data on the server.
-
If you are installing multiple servers at the same time, ensure that you do not mix up the NSKs. You must attach the NSK to the server that it shipped with. If you use a different NSK, the server will not boot up.
To attach the NSK
-
On the front right side of the server, open the NSK compartment.
The following image shows the NSK attached to a 2U server.
The following image shows the NSK attached to a 1U server.
-
Ensure that the serial number (SN) on the NSK matches the SN on the bezel pull-out tab of the NSK compartment on the server.
The following image shows the SN number on the NSK and bezel pull-out tab:
-
Fit the NSK into the slot.
-
Hand tighten using the thumbscrew or tighten with a screwdriver (0.7 Nm / 0.52 lb-ft) until snug. Do not use power tool as it might over-torque and damage the NSK.
The following image shows the location of the thumbscrew.
The following image shows the type of screwdriver you can use to attach the NSK to the server.
To connect the server to power
-
Locate the pair of C13/C14 power cables that came with the server.
-
Connect the C14 end of both cables to your power source.
-
Connect the C13 end of both cables to the ports on the front of the server.
To verify the server has power
-
Verify that you can hear the server running.
Tip
The noise level goes down after the server provisions itself.
-
Verify that the LED power lights above the power ports are lit.
The following image shows the LED power lights on a 2U server
The following image shows the LED power lights on a 1U server
Step 5: Connect network
To complete the network setup, you connect the server to your upstream networking device with network cable.
Consider the following information about connecting to the network:
-
The server requires connections for two types of traffic: service link traffic and local network interface (LNI) link traffic. The instructions in the following section describe which ports to use on the server to segment traffic. Consult with your IT group to determine which port on your upstream networking device should carry each type of traffic.
-
Ensure the server has connected to your upstream networking device and has been assigned an IP address. For more information, see Server IP address assignment.
-
The optical connection on an AWS Outposts server only supports 10 Gbits and does not support auto-negotiation of port speed. If the host port tries to negotiate port speed, for example, between 10 through 25 Gbits, you can run into problems. In such cases, we recommend you do the following:
-
Set the port speed on the switch port to 10 Gbits.
-
Work with your switch vendor to support a static configuration.
-
With the QSFP breakout cable, you use breakouts to segment traffic.
The following image shows the QSFP breakout cable:

One end of the QSFP cable has a single connector. Connect this end to the server.
The following image shows the end of the cable with the single connector:

The other end of the QSFP cable has 4 breakout cables labeled 1 through 4. Use the cable labeled 1 for LNI link traffic and the cable labeled 2 for service link traffic.
The following image shows the end of the cable with the 4 breakout cables:

To connect the server to the network with the QSFP breakout cable
-
Locate the QSFP breakout cable that came with the server.
-
Connect the single end of the QSFP breakout cable to the QSFP port on the server.
-
Locate the QSFP port.
The following image shows the location of the QSFP port on the 2U server.
The following image shows the location of the QSFP port on the 1U server.
-
Plug in the QSFP with the pull-tab in the correct orientation.
For the 2U server, plug in the QSFP with the pull-tab on top as the following image shows.
For the 1U server, plug in the QSFP with the pull-tab on the bottom as the following image shows.
-
Ensure that you feel or hear a click when you plug the cables in. This indicates that you plugged in the cables correctly.
-
-
Connect breakouts 1 and 2 of the QSFP cable to the upstream networking device.
Important
Both of the following cables are required for an Outpost server to function.
-
Use the cable labeled 1 for LNI link traffic.
-
Use the cable labeled 2 for service link traffic.
-
Step 6: Authorize server
To authorize the server, you must connect your laptop to the server with a USB cable, then use a command-based serial protocol to test the connection and authorize the server. In addition to IAM credentials, you need a USB cable, a laptop, and serial terminal software, such as PuTTY or screen, to complete these steps.
Alternatively, if you have an Android phone or tablet with a USB-C or micro-USB connector with USB On The Go (OTG) support, you can use the Outposts Server Activator app to walk you through the server-authorization process. You can download the app from the following locations:
Consider the following information about authorizing the server:
-
To authorize the server, you or the party installing the server needs IAM credentials in the AWS account that contains the Outpost. For more information, see Step 1: Grant permissions.
-
You do not need to authenticate with the IAM credentials to test your connection.
