Outpost server installation

When you order an Outpost server, you are responsible for installation, whether you do it yourself or contract a third party. The party installing requires specific permissions to verify the identity of the new device. For more information, see Grant permissions.

Prerequisite

You must have an Outpost server form factor at your site. For more information, see Create an Outpost and order Outpost capacity.

Step 1: Grant permissions

To verify the identity of the new device, you must have IAM credentials in the AWS account that contains the Outpost. The AWSOutpostsAuthorizeServerPolicy policy grants the permissions required to install an Outpost server. For more information, see Identity and access management (IAM) for AWS Outposts.

Considerations

• If you are using a third party that does not have access to your AWS account, you must provide temporary access.

• AWS Outposts supports using temporary credentials. You can configure temporary credentials that last up to 36 hours. Ensure that you give the installer enough time to perform all the steps for server installation. For more information, see Using temporary credentials with AWS Outposts.

Step 2: Inspect

To complete an inspection of the Outposts equipment, you should check the shipping package for damage, unpack the shipping package, and locate the Nitro Security Key (NSK). Consider the following information about inspecting the server:

• The shipping package has shock sensors located on the two largest sides of the box.

• The inside flap of the shipping package contains instructions about how to unpack the server and locate the NSK.

• The NSK is an encryption module. To complete inspection, you locate the NSK. You attach the NSK to the server in a later step.

Check the shipping package

To inspect the shipping package

• Before you open the shipping package, observe both shock sensors and note if they have been activated. If the shock sensors have been activated it is possible that the unit has been damaged. Proceed with the installation taking time to note any further damage to the server or accessories. If any part of the system is obviously damaged or the installation fails to proceed as expected contact AWS Support for guidance on replacing your Outposts server.

  

  If the bar in the middle of the sensor is red, the sensor has been activated.

Unpack the shipping package

To unpack the shipping package

• Open the package and ensure it contains the following items:

  • Server

  • Nitro Security Key (encryption module) – packaging marked with "NSK" in red. See the following procedure for locating the NSK from the shipping package for more information.

  • Rack installation kit (2 inner rails, 2 outer rails, and screws)

  • Installation pamphlet

  • Accessory kit

    • Pair of C13/14 power cables ‐ 10 feet (3m)

    • QSFP breakout cable ‐10 feet (3m)

    • USB cable, micro-USB to USB-C ‐ 10 feet (3m)

    • Brush guard

Find the NSK

You use the NSK to destroy data on the server when you send the server back. Ignore the instructions on the body of the NSK.

Important

Do not use the NSK to destroy data on the server during installation.

To locate the NSK

• Retrieve the NSK from the foam packaging of the shipping package. The NSK is required to activate the server. Find the exact location of the NSK marked on the inside of the package lid in red.

  

Step 3: Rack mount

To complete this step, you must attach inner rails to the server, outer rails to the rack, then mount the server on the rack. You need a Phillips-head screwdriver to complete these steps.

Rack mount alternatives

You are not required to mount the server in a rack. If you're not mounting the server in a rack, consider the following information:

• Ensure a minimum clearance of 6 inches (15 cm) between the server and walls in front of and behind the server to allow the hot air to circulate.

• Place the server on a stable surface free from mechanical hazards such as moisture or falling objects.

• To use the networking cables included with the server, you must place the server within 10 feet (3 m) of your upstream networking device.

• Follow local guidance for seismic bracing and bonding.

Identify sides and ends

To identify left from right, front from back

1. Locate and open the box of rack rails that came with the server.

2. Look at the markings on the rails to determine which is left and right. These markings determine to which side of the server each rail gets attached.

   

3. Look at the posts on each end of the rails to determine which is front, and which is back.

   The front end has three posts.

   

   The back end has two posts.

   

Attach inner rails

To attach inner rails to the server

1. Detach the inner rail from the outer rail for both rails. You should have four rails.

2. Attach the right inner rail to the right side of the server and secure the rail with a screw. Make sure you orient the rail correctly with the server. Point the front part of the rail toward the front of the server.

3. Attach the left inner rail to the left side of the server and secure the rail with a screw.

Attach outer rails

To attach outer rails to the rack

1. Face the rack and use the rail marked R on the right side of the rack. Attach the back of the rail to the rack first, then extend the rail to connect it to the front of the rack.

