Outpost server installation - AWS Outposts
Step 1: Grant permissionsStep 2: InspectStep 3: Rack mountStep 4: Power upStep 5: Connect networkStep 6: Authorize serverOutpost Configuration Tool command reference

Outpost server installation

When you order an Outpost server, you are responsible for installation, whether you do it yourself or contract a third party. The party installing requires specific permissions to verify the identity of the new device. For more information, see Grant permissions.

Prerequisite

You must have an Outpost server form factor at your site. For more information, see Create an Outpost and order Outpost capacity.

Note

We recommend that you view the Installing AWS Outposts Servers training video before and during the installation process. To access the training, you must sign in or create an account on AWS Skill Builder.

Step 1: Grant permissions

To verify the identity of the new device, you must have IAM credentials in the AWS account that contains the Outpost. The AWSOutpostsAuthorizeServerPolicy policy grants the permissions required to install an Outpost server. For more information, see Identity and access management (IAM) for AWS Outposts.

Considerations

  • If you are using a third party that does not have access to your AWS account, you must provide temporary access.

  • AWS Outposts supports using temporary credentials. You can configure temporary credentials that last up to 36 hours. Ensure that you give the installer enough time to perform all the steps for server installation. For more information, see Using temporary credentials with AWS Outposts.

Step 2: Inspect

To complete an inspection of the Outposts equipment, you should check the shipping package for damage, unpack the shipping package, and locate the Nitro Security Key (NSK). Consider the following information about inspecting the server:

  • The shipping package has shock sensors located on the two largest sides of the box.

  • The inside flap of the shipping package contains instructions about how to unpack the server and locate the NSK.

  • The NSK is an encryption module. To complete inspection, you locate the NSK. You attach the NSK to the server in a later step.

To inspect the shipping package

  • Before you open the shipping package, observe both shock sensors and note if they have been activated. If the shock sensors have been activated it is possible that the unit has been damaged. Proceed with the installation taking time to note any further damage to the server or accessories. If any part of the system is obviously damaged or the installation fails to proceed as expected contact AWS Support for guidance on replacing your Outposts server.

    An image of a shock sensor.

    If the bar in the middle of the sensor is red, the sensor has been activated.

To unpack the shipping package

  • Open the package and ensure it contains the following items:

    • Server

    • Nitro Security Key (encryption module) – packaging marked with "NSK" in red. See the following procedure for locating the NSK from the shipping package for more information.

    • Rack installation kit (2 inner rails, 2 outer rails, and screws)

    • Installation pamphlet

    • Accessory kit

      • Pair of C13/14 power cables ‐ 10 feet (3m)

      • QSFP breakout cable ‐10 feet (3m)

      • USB cable, micro-USB to USB-C ‐ 10 feet (3m)

      • Brush guard

The NSK is inside the box labelled A that includes the accessories for the server.

Important

Do not use the NSK to destroy data on the server during installation.

The NSK is required to activate the server. The NSK is also used to destroy data on the server when you send the server back. In this installation step, ignore the instructions on the body of the NSK as those instructions are to destroy data.

Step 3: Rack mount

To complete this step, you must attach inner rails to the server, outer rails to the rack, then mount the server on the rack. You need a Phillips-head screwdriver to complete these steps.

Rack mount alternatives

You are not required to mount the server in a rack. If you're not mounting the server in a rack, consider the following information:

  • Ensure a minimum clearance of 6 inches (15 cm) between the server and walls in front of and behind the server to allow the hot air to circulate.

  • Place the server on a stable surface free from mechanical hazards such as moisture or falling objects.

  • To use the networking cables included with the server, you must place the server within 10 feet (3 m) of your upstream networking device.

  • Follow local guidance for seismic bracing and bonding.

To identify left from right, front from back

  1. Locate and open the box of rack rails that came with the server.

  2. Look at the markings on the rails to determine which is left and right. These markings determine to which side of the server each rail gets attached.

    An image of the left and right markings on the server rails.

  3. Look at the posts on each end of the rails to determine which is front, and which is back.

    The front end has three posts.

    An image of the posts on the front of the server rails.

    The back end has two posts.