-
Consider testing the connection before you use the export command to set IAM credentials as environment variables.
-
To protect your account, Outpost Configuration Tool never saves your IAM credentials.
-
To connect your laptop to the server, always plug the USB cable into your laptop first and then into the server.
Tasks
Connect your laptop to the server
Connect the USB cable to your laptop first and then to the server. The server includes a USB chip that creates a virtual serial port available to you on the laptop. You can use this virtual serial port to connect to the server with serial terminal emulation software. You can only use this virtual serial port to run Outpost Configuration Tool commands.
To connect the laptop to the server
Plug the USB cable into your laptop first, then into the server.
Note
The USB chip requires drivers to create the virtual serial port. Your operating system
should automatically install the required drivers if they are not already present. To
download and install the drivers, see Installation Guides
Create a serial connection to the server
This section contains instructions for using popular serial terminal programs, but you
are not required to use these programs. Use the serial terminal program you prefer with a
connection speed of 115200
baud.
Windows serial connection
The following instructions are for PuTTY on Windows. PuTTY is free, but you may have to download it.
Download PuTTY
Download and install PuTTY from the PuTTY download
page
To create a serial terminal on Windows using PuTTY
-
Plug the USB cable into your Windows laptop first, then into the server.
-
From the Desktop, right-click Start, and choose Device Manager.
-
In Device Manager, expand Ports (COM & LPT) to determine the COM port for the USB serial connection. You will see a node named USB Serial Port (COM
#
). The value for the COM port depends on your hardware. -
In PuTTY, from Session, choose Serial for Connection type, and then enter the following information:
-
Under Serial line, enter the COM
#
port from Device Manager. -
Under Speed, enter:
115200
The following image shows an example on the PuTTY Configuration page:
-
-
Choose Open.
An empty console window appears. It can take between 1 to 2 minutes for one of the following to appear:
-
Please wait for the system to stabilize. This can take up to 900 seconds, so far
x seconds
have elapsed on this boot. -
The
Outpost>
prompt.
-
Mac serial connection
The following instructions are for screen on macOS. You can find screen included with the operating system.
To create a serial terminal on macOS using screen
-
Plug the USB cable into your Mac laptop first, then into the server.
-
In Terminal, list
/dev
with a*usb*
filter for output to find the virtual serial port.ls -ltr /dev/*usb*
The serial device appears as
tty
. For example, consider the following sample output from the previous list command:ls -ltr /dev/*usb*
crw-rw-rw- 1 root wheel 21, 3 Feb 8 15:48 /dev/cu.usbserial-
EXAMPLE1
crw-rw-rw- 1 root wheel 21, 2 Feb 9 08:56 /dev/tty.usbserial-EXAMPLE1
-
In Terminal, use screen with the serial device and a baud rate of the serial connection to set up the serial connection. In the following command, replace
EXAMPLE1
with the value from your laptop.screen /dev/tty.usbserial-
EXAMPLE1
115200An empty console window appears. It can take between 1 to 2 minutes for one of the following to appear:
-
Please wait for the system to stabilize. This can take up to 900 seconds, so far
x seconds
have elapsed on this boot. -
The
Outpost>
prompt.
-
Test the connection
This section describes how to use Outpost Configuration Tool to test the connection. You don't need IAM credentials to test the connection. Your connection needs to be able to resolve DNS to access the AWS Region.
-
Test the links and gather information about the connection
-
Test for DNS resolver
-
Test for access to the AWS Region
To test the links
-
Plug the USB cable into your laptop first and then into the server.
-
Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.
-
Press Enter to access the Outpost Configuration Tool command prompt.
Outpost>
Note
If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.
-
Use describe-links to return information about the network links on the server. Outpost servers must have one service link and one local network interface (LNI) link.
Outpost>
describe-links
--- service_link_connected: True local_link_connected: False links: - name: local_link connected: False mac:
00:00:00:00:00:00
- name: service_link connected: True mac:0A:DC:FE:D7:8E:1F
checksum:0x46FDC542
If you get
connected: False
for either link, troubleshoot the network connection on the hardware. -
Use describe-ip to return the IP assignment status and configuration of the service link.
Outpost>
describe-ip
--- links: - name: service_link configured: True ip:
192.168.0.0
netmask:255.255.0.0
gateway:192.168.1.1
dns: [ "192.168.1.1
" ] ntp: [ ] checksum:0x8411B47C
The NTP value might be missing as NTP is optional in a DHCP option set. You should have no other missing values.