   Tip

   Pay attention to the orientation of the rails. Use included pin adapters if necessary.

2. Repeat with the left rail on the left side.

Mount the server

To mount the server in the rack

• Slide the server into the outer rails you installed on the rack in the previous step and secure the server at the front with two provided screws.

  Tip

  Use two people to slide the server into the rack.

Step 4: Power up

To complete power up, you attach the NSK, connect the server to a power source, and verify that the server has powered on. Consider the following information about powering the server:

• The server functions with one power source, but AWS recommends you use two power sources for redundancy.

• Connect the power cables before you connect the network cables.

• Use the pair of C13 outlet/C14 inlet power cables to connect the server to a power supply on the rack. If you're not using the C14 inlet power cable to connect the server to a power supply on the rack, you must provide adapters for the C14 inlets that connect to a power source.

Attach NSK

You must attach the NSK to the server so it can decrypt data on the server during operation.

Important

• The side of the NSK has instructions on how to destroy the NSK. Do not follow those instructions now. Follow those instructions only when returning the server to AWS, to cryptographically shred the data on the server.

• If you are installing multiple servers at the same time, ensure that you do not mix up the NSKs. You must attach the NSK to the server that it shipped with. If you use a different NSK, the server will not boot up.

To attach the NSK

1. On the front right side of the server, open the NSK compartment.

   

2. Fit the NSK into the slot.

3. Use your fingers to twist the knob until it is snug.

Power up

To connect the server to power

1. Locate the pair of C13/C14 power cables that came with the server.

2. Connect the C14 end of both cables to your power source.

3. Connect the C13 end of both cables to the ports on the front of the server.

Verify power

To verify the server has power

1. Verify that you can hear the server running.

   Tip

   The noise level goes down after the server provisions itself.

2. Verify that the LED power lights above the power ports are lit.

   

Step 5: Connect network

To complete the network setup, you connect the server to your upstream networking device with network cable.

Consider the following information about connecting to the network:

• The server requires connections for two types of traffic: service link traffic and local network interface (LNI) link traffic. The instructions in the following section describe which ports to use on the server to segment traffic. Consult with your IT group to determine which port on your upstream networking device should carry each type of traffic.

• Ensure the server has connected to your upstream networking device and has been assigned an IP address. For more information, see Server IP address assignment.

• The optical connection on an AWS Outposts server only supports 10 Gbits and does not support auto-negotiation of port speed. If the host port tries to negotiate port speed, for example, between 10 through 25 Gbits, you can run into problems. In such cases, we recommend you do the following:

  • Set the port speed on the switch port to 10 Gbits.

  • Work with your switch vendor to support a static configuration.

Configure QSFP network

With the QSFP breakout cable, you use breakouts to segment traffic.

The following image shows the QSFP breakout cable:

One end of the QSFP cable has a single connector. Connect this end to the server.

The following image shows the end of the cable with the single connector:

The other end of the QSFP cable has 4 breakout cables labeled 1 through 4. Use the cable labeled 1 for LNI link traffic and the cable labeled 2 for service link traffic.

The following image shows the end of the cable with the 4 breakout cables:

To connect the server to the network with the QSFP breakout cable

1. Locate the QSFP breakout cable that came with the server.

2. Connect the single end of the QSFP breakout cable to port 3 on the server.

   

3. Connect breakouts 1 and 2 of the QSFP cable to the upstream networking device.

   Important

   • Use the cable labeled 1 for LNI link traffic.

   • Use the cable labeled 2 for service link traffic.

Step 6: Authorize server

To authorize the server, you must connect your laptop to the server with a USB cable, then use a command-based serial protocol to test the connection and authorize the server. In addition to IAM credentials, you need a USB cable, a laptop, and serial terminal software, such as PuTTY or screen, to complete these steps.

Alternatively, if you have an Android phone or tablet with a USB-C or micro-USB connector with USB On The Go (OTG) support, you can use the Outposts Server Activator app to walk you through the server-authorization process. You can download the app from the following locations:

• Amazon Appstore

• Google Play

Consider the following information about authorizing the server:

• To authorize the server, you or the party installing the server needs IAM credentials in the AWS account that contains the Outpost. For more information, see Step 1: Grant permissions.