    An image of the posts on the back of the server rails.
To attach inner rails to the server

  1. Detach the inner rail from the outer rail for both rails. You should have four rails.

  2. Attach the right inner rail to the right side of the server and secure the rail with a screw. Make sure you orient the rail correctly with the server. Point the front part of the rail toward the front of the server.

  3. Attach the left inner rail to the left side of the server and secure the rail with a screw.

To attach outer rails to the rack

  1. Face the rack and use the rail marked R on the right side of the rack. Attach the back of the rail to the rack first, then extend the rail to connect it to the front of the rack.

    Tip

    Pay attention to the orientation of the rails. Use included pin adapters if necessary.

  2. Repeat with the left rail on the left side.

To mount the server in the rack

  • Slide the server into the outer rails you installed on the rack in the previous step and secure the server at the front with two provided screws.

    Tip

    Use two people to slide the server into the rack.

Step 4: Power up

To complete power up, you attach the NSK, connect the server to a power source, and verify that the server has powered on. Consider the following information about powering the server:

  • The server functions with one power source, but AWS recommends you use two power sources for redundancy.

  • Connect the power cables before you connect the network cables.

  • Use the pair of C13 outlet/C14 inlet power cables to connect the server to a power supply on the rack. If you're not using the C14 inlet power cable to connect the server to a power supply on the rack, you must provide adapters for the C14 inlets that connect to a power source.

You must attach the NSK to the server so it can decrypt data on the server during operation.

Important

  • The side of the NSK has instructions on how to destroy the NSK. Do not follow those instructions now. Follow those instructions only when returning the server to AWS, to cryptographically shred the data on the server.

  • If you are installing multiple servers at the same time, ensure that you do not mix up the NSKs. You must attach the NSK to the server that it shipped with. If you use a different NSK, the server will not boot up.

To attach the NSK

  1. On the front right side of the server, open the NSK compartment.

    The following image shows the NSK attached to a 2U server.

    An image of an NSK attached to a 2U server.

    The following image shows the NSK attached to a 1U server.

    An image of an NSK attached to a 1U server.

  2. Ensure that the serial number (SN) on the NSK matches the SN on the bezel pull-out tab of the NSK compartment on the server.

    The following image shows the SN number on the NSK and bezel pull-out tab:

    Image shows SN of NSK matches the SN of the bezel pull-out tab.

  3. Fit the NSK into the slot.

  4. Hand tighten using the thumbscrew or tighten with a screwdriver (0.7 Nm / 0.52 lb-ft) until snug. Do not use power tool as it might over-torque and damage the NSK.

    The following image shows the location of the thumbscrew.

    An image of an NSK showing the location of the thumbscrew.

    The following image shows the type of screwdriver you can use to attach the NSK to the server.

    Shows the type of screwdriver you can use to attach the NSK to the server. Also shows the type of screwdriver you cannot use.
To connect the server to power

  1. Locate the pair of C13/C14 power cables that came with the server.

  2. Connect the C14 end of both cables to your power source.

  3. Connect the C13 end of both cables to the ports on the front of the server.

To verify that the server has power

  1. Verify that you can hear the server running.

    Tip

    The noise level goes down after the server provisions itself.

  2. Verify that the LED power lights above the power ports are lit.

    The following image shows the LED power lights on a 2U server

    An image of LED power lights on a 2U server.

    The following image shows the LED power lights on a 1U server

    An image of LED power lights on a 1U server.

AWS Outposts supports two versions of NSK: Atlas 2.0 and Atlas 3.0. Both NSK versions have a RGB Status LED. In addition, the Atlas 3.0 has a green Power LED. This step is only for the Atlas 3.0 NSK.

The following image shows the location of the LEDs on the Atlas 2.0 and Atlas 3.0 NSKs:

An image of the Atlas 2.0 and 3.0 NSKs with the RGB Status LED on each NSK and the green Power LED on the Atlas 3.0.

If you have the Atlas 2.0 NSK, skip to the next step, Step 5: Connect network because this version of the NSK only has the RGB Status LED which you must check after the Outpost server is provisioned and activated.

If you have the Atlas 3.0 NSK, check the green Power LED:

  • If the green light is on, the NSK is correctly connected to the host and has power. You can proceed to the next step.

  • If the green light is off, the NSK is not correctly connected to the host or/and has no power. Contact AWS Support.