To test for DNS
-
Plug the USB cable into your laptop first and then into the server.
-
Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.
-
Press Enter to access the Outpost Configuration Tool command prompt.
Outpost>
Note
If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.
-
Use export to enter the parent Region of the Outpost server as the value for
AWS_DEFAULT_REGION
.AWS_DEFAULT_REGION=
Region
Outpost>
export AWS_DEFAULT_REGION=
us-west-2
result: OK checksum:
0xB2A945RE
-
Do not include a space before or after the equal (=) sign.
-
No environment values are saved. You must export AWS Region each time you run Outpost Configuration Tool.
-
If you are using a third-party to install the server, you must provide the third-party with the parent Region.
-
-
Use describe-resolve to determine if the Outpost server can reach a DNS resolver and resolve the IP address of the Outpost configuration endpoint in the Region. Requires at least one link with an IP configuration.
Outpost>
describe-resolve
--- dns_responding: True dns_resolving: True dns: [ "
198.xx.xxx.xx
", "198.xx.xxx.xx
" ] query:outposts.us-west-2.amazonaws.com
records: [ "18.xxx.xx.xxx
", "44.xxx.xxx.xxx
", "44.xxx.xxx.xxx" ] checksum:0xB6A961CE
To test access to AWS Regions
-
Plug the USB cable into your laptop first and then into the server.
-
Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.
-
Press Enter to access the Outpost Configuration Tool command prompt.
Outpost>
Note
If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.
-
Use export to enter the parent Region of the Outpost server as the value for
AWS_DEFAULT_REGION
.AWS_DEFAULT_REGION=
Region
Outpost>
export AWS_DEFAULT_REGION=
us-west-2
result: OK checksum:
0xB2A945RE
-
Do not include a space before or after the equal (=) sign.
-
No environment values are saved. You must export AWS Region each time you run Outpost Configuration Tool.
-
If you are using a third-party to install the server, you must provide the third-party with the parent Region.
-
-
Use describe-reachability to determine if the Outpost server can reach the Outpost configuration endpoint in the Region. Requires a working DNS configuration, which you can determine by using describe-resolve.
Outpost>
describe-reachability
--- is_reachable: True src_ip:
10.0.0.0
dst_ip:54.xx.x.xx
dst_port:xxx
checksum:0xCB506615
-
is_reachable
indicates the outcome of the test -
src_ip
is the IP address of the server -
dst_ip
is the IP address of the Outpost configuration endpoint in the Region -
dst_port
is the port the server used to connect todst_ip
-
Authorize the server
This section describes how to use Outpost Configuration Tool and the IAM credentials from the AWS account that contains the Outpost to authorize the server.
To authorize the server
-
Plug the USB cable into your laptop first and then into the server.
-
Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.
-
Press Enter to access the Outpost Configuration Tool command prompt.
Outpost>
Note
If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.
-
Use export to enter your IAM credentials into Outpost Configuration Tool. If you are using a third-party to install the server, you must provide the third-party with the IAM credentials.
To authenticate, you must export the following four variables. Export one variable at a time. Do not include a space before or after the equal (=) sign.
-
AWS_ACCESS_KEY_ID=
access-key-id
-
AWS_SECRET_ACCESS_KEY=
secret-access-key
-
AWS_SESSION_TOKEN=
session-token
-
Use the AWS CLI
GetSessionToken
command to get theAWS_SESSION_TOKEN
. For more information, see get-session-tokenin the AWS CLI Command Reference. Note
You must have the AWSOutpostsAuthorizeServerPolicy attached to your IAM role to get the
AWS_SESSION_TOKEN
. -
To install the AWS CLI, see Installing or updating the latest version of the AWS CLI in the AWS CLI User Guide for Verrsion 2.
-
-
AWS_DEFAULT_REGION=
Region
Use the parent Region of the Outpost server as the value for
AWS_DEFAULT_REGION
. If you are using a third party to install the server, you must provide the third party with the parent Region.
The output in the following examples show successful exports.