• You do not need to authenticate with the IAM credentials to test your connection.

• Consider testing the connection before you use the export command to set IAM credentials as environment variables.

• To protect your account, Outpost Configuration Tool never saves your IAM credentials.

• To connect your laptop to the server, always plug the USB cable into your laptop first and then into the server.

Tasks

• Connect your laptop to the server
• Create a serial connection to the server
• Test the connection
• Authorize the server
• Outpost Configuration Tool command reference

Connect your laptop to the server

Connect the USB cable to your laptop first and then to the server. The server includes a USB chip that creates a virtual serial port available to you on the laptop. You can use this virtual serial port to connect to the server with serial terminal emulation software. You can only use this virtual serial port to run Outpost Configuration Tool commands.

To connect the laptop to the server

Plug the USB cable into your laptop first, then into the server.

Note

The USB chip requires drivers to create the virtual serial port. Your operating system should automatically install the required drivers if they are not already present. To download and install the drivers, see Installation Guides from FTDI.

Create a serial connection to the server

This section contains instructions for using popular serial terminal programs, but you are not required to use these programs. Use the serial terminal program you prefer with a connection speed of 115200 baud.

Examples

• Windows serial connection
• Mac serial connection

Windows serial connection

The following instructions are for PuTTY on Windows. PuTTY is free, but you may have to download it.

Download PuTTY

Download and install PuTTY from the PuTTY download page.

To create a serial terminal on Windows using PuTTY

1. Plug the USB cable into your Windows laptop first, then into the server.

2. From the Desktop, right-click Start, and choose Device Manager.

3. In Device Manager, expand Ports (COM & LPT) to determine the COM port for the USB serial connection. You will see a node named USB Serial Port (COM#). The value for the COM port depends on your hardware.

   

4. In PuTTY, from Session, choose Serial for Connection type, and then enter the following information:

   • Under Serial line, enter the COM# port from Device Manager.

   • Under Speed, enter: 115200

   The following image shows an example on the PuTTY Configuration page:

   

5. Choose Open.

   An empty console window appears. It can take between 1 to 2 minutes for one of the following to appear:

   • Please wait for the system to stabilize. This can take up to 900 seconds, so far x seconds have elapsed on this boot.

   • The Outpost> prompt.

Mac serial connection

The following instructions are for screen on macOS. You can find screen included with the operating system.

To create a serial terminal on macOS using screen

1. Plug the USB cable into your Mac laptop first, then into the server.

2. In Terminal, list /dev with a *usb* filter for output to find the virtual serial port.

   ls -ltr /dev/*usb*

   The serial device appears as tty. For example, consider the following sample output from the previous list command:

   ls -ltr /dev/*usb*
   crw-rw-rw-  1 root  wheel   21,   3 Feb  8 15:48 /dev/cu.usbserial-EXAMPLE1
   crw-rw-rw-  1 root  wheel   21,   2 Feb  9 08:56 /dev/tty.usbserial-EXAMPLE1

3. In Terminal, use screen with the serial device and a baud rate of the serial connection to set up the serial connection. In the following command, replace EXAMPLE1 with the value from your laptop.

   screen /dev/tty.usbserial-EXAMPLE1 115200

   An empty console window appears. It can take between 1 to 2 minutes for one of the following to appear:

   • Please wait for the system to stabilize. This can take up to 900 seconds, so far x seconds have elapsed on this boot.

   • The Outpost> prompt.

Test the connection

This section describes how to use Outpost Configuration Tool to test the connection. You don't need IAM credentials to test the connection. Your connection needs to be able to resolve DNS to access the AWS Region.

1. Test the links and gather information about the connection

2. Test for DNS resolver

3. Test for access to the AWS Region

To test the links

1. Plug the USB cable into your laptop first and then into the server.

2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

3. Press Enter to access the Outpost Configuration Tool command prompt.

   Outpost>

   Note

   If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

4. Use describe-links to return information about the network links on the server. Outpost servers must have one service link and one local network interface (LNI) link.