Step 5: Connect network

To complete the network setup, you connect the server to your upstream networking device with network cable.

Consider the following information about connecting to the network:

  • The server requires connections for two types of traffic: service link traffic and local network interface (LNI) link traffic. The instructions in the following section describe which ports to use on the server to segment traffic. Consult with your IT group to determine which port on your upstream networking device should carry each type of traffic.

  • Ensure the server has connected to your upstream networking device and has been assigned an IP address. For more information, see Server IP address assignment.

  • The optical connection on an AWS Outposts server only supports 10 Gbits and does not support auto-negotiation of port speed. If the host port tries to negotiate port speed, for example, between 10 through 25 Gbits, you can run into problems. In such cases, we recommend you do the following:

    • Set the port speed on the switch port to 10 Gbits.

    • Work with your switch vendor to support a static configuration.

With the QSFP breakout cable, you use breakouts to segment traffic.

The following image shows the QSFP breakout cable:

An image of a QSFP cable showing both ends.
Note

AWS Outposts servers have a physical RJ45 port beside the QSFP port. However, this RJ45 port is not enabled for any customer use. If you require RJ45 1GbE connectivity, use the included QSFP cable to connect a 10GBASE-X SFP+ to a 1GbE RJ45 media converter.

One end of the QSFP cable has a single connector. Connect this end to the server.

The following image shows the end of the cable with the single connector:

An image of a QSFP cable showing the single connector.

The other end of the QSFP cable has 4 breakout cables labeled 1 through 4. Use the cable labeled 1 for LNI link traffic and the cable labeled 2 for service link traffic.

The following image shows the end of the cable with the 4 breakout cables:

An image of a QSFP cable showing the 4 breakout cables.
To connect the server to the network with the QSFP breakout cable

  1. Locate the QSFP breakout cable that came with the server.

  2. Connect the single end of the QSFP breakout cable to the QSFP port on the server.

    1. Locate the QSFP port.

      The following image shows the location of the QSFP port on the 2U server.

      An image of the QSFP port on a 2U server.

      The following image shows the location of the QSFP port on the 1U server.

      An image of the QSFP port on a 1U server.

    2. Plug in the QSFP with the pull-tab in the correct orientation.

      For the 2U server, plug in the QSFP with the pull-tab on top as the following image shows.

      Shows the QSFP cable plugged into a 2U server with the pull-tab on top.

      For the 1U server, plug in the QSFP with the pull-tab on the bottom as the following image shows.

      Shows the QSFP cable plugged into a 1U server with the pull-tab on the bottom.

    3. Ensure that you feel or hear a click when you plug the cables in. This indicates that you plugged in the cables correctly.

  3. Connect breakouts 1 and 2 of the QSFP cable to the upstream networking device.

    Important

    Both of the following cables are required for an Outpost server to function.

    • Use the cable labeled 1 for LNI link traffic.

    • Use the cable labeled 2 for service link traffic.

Step 6: Authorize server

To authorize the server, you must connect your laptop to the server with a USB cable, then use a command-based serial protocol to test the connection and authorize the server. In addition to IAM credentials, you need a USB cable, a laptop, and serial terminal software, such as PuTTY or screen, to complete these steps.

Alternatively, if you have an Android phone or tablet with a USB-C or micro-USB connector with USB On The Go (OTG) support, you can use the Outposts Server Activator app to walk you through the server-authorization process. You can download the app from Google Play

Consider the following information about authorizing the server:

  • To authorize the server, you or the party installing the server needs IAM credentials in the AWS account that contains the Outpost. For more information, see Step 1: Grant permissions.

  • You do not need to authenticate with the IAM credentials to test your connection.

  • Consider testing the connection before you use the export command to set IAM credentials as environment variables.

  • To protect your account, Outpost Configuration Tool never saves your IAM credentials.

  • To connect your laptop to the server, always plug the USB cable into your laptop first and then into the server.

Connect your laptop to the server

Connect the USB cable to your laptop first and then to the server. The server includes a USB chip that creates a virtual serial port available to you on the laptop. You can use this virtual serial port to connect to the server with serial terminal emulation software. You can only use this virtual serial port to run Outpost Configuration Tool commands.

To connect the laptop to the server

Plug the USB cable into your laptop first, then into the server.