Outpost>
export AWS_ACCESS_KEY_ID=
AKIAIOSFODNN7EXAMPLE
result: OK checksum:
example-checksum
Outpost>
export AWS_SECRET_ACCESS_KEY=
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
result: OK checksum:
example-checksum
Outpost>
export AWS_SESSION_TOKEN=
MIICiTCCAfICCQD6m7oRw0uXOjANBgk VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6 b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ 21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4 nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
result: OK checksum:
example-checksum
Outpost>
export AWS_DEFAULT_REGION=
us-west-2
result: OK checksum:
example-checksum
-
-
Use start-connection to create a secure connection to the Region.
The output in the following example shows a connection successfully started.
Outpost>
start-connection
is_started: True asset_id:
example-asset-id
connection_id:example-connection-id
timestamp:2021-10-01T23:30:26Z
checksum:example-checksum
-
Wait for about 5 minutes.
-
Use get-connection to check if the connection to the Region has been established.
The output in the following example shows a successful connection.
Outpost>
get-connection
--- keys_exchanged: True connection_established: True exchange_active: False primary_peer:
xx.xx.xx.xx:xxx
primary_status: success primary_connection_id:a1b2c3d4567890abcdefEXAMPLE11111
primary_handshake_age:1111111111
primary_server_public_key:AKIAIOSFODNN7EXAMPLE
primary_client_public_key:AKIAI44QH8DHBEXAMPLE
primary_server_endpoint:xx.xx.xx.xx:xxx
secondary_peer:xx.xxx.xx.xxx:xxx
secondary_status: success secondary_connection_id:a1b2c3d4567890abcdefEXAMPLE22222
secondary_handshake_age:1111111111
secondary_server_public_key:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
secondary_client_public_key:je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
secondary_server_endpoint:xx.xxx.xx.xxx:xxx
timestamp:2023-02-22T22:19:28Z
checksum:0x83FA0123
After
keys_exchanged
andconnection_established
changes toTrue
, the Outpost server is automatically provisioned and updated to the latest software and configuration.Note
Note the following about the provisioning process:
-
After activation completes, it can take up to 10 hours until your Outpost server is usable.
-
You must keep the Outpost server's power and network connected and stable during this process.
-
It is normal for the service link to fluctuate during this process.
-
If
exchange_active
isTrue
, the connection is still establishing. Retry in 5 minutes. -
If
keys_exchanged
orconnection_established
isFalse
, and ifexchange_active
isTrue
, the connection is still establishing. Retry in 5 minutes. -
If
keys_exchanged
orconnection_established
isFalse
even after 1 hour, contact AWS Support Center. -
If the
primary_status: No such asset id with device serial number found.
message appears, check if the Region that you specified is correct.If the Region is correct, contact AWS Support Center
. -
The
LifeCycleStatus
attribute of the Outpost will transition fromProvisioning
toActive
. You will then receive an email letting you know that your Outpost server is provisioned and activated. -
You don’t need to re-authorize the Outposts server after the Outposts server is activated.
-
-
After you make a successful connection, you can disconnect your laptop from the server.
Outpost Configuration Tool command reference
The Outpost Configuration Tool provides the following commands.
Commands
Export
- export
-
Use export to set IAM credentials as environment variables.
- Syntax
-
Outpost>
export
variable
=value
export takes the variable assignment statement.
Must use the following format:
variable
=value
To authenticate, you must export the following four variables. Export one variable at a time. Do not include a space before or after the equal (=) sign.
-
AWS_ACCESS_KEY_ID=
access-key-id
-
AWS_SECRET_ACCESS_KEY=
secret-access-key
-
AWS_SESSION_TOKEN=
session-token
-
AWS_DEFAULT_REGION=
Region
Use the parent Region of the Outpost server as the value for
AWS_DEFAULT_REGION
.
-
Example : successful credential imports
Outpost>
export AWS_ACCESS_KEY_ID=
AKIAIOSFODNN7EXAMPLE
result: OK checksum:
example-checksum
Outpost>
export AWS_SECRET_ACCESS_KEY=
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
result: OK checksum:
example-checksum
Outpost>
export AWS_SESSION_TOKEN=
MIICiTCCAfICCQD6m7oRw0uXOjANBgk VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6 b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ 21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4 nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
result: OK checksum:
example-checksum
Outpost>
export AWS_DEFAULT_REGION=
us-west-2
result: OK checksum:
example-checksum
Echo
- echo
-
Use echo to display the value that you set for a variable using the export command.