   Outpost>describe-links
   ---
   service_link_connected: True
   local_link_connected: False
   links:
   -
     name: local_link
     connected: False
     mac: 00:00:00:00:00:00
   -
     name: service_link
     connected: True
     mac: 0A:DC:FE:D7:8E:1F
   checksum: 0x46FDC542

   If you get connected: False for either link, troubleshoot the network connection on the hardware.

5. Use describe-ip to return the IP assignment status and configuration of the service link.

   Outpost>describe-ip
   ---
   links:
   -
     name: service_link
     configured: True
     ip: 192.168.0.0
     netmask: 255.255.0.0
     gateway: 192.168.1.1
     dns: [ "192.168.1.1" ]
     ntp: [ ]
   checksum: 0x8411B47C

   The NTP value might be missing as NTP is optional in a DHCP option set. You should have no other missing values.

To test for DNS

1. Plug the USB cable into your laptop first and then into the server.

2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

3. Press Enter to access the Outpost Configuration Tool command prompt.

   Outpost>

   Note

   If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

4. Use export to enter the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION.

   AWS_DEFAULT_REGION=Region

   Outpost>export AWS_DEFAULT_REGION=us-west-2
   
   result: OK
   checksum: 0xB2A945RE

   • Do not include a space before or after the equal (=) sign.

   • No environment values are saved. You must export AWS Region each time you run Outpost Configuration Tool.

   • If you are using a third-party to install the server, you must provide the third-party with the parent Region.

5. Use describe-resolve to determine if the Outpost server can reach a DNS resolver and resolve the IP address of the Outpost configuration endpoint in the Region. Requires at least one link with an IP configuration.

   Outpost>describe-resolve
   ---
   dns_responding: True
   dns_resolving: True
   dns: [ "198.xx.xxx.xx", "198.xx.xxx.xx" ]
   query: outposts.us-west-2.amazonaws.com
   records: [ "18.xxx.xx.xxx", "44.xxx.xxx.xxx", "44.xxx.xxx.xxx" ]
   checksum: 0xB6A961CE

To test access to AWS Regions

1. Plug the USB cable into your laptop first and then into the server.

2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

3. Press Enter to access the Outpost Configuration Tool command prompt.

   Outpost>

   Note

   If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

4. Use export to enter the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION.

   AWS_DEFAULT_REGION=Region

   Outpost>export AWS_DEFAULT_REGION=us-west-2
   
   result: OK
   checksum: 0xB2A945RE

   • Do not include a space before or after the equal (=) sign.

   • No environment values are saved. You must export AWS Region each time you run Outpost Configuration Tool.

   • If you are using a third-party to install the server, you must provide the third-party with the parent Region.

5. Use describe-reachability to determine if the Outpost server can reach the Outpost configuration endpoint in the Region. Requires a working DNS configuration, which you can determine by using describe-resolve.

   Outpost>describe-reachability
   ---
   is_reachable: True
   src_ip: 10.0.0.0
   dst_ip: 54.xx.x.xx
   dst_port: xxx
   checksum: 0xCB506615

   • is_reachable indicates the outcome of the test

   • src_ip is the IP address of the server

   • dst_ip is the IP address of the Outpost configuration endpoint in the Region

   • dst_port is the port the server used to connect to dst_ip

Authorize the server

This section describes how to use Outpost Configuration Tool and the IAM credentials from the AWS account that contains the Outpost to authorize the server.

To authorize the server

1. Plug the USB cable into your laptop first and then into the server.

2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

3. Press Enter to access the Outpost Configuration Tool command prompt.

   Outpost>

   Note

   If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

4. Use export to enter your IAM credentials into Outpost Configuration Tool. If you are using a third-party to install the server, you must provide the third-party with the IAM credentials.

   To authenticate, you must export the following four variables. Export one variable at a time. Do not include a space before or after the equal (=) sign.

   • AWS_ACCESS_KEY_ID=access-key-id

   • AWS_SECRET_ACCESS_KEY=secret-access-key

   • AWS_SESSION_TOKEN=session-token

     • Use the AWS CLI GetSessionToken command to get the AWS_SESSION_TOKEN. For more information, see get-session-token in the AWS CLI Command Reference.