Note

The USB chip requires drivers to create the virtual serial port. Your operating system should automatically install the required drivers if they are not already present. To download and install the drivers, see Installation Guides from FTDI.

Create a serial connection to the server

This section contains instructions for using popular serial terminal programs, but you are not required to use these programs. Use the serial terminal program you prefer with a connection speed of 115200 baud.

Windows serial connection

The following instructions are for PuTTY on Windows. PuTTY is free, but you may have to download it.

Download PuTTY

Download and install PuTTY from the PuTTY download page.

To create a serial terminal on Windows using PuTTY

  1. Plug the USB cable into your Windows laptop first, then into the server.

  2. From the Desktop, right-click Start, and choose Device Manager.

  3. In Device Manager, expand Ports (COM & LPT) to determine the COM port for the USB serial connection. You will see a node named USB Serial Port (COM#). The value for the COM port depends on your hardware.

    An image of a Device Manager on Windows set to COM port 3.

  4. In PuTTY, from Session, choose Serial for Connection type, and then enter the following information:

    • Under Serial line, enter the COM# port from Device Manager.

    • Under Speed, enter: 115200

    The following image shows an example on the PuTTY Configuration page:

    An image of a screen in PuTTY.

  5. Choose Open.

    An empty console window appears. It can take between 1 to 2 minutes for one of the following to appear:

    • Please wait for the system to stabilize. This can take up to 900 seconds, so far x seconds have elapsed on this boot.

    • The Outpost> prompt.

Mac serial connection

The following instructions are for screen on macOS. You can find screen included with the operating system.

To create a serial terminal on macOS using screen

  1. Plug the USB cable into your Mac laptop first, then into the server.

  2. In Terminal, list /dev with a *usb* filter for output to find the virtual serial port.

    ls -ltr /dev/*usb*

    The serial device appears as tty. For example, consider the following sample output from the previous list command: 

    ls -ltr /dev/*usb*
crw-rw-rw-  1 root  wheel   21,   3 Feb  8 15:48 /dev/cu.usbserial-EXAMPLE1
crw-rw-rw-  1 root  wheel   21,   2 Feb  9 08:56 /dev/tty.usbserial-EXAMPLE1

  3. In Terminal, use screen with the serial device and a baud rate of the serial connection to set up the serial connection. In the following command, replace EXAMPLE1 with the value from your laptop.

    screen /dev/tty.usbserial-EXAMPLE1 115200

    An empty console window appears. It can take between 1 to 2 minutes for one of the following to appear:

    • Please wait for the system to stabilize. This can take up to 900 seconds, so far x seconds have elapsed on this boot.

    • The Outpost> prompt.

Test the connection

This section describes how to use Outpost Configuration Tool to test the connection. You don't need IAM credentials to test the connection. Your connection needs to be able to resolve DNS to access the AWS Region.

  1. Test the links and gather information about the connection

  2. Test for DNS resolver

  3. Test for access to the AWS Region

To test the links

  1. Plug the USB cable into your laptop first and then into the server.

  2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

  3. Press Enter to access the Outpost Configuration Tool command prompt. 

    Outpost>
    Note

    If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

  4. Use describe-links to return information about the network links on the server. Outpost servers must have one service link and one local network interface (LNI) link.

    Outpost>describe-links
---
service_link_connected: True
local_link_connected: False
links:
-
  name: local_link
  connected: False
  mac: 00:00:00:00:00:00
-
  name: service_link
  connected: True
  mac: 0A:DC:FE:D7:8E:1F
checksum: 0x46FDC542

    If you get connected: False for either link, troubleshoot the network connection on the hardware.

  5. Use describe-ip to return the IP assignment status and configuration of the service link.

    Outpost>describe-ip
---
links:
-
  name: service_link
  configured: True
  ip: 192.168.0.0
  netmask: 255.255.0.0
  gateway: 192.168.1.1
  dns: [ "192.168.1.1" ]
  ntp: [ ]
checksum: 0x8411B47C

    The NTP value might be missing as NTP is optional in a DHCP option set. You should have no other missing values.