- Syntax
-
Outpost>
echo $
variable-name
The
variable-name
can be one of the following:-
AWS_ACCESS_KEY_ID
-
AWS_SECRET_ACCESS_KEY
-
AWS_SESSION_TOKEN
-
AWS_DEFAULT_REGION
-
Example : Success
Outpost>
export AWS_DEFAULT_REGION=
us-west-2
result: OK checksum:
---example-checksum
Outpost>
echo $AWS_DEFAULT_REGION
variable name: AWS_DEFAULT_REGION variable value:
us-west-2
checksum:example-checksum
Example : Failure because the variable value was not set with the export command
Outpost>
echo $AWS_ACCESS_KEY_ID
error_type: execution_error error_attributes: AWS_ACCESS_KEY_ID: no value set error_message: No value set for AWS_ACCESS_KEY_ID using export. checksum:
example-checksum
Example : Failure because the variable name is not valid
Oupost>
echo $foo
error_type: invalid_argument error_attributes: foo: invalid variable name error_message: Variables can only be AWS credentials. checksum:
example-checksum
Example : Failure because of a syntax issue
Outpost>
echo AWS_SECRET_ACCESS_KEY
error_type: invalid_argument error_attributes: AWS_SECRET_ACCESS_KEY: not a variable error_message: Expecting $ before variable name. checksum:
example-checksum
Describe links
- describe-links
-
Use describe-links to return information about the network links on the server. Outpost servers must have one service link and one local network interface (LNI) link.
- Syntax
-
Outpost>
describe-links
describe-links takes no arguments.
Describe IP
- describe-ip
-
Use describe-ip to return the IP assignment status and configuration of each connected link.
- Syntax
-
Outpost>
describe-ip
describe-ip takes no arguments.
Describe resolve
- describe-resolve
-
Use describe-resolve to determine if the Outpost server can reach a DNS resolver and resolve the IP address of the Outpost configuration endpoint in the Region. Requires at least one link with an IP configuration.
- Syntax
-
Outpost>
describe-resolve
describe-resolve takes no arguments.
Describe reachability
- describe-reachability
-
Use describe-reachability to determine if the Outpost server can reach the Outpost configuration endpoint in the Region. Requires a working DNS configuration, which you can determine by using describe-resolve.
- Syntax
-
Outpost>
describe-reachability
describe-reachability takes no arguments.
Start connection
- start-connection
-
Use start-connection to initiate a connection with the Outpost service in the Region. This command sources the Signature Version 4 (SigV4) credentials from the environment variables you loaded with export. The connection runs asynchronously and returns immediately. To check the status of the connection, use get-connection.
- Syntax
-
Outpost>
start-connection
[0|1]start-connection takes an optional connection index to initiate another connection. Only values of
0
and1
are valid.
Example : connection started
Outpost>
start-connection
is_started: True asset_id:
example-asset-id
connection_id:example-connecdtion-id
timestamp:2021-10-01T23:30:26Z
checksum:example-checksum
Get connection
- get-connection
-
Use get-connection to return the status of the connection.
- Syntax
-
Outpost>
get-connection
[0|1]get-connection takes an optional connection index to return the status of another connection. Only values of
0
and1
are valid.
Example : successful connection
Outpost>
get-connection
--- keys_exchanged: True connection_established: True exchange_active: False primary_peer:
xx.xx.xx.xx:xxx
primary_status: success primary_connection_id:a1b2c3d4567890abcdefEXAMPLE11111
primary_handshake_age:1111111111
primary_server_public_key:AKIAIOSFODNN7EXAMPLE
primary_client_public_key:AKIAI44QH8DHBEXAMPLE
primary_server_endpoint:xx.xx.xx.xx:xxx
secondary_peer:xx.xxx.xx.xxx:xxx
secondary_status: success secondary_connection_id:a1b2c3d4567890abcdefEXAMPLE22222
secondary_handshake_age:1111111111
secondary_server_public_key:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
secondary_client_public_key:je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
secondary_server_endpoint:xx.xxx.xx.xxx:xxx
timestamp:2023-02-22T22:19:28Z
checksum:0x83FA0123
Note:
-
If
exchange_active
isTrue
, the connection is still establishing. Retry in 5 minutes. -
If
keys_exchanged
orconnection_established
isFalse
, and ifexchange_active
isTrue
, the connection is still establishing. Retry in 5 minutes.
If the issue persists after 1 hour, contact AWS Support Center