     • To install the AWS CLI, see Installing or updating the latest version of the AWS CLI in the AWS CLI User Guide for Verrsion 2.

   • AWS_DEFAULT_REGION=Region

     Use the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION. If you are using a third party to install the server, you must provide the third party with the parent Region.

   The output in the following examples show successful exports.

   Outpost>export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
   
   result: OK
   checksum: example-checksum

   Outpost>export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
   
   result: OK
   checksum: example-checksum

   Outpost>export AWS_SESSION_TOKEN=MIICiTCCAfICCQD6m7oRw0uXOjANBgk
   VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
   b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
   BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
   MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
   VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
   b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
   YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
   21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
   rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
   Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
   nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
   FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
   NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
   
   result: OK
   checksum: example-checksum

   Outpost>export AWS_DEFAULT_REGION=us-west-2
   
   result: OK
   checksum: example-checksum

5. Use start-connection to create a secure connection to the Region.

   The output in the following example shows a connection successfully started.

   Outpost>start-connection
   
   is_started: True
   asset_id: example-asset-id
   connection_id: example-connection-id
   timestamp: 2021-10-01T23:30:26Z
   checksum: example-checksum

6. Wait for about 5 minutes.

7. Use get-connection to check if the connection to the Region has been established. After you make a successful connection, you can disconnect your laptop from the server.

   The output in the following example shows a successful connection. Note:

   • If exchange_active is True, the connection is still establishing. Retry in 5 minutes.

   • If keys_exchanged or connection_established is False, and if exchange_active is True, the connection is still establishing. Retry in 5 minutes.

   If keys_exchanged or connection_established is False even after 1 hour, contact AWS Support Center.

   Outpost>get-connection
   
   
   ---
   keys_exchanged: True
   connection_established: True
   exchange_active: False
   primary_peer: xx.xx.xx.xx:xxx
   primary_status: success
   primary_connection_id: a1b2c3d4567890abcdefEXAMPLE11111
   primary_handshake_age: 1111111111
   primary_server_public_key: AKIAIOSFODNN7EXAMPLE
   primary_client_public_key: AKIAI44QH8DHBEXAMPLE
   primary_server_endpoint: xx.xx.xx.xx:xxx
   secondary_peer: xx.xxx.xx.xxx:xxx
   secondary_status: success
   secondary_connection_id: a1b2c3d4567890abcdefEXAMPLE22222
   secondary_handshake_age: 1111111111
   secondary_server_public_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
   secondary_client_public_key: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
   secondary_server_endpoint: xx.xxx.xx.xxx:xxx
   timestamp: 2023-02-22T22:19:28Z
   checksum: 0x83FA0123

   Note

   After keys_exchanged and connection_established changes to True, the Outpost server will be automatically provisioned and updated to the latest software and configuration. During this time, it is normal for the service link to fluctuate. This process can take up to 10 hours.

Outpost Configuration Tool command reference

The Outpost Configuration Tool provides the following commands.

Commands

• Export
• Echo
• Describe links
• Describe IP
• Describe resolve
• Describe reachability
• Start connection
• Get connection

Export

export

Use export to set IAM credentials as environment variables.

Syntax

Outpost>export variable=value

export takes the variable assignment statement.

Must use the following format: variable=value

To authenticate, you must export the following four variables. Export one variable at a time. Do not include a space before or after the equal (=) sign.

• AWS_ACCESS_KEY_ID=access-key-id

• AWS_SECRET_ACCESS_KEY=secret-access-key

• AWS_SESSION_TOKEN=session-token

• AWS_DEFAULT_REGION=Region

  Use the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION.

Example : successful credential imports

Outpost>export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE

result: OK
checksum: example-checksum

Outpost>export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

result: OK
checksum: example-checksum

Outpost>export AWS_SESSION_TOKEN=MIICiTCCAfICCQD6m7oRw0uXOjANBgk
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=

result: OK
checksum: example-checksum

Outpost>export AWS_DEFAULT_REGION=us-west-2

result: OK
checksum: example-checksum

Echo

echo

Use echo to display the value that you set for a variable using the export command.