To test for DNS

  1. Plug the USB cable into your laptop first and then into the server.

  2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

  3. Press Enter to access the Outpost Configuration Tool command prompt. 

    Outpost>
    Note

    If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

  4. Use export to enter the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION.

    AWS_DEFAULT_REGION=Region

    Outpost>export AWS_DEFAULT_REGION=us-west-2

result: OK
checksum: 0xB2A945RE

    • Do not include a space before or after the equal (=) sign.

    • No environment values are saved. You must export AWS Region each time you run Outpost Configuration Tool.

    • If you are using a third-party to install the server, you must provide the third-party with the parent Region.

  5. Use describe-resolve to determine if the Outpost server can reach a DNS resolver and resolve the IP address of the Outpost configuration endpoint in the Region. Requires at least one link with an IP configuration.

    Outpost>describe-resolve
---
dns_responding: True
dns_resolving: True
dns: [ "198.xx.xxx.xx", "198.xx.xxx.xx" ]
query: outposts.us-west-2.amazonaws.com
records: [ "18.xxx.xx.xxx", "44.xxx.xxx.xxx", "44.xxx.xxx.xxx" ]
checksum: 0xB6A961CE
To test access to AWS Regions

  1. Plug the USB cable into your laptop first and then into the server.

  2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

  3. Press Enter to access the Outpost Configuration Tool command prompt. 

    Outpost>
    Note

    If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

  4. Use export to enter the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION.

    AWS_DEFAULT_REGION=Region

    Outpost>export AWS_DEFAULT_REGION=us-west-2

result: OK
checksum: 0xB2A945RE

    • Do not include a space before or after the equal (=) sign.

    • No environment values are saved. You must export AWS Region each time you run Outpost Configuration Tool.

    • If you are using a third-party to install the server, you must provide the third-party with the parent Region.

  5. Use describe-reachability to determine if the Outpost server can reach the Outpost configuration endpoint in the Region. Requires a working DNS configuration, which you can determine by using describe-resolve.

    Outpost>describe-reachability
---
is_reachable: True
src_ip: 10.0.0.0
dst_ip: 54.xx.x.xx
dst_port: xxx
checksum: 0xCB506615

    • is_reachable indicates the outcome of the test

    • src_ip is the IP address of the server

    • dst_ip is the IP address of the Outpost configuration endpoint in the Region

    • dst_port is the port the server used to connect to dst_ip

Authorize the server

This section describes how to use Outpost Configuration Tool and the IAM credentials from the AWS account that contains the Outpost to authorize the server.

To authorize the server

  1. Plug the USB cable into your laptop first and then into the server.

  2. Use a serial terminal program, such as PuTTY or screen, to connect to the server. For more information, see Create a serial connection to the server.

  3. Press Enter to access the Outpost Configuration Tool command prompt. 

    Outpost>
    Note

    If you see a persistent red light inside the chassis of the server on the left-hand side after you power on and you cannot connect to Outpost Configuration Tool, you may need to power down and drain the server to proceed. To drain the server, disconnect all network and power cables, wait five minutes, then power up and connect the network again.

  4. Use export to enter your IAM credentials into Outpost Configuration Tool. If you are using a third-party to install the server, you must provide the third-party with the IAM credentials.

    To authenticate, you must export the following four variables. Export one variable at a time. Do not include a space before or after the equal (=) sign.

    • AWS_ACCESS_KEY_ID=access-key-id

    • AWS_SECRET_ACCESS_KEY=secret-access-key

    • AWS_SESSION_TOKEN=session-token

    • AWS_DEFAULT_REGION=Region

      Use the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION. If you are using a third party to install the server, you must provide the third party with the parent Region.

    The output in the following examples show successful exports. 

    Outpost>export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE

result: OK
checksum: example-checksum
    Outpost>export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

result: OK
checksum: example-checksum
    Outpost>export AWS_SESSION_TOKEN=MIICiTCCAfICCQD6m7oRw0uXOjANBgk
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=

result: OK
checksum: example-checksum
    Outpost>export AWS_DEFAULT_REGION=us-west-2

result: OK
checksum: example-checksum

  5. Use start-connection to create a secure connection to the Region.

    The output in the following example shows a connection successfully started.

    Outpost>start-connection

is_started: True
asset_id: example-asset-id
connection_id: example-connection-id
timestamp: 2021-10-01T23:30:26Z
checksum: example-checksum

  6. Wait for about 5 minutes.

  7. Use get-connection to check if the connection to the Region has been established.

    The output in the following example shows a successful connection.

    Outpost>get-connection


---
keys_exchanged: True
connection_established: True
exchange_active: False
primary_peer: xx.xx.xx.xx:xxx
primary_status: success
primary_connection_id: a1b2c3d4567890abcdefEXAMPLE11111
primary_handshake_age: 1111111111
primary_server_public_key: AKIAIOSFODNN7EXAMPLE
primary_client_public_key: AKIAI44QH8DHBEXAMPLE
primary_server_endpoint: xx.xx.xx.xx:xxx
secondary_peer: xx.xxx.xx.xxx:xxx
secondary_status: success
secondary_connection_id: a1b2c3d4567890abcdefEXAMPLE22222
secondary_handshake_age: 1111111111
secondary_server_public_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
secondary_client_public_key: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
secondary_server_endpoint: xx.xxx.xx.xxx:xxx
timestamp: 2023-02-22T22:19:28Z
checksum: 0x83FA0123

    After keys_exchanged and connection_established changes to True, the Outpost server is automatically provisioned and updated to the latest software and configuration.

    Note

    Note the following about the provisioning process:

    • After activation completes, it can take up to 10 hours until your Outpost server is usable.

    • You must keep the Outpost server's power and network connected and stable during this process.

    • It is normal for the service link to fluctuate during this process.

    • If exchange_active is True, the connection is still establishing. Retry in 5 minutes.

    • If keys_exchanged or connection_established is False, and if exchange_active is True, the connection is still establishing. Retry in 5 minutes.

    • If keys_exchanged or connection_established is False even after 1 hour, contact AWS Support Center.

    • If the message primary_status: No such asset id found. appears, confirm the following:

      • You specified the correct Region.

      • You are using the same account as the one used to order the Outpost server.

      If the Region is correct and you are using the same account as the one used to order the Outpost server, contact AWS Support Center.

    • The LifeCycleStatus attribute of the Outpost will transition from Provisioning to Active. You will then receive an email letting you know that your Outpost server is provisioned and activated.

    • You don’t need to re-authorize the Outposts server after the Outposts server is activated.

  8. After you make a successful connection, you can disconnect your laptop from the server.

Verify the NSK LEDs

After the provisioning process completes, check the NSK LEDs.

AWS Outposts supports two versions of NSK: Atlas 2.0 and Atlas 3.0. Both NSK versions have a RGB Status LED. In addition, the Atlas 3.0 has a green Power LED.

The following image shows the location of the LEDs on the Atlas 2.0 and Atlas 3.0:

An image of the Atlas 2.0 and 3.0 NSKs with the RGB Status LED on each NSK and the green Power LED on the Atlas 3.0.
To verify the Status and Power LEDs on the NSK

  1. Check the color of the RGB Status LED. If the color is green, the NSK is healthy. If the color is not green, contact AWS Support.

  2. If you have an Atlas 3.0 NSK, check the green Power LED. If the green light is on, the NSK is correctly connected to the host and has power. If the green light is not on, contact AWS Support.

Outpost Configuration Tool command reference

The Outpost Configuration Tool provides the following commands.

Export

export

Use export to set IAM credentials as environment variables.

Syntax
Outpost>export variable=value

export takes the variable assignment statement.

Must use the following format: variable=value

To authenticate, you must export the following four variables. Export one variable at a time. Do not include a space before or after the equal (=) sign.

  • AWS_ACCESS_KEY_ID=access-key-id

  • AWS_SECRET_ACCESS_KEY=secret-access-key

  • AWS_SESSION_TOKEN=session-token

  • AWS_DEFAULT_REGION=Region

    Use the parent Region of the Outpost server as the value for AWS_DEFAULT_REGION.

Example : successful credential imports
Outpost>export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE

result: OK
checksum: example-checksum
Outpost>export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

result: OK
checksum: example-checksum
Outpost>export AWS_SESSION_TOKEN=MIICiTCCAfICCQD6m7oRw0uXOjANBgk
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=

result: OK
checksum: example-checksum
Outpost>export AWS_DEFAULT_REGION=us-west-2

result: OK
checksum: example-checksum

Echo

echo

Use echo to display the value that you set for a variable using the export command.