Syntax

Outpost>echo $variable-name

The variable-name can be one of the following:

• AWS_ACCESS_KEY_ID

• AWS_SECRET_ACCESS_KEY

• AWS_SESSION_TOKEN

• AWS_DEFAULT_REGION

Example : Success

Outpost>export AWS_DEFAULT_REGION=us-west-2

result: OK
checksum: example-checksum

---

Outpost>echo $AWS_DEFAULT_REGION

variable name: AWS_DEFAULT_REGION
variable value: us-west-2
checksum: example-checksum

Example : Failure because the variable value was not set with the export command

Outpost> echo $AWS_ACCESS_KEY_ID

error_type: execution_error
error_attributes:
  AWS_ACCESS_KEY_ID: no value set
error_message: No value set for AWS_ACCESS_KEY_ID using export.
checksum: example-checksum

Example : Failure because the variable name is not valid

Oupost>echo $foo

error_type: invalid_argument
error_attributes:
  foo: invalid variable name
error_message: Variables can only be AWS credentials.
checksum: example-checksum

Example : Failure because of a syntax issue

Outpost>echo AWS_SECRET_ACCESS_KEY

error_type: invalid_argument
error_attributes:
  AWS_SECRET_ACCESS_KEY: not a variable
error_message: Expecting $ before variable name.
checksum: example-checksum

Describe links

describe-links

Use describe-links to return information about the network links on the server. Outpost servers must have one service link and one local network interface (LNI) link.

Syntax

Outpost>describe-links

describe-links takes no arguments.

Describe IP

describe-ip

Use describe-ip to return the IP assignment status and configuration of each connected link.

Syntax

Outpost>describe-ip

describe-ip takes no arguments.

Describe resolve

describe-resolve

Use describe-resolve to determine if the Outpost server can reach a DNS resolver and resolve the IP address of the Outpost configuration endpoint in the Region. Requires at least one link with an IP configuration.

Syntax

Outpost>describe-resolve

describe-resolve takes no arguments.

Describe reachability

describe-reachability

Use describe-reachability to determine if the Outpost server can reach the Outpost configuration endpoint in the Region. Requires a working DNS configuration, which you can determine by using describe-resolve.

Syntax

Outpost>describe-reachability

describe-reachability takes no arguments.

Start connection

start-connection

Use start-connection to initiate a connection with the Outpost service in the Region. This command sources the Signature Version 4 (SigV4) credentials from the environment variables you loaded with export. The connection runs asynchronously and returns immediately. To check the status of the connection, use get-connection.

Syntax

Outpost>start-connection [0|1]

start-connection takes an optional connection index to initiate another connection. Only values of 0 and 1 are valid.

Example : connection started

Outpost>start-connection

is_started: True
asset_id: example-asset-id
connection_id: example-connecdtion-id
timestamp: 2021-10-01T23:30:26Z
checksum: example-checksum

Get connection

get-connection

Use get-connection to return the status of the connection.

Syntax

Outpost>get-connection [0|1]

get-connection takes an optional connection index to return the status of another connection. Only values of 0 and 1 are valid.

Example : successful connection

Outpost>get-connection


---
keys_exchanged: True
connection_established: True
exchange_active: False
primary_peer: xx.xx.xx.xx:xxx
primary_status: success
primary_connection_id: a1b2c3d4567890abcdefEXAMPLE11111
primary_handshake_age: 1111111111
primary_server_public_key: AKIAIOSFODNN7EXAMPLE
primary_client_public_key: AKIAI44QH8DHBEXAMPLE
primary_server_endpoint: xx.xx.xx.xx:xxx
secondary_peer: xx.xxx.xx.xxx:xxx
secondary_status: success
secondary_connection_id: a1b2c3d4567890abcdefEXAMPLE22222
secondary_handshake_age: 1111111111
secondary_server_public_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
secondary_client_public_key: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
secondary_server_endpoint: xx.xxx.xx.xxx:xxx
timestamp: 2023-02-22T22:19:28Z
checksum: 0x83FA0123

Note:

• If exchange_active is True, the connection is still establishing. Retry in 5 minutes.

• If keys_exchanged or connection_established is False, and if exchange_active is True, the connection is still establishing. Retry in 5 minutes.

If the issue persists after 1 hour, contact AWS Support Center.