Syntax
Outpost>echo $variable-name

The variable-name can be one of the following:

  • AWS_ACCESS_KEY_ID

  • AWS_SECRET_ACCESS_KEY

  • AWS_SESSION_TOKEN

  • AWS_DEFAULT_REGION

Example : Success
Outpost>export AWS_DEFAULT_REGION=us-west-2

result: OK
checksum: example-checksum

---

Outpost>echo $AWS_DEFAULT_REGION

variable name: AWS_DEFAULT_REGION
variable value: us-west-2
checksum: example-checksum
Example : Failure because the variable value was not set with the export command
Outpost> echo $AWS_ACCESS_KEY_ID

error_type: execution_error
error_attributes:
  AWS_ACCESS_KEY_ID: no value set
error_message: No value set for AWS_ACCESS_KEY_ID using export.
checksum: example-checksum
Example : Failure because the variable name is not valid
Oupost>echo $foo

error_type: invalid_argument
error_attributes:
  foo: invalid variable name
error_message: Variables can only be AWS credentials.
checksum: example-checksum
Example : Failure because of a syntax issue
Outpost>echo AWS_SECRET_ACCESS_KEY

error_type: invalid_argument
error_attributes:
  AWS_SECRET_ACCESS_KEY: not a variable
error_message: Expecting $ before variable name.
checksum: example-checksum
describe-links

Use describe-links to return information about the network links on the server. Outpost servers must have one service link and one local network interface (LNI) link.

Syntax
Outpost>describe-links

describe-links takes no arguments.

Describe IP

describe-ip

Use describe-ip to return the IP assignment status and configuration of each connected link.

Syntax
Outpost>describe-ip

describe-ip takes no arguments.

Describe resolve

describe-resolve

Use describe-resolve to determine if the Outpost server can reach a DNS resolver and resolve the IP address of the Outpost configuration endpoint in the Region. Requires at least one link with an IP configuration.

Syntax
Outpost>describe-resolve

describe-resolve takes no arguments.

Describe reachability

describe-reachability

Use describe-reachability to determine if the Outpost server can reach the Outpost configuration endpoint in the Region. Requires a working DNS configuration, which you can determine by using describe-resolve.

Syntax
Outpost>describe-reachability

describe-reachability takes no arguments.

Start connection

start-connection

Use start-connection to initiate a connection with the Outpost service in the Region. This command sources the Signature Version 4 (SigV4) credentials from the environment variables you loaded with export. The connection runs asynchronously and returns immediately. To check the status of the connection, use get-connection.

Syntax
Outpost>start-connection [0|1]

start-connection takes an optional connection index to initiate another connection. Only values of 0 and 1 are valid.

Example : connection started
Outpost>start-connection

is_started: True
asset_id: example-asset-id
connection_id: example-connecdtion-id
timestamp: 2021-10-01T23:30:26Z
checksum: example-checksum

Get connection

get-connection

Use get-connection to return the status of the connection.

Syntax
Outpost>get-connection [0|1]

get-connection takes an optional connection index to return the status of another connection. Only values of 0 and 1 are valid.

Example : successful connection
Outpost>get-connection


---
keys_exchanged: True
connection_established: True
exchange_active: False
primary_peer: xx.xx.xx.xx:xxx
primary_status: success
primary_connection_id: a1b2c3d4567890abcdefEXAMPLE11111
primary_handshake_age: 1111111111
primary_server_public_key: AKIAIOSFODNN7EXAMPLE
primary_client_public_key: AKIAI44QH8DHBEXAMPLE
primary_server_endpoint: xx.xx.xx.xx:xxx
secondary_peer: xx.xxx.xx.xxx:xxx
secondary_status: success
secondary_connection_id: a1b2c3d4567890abcdefEXAMPLE22222
secondary_handshake_age: 1111111111
secondary_server_public_key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
secondary_client_public_key: je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
secondary_server_endpoint: xx.xxx.xx.xxx:xxx
timestamp: 2023-02-22T22:19:28Z
checksum: 0x83FA0123

Note:

  • If exchange_active is True, the connection is still establishing. Retry in 5 minutes.

  • If keys_exchanged or connection_established is False, and if exchange_active is True, the connection is still establishing. Retry in 5 minutes.

If the issue persists after 1 hour, contact AWS Support Center.