Launch an instance on your Outpost rack - AWS Outposts

Launch an instance on your Outpost rack

After your Outpost is installed and the compute and storage capacity is available for use, you can get started by creating resources. Launch Amazon EC2 instances and create Amazon EBS volumes on your Outpost using an Outpost subnet. You can also create snapshots of Amazon EBS volumes on your Outpost. For more information applicable to Linux, see Local Amazon EBS snapshots on AWS Outposts in the Amazon EC2 User Guide for Linux Instances. For more information applicable to Windows, see Local Amazon EBS snapshots on AWS Outposts in the Amazon EC2 User Guide for Windows Instances.

Prerequisite

You must have an Outpost installed at your site. For more information, see Create an Outpost and order Outpost capacity.

Step 1: Create a VPC

You can extend any VPC in the AWS Region to your Outpost. Skip this step if you already have a VPC that you can use.

To create a VPC for your Outpost
  1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. Choose the same Region as the Outposts rack.

  3. On the navigation pane, choose Your VPCs and then choose Create VPC.

  4. Choose VPC only.

  5. (Optional) for Name tag enter a name for the VPC.

  6. For IPv4 CIDR block, choose IPv4 CIDR manual input and enter the IPv4 address range for the VPC in the IPv4 CIDR text box.

    Note

    If you want to use Direct VPC routing, specify a CIDR range that does not overlap with the IP range that you use in your on-premises network.

  7. For IPv6 CIDR block, choose No IPv6 CIDR block.

  8. For Tenancy, choose Default.

  9. (Optional) To add a tag to your VPC, choose Add tag, and enter a key and a value.

  10. Choose Create VPC.

Step 2: Create a subnet and custom route table

You can create and add an Outpost subnet to any VPC in the AWS Region that the Outpost is homed to. When you do so, the VPC includes the Outpost. For more information, see Network components.

Note

If you are launching an instance in an Outpost subnet that has been shared with you by another AWS account, skip to Step 5: Launch an instance on the Outpost.

Tasks
    To create an Outpost subnet
    1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.

    2. On the navigation pane, choose Outposts.

    3. Select the Outpost, and then choose Actions, Create subnet. You are redirected to create a subnet in the Amazon VPC console. We select the Outpost for you and the Availability Zone that the Outpost is homed to.

    4. Select a VPC.

    5. In Subnet settings, optionally name your subnet and specify an IP address range for the subnet.

    6. Choose Create subnet.

    7. (Optional)To make it easier to identify Outpost subnets, enable the Outpost ID column on the Subnets page. To enable the column, choose the Preferences icon, select Outpost ID, and choose Confirm.

    Use the following procedure to create a custom route table with a route to the local gateway. You can't use the same route table as the Availability Zone subnets.

    To create a custom route table
    1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

    2. On the navigation pane, choose Route tables.

    3. Choose Create route table.

    4. (Optional) For Name, enter a name for your route table.

    5. For VPC, choose your VPC.

    6. (Optional) To add a tag, choose Add new tag and enter the tag key and tag value.

    7. Choose Create route table.

    To apply route table routes to a particular subnet, you must associate the route table with the subnet. A route table can be associated with multiple subnets. However, a subnet can only be associated with one route table at a time. Any subnet not explicitly associated with a table is implicitly associated with the main route table by default.

    To associate the Outpost subnet and custom route table
    1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

    2. From the navigation pane, choose Route tables.

    3. On the Subnet associations tab, choose Edit subnet associations.

    4. Select the check box for the subnet to associate with the route table.

    5. Choose Save associations.

    Step 3: Configure local gateway connectivity

    The local gateway (LGW) enables connectivity between your Outpost subnets and your on-premises network. For more information about the LGW, see Local gateway.

    To provide connectivity between an instance in the Outposts subnet and your local network, you must complete the following tasks.

    Tasks

      You can create a custom route table for your local gateway (LGW) using the AWS Outposts console.

      To create a custom LGW route table using the console
      1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.

      2. To change the AWS Region, use the Region selector in the upper-right corner of the page.

      3. On the navigation pane, choose Local gateway route table.

      4. Choose Create local gateway route table.

      5. (Optional) For Name, enter a name for your LGW route table.

      6. For Local gateway, choose your local gateway.

      7. For Mode, choose a mode for communication with your on-premises network.

        • Choose Direct VPC routing to use the private IP address of an instance.

        • Choose CoIP to use the customer-owned IP address.

          • (Optional) Add or remove CoIP pools and additional CIDR blocks

            [Add a CoIP pool] Choose Add new pool and do the following:

            • For Name, enter a name for your CoIP pool.

            • For CIDR, enter a CIDR block of customer-owned IP addresses.

          • [Add CIDR blocks] Choose Add new CIDR and enter a range of customer-owned IP addresses.

          • [Remove a CoIP pool or an additional CIDR block] Choose Remove to the right of a CIDR block or below the CoIP pool.

            You can specify up to 10 CoIP pools and 100 CIDR blocks.

      8. (Optional) Add or remove a tag.

        [Add a tag] Choose Add new tag and do the following:

        • For Key, enter the key name.

        • For Value, enter the key value.

        [Remove a tag] Choose Remove to the right of the tag’s key and value.

      9. Choose Create local gateway route table.

      You must associate the VPCs with your LGW route table. They are not associated by default.

      Use the following procedure to associate a VPC with a LGW route table.

      You can optionally tag your association to help you identify it or categorize it according to your organization's needs.

      AWS Outposts console
      To associate a VPC with the custom LGW route table
      1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.

      2. To change the AWS Region, use the Region selector in the upper-right corner of the page.

      3. On the navigation pane, choose Local gateway route tables.

      4. Select the route table, and then choose Actions, Associate VPC.

      5. For VPC ID, select the VPC to associate with the local gateway route table.

      6. (Optional) Add or remove a tag.

        To add a tag, choose Add new tag and do the following:

        • For Key, enter the key name.

        • For Value, enter the key value.

        To remove a tag, choose Remove to the right of the tag’s key and value.

      7. Choose Associate VPC.

      AWS CLI
      To associate a VPC with the custom LGW route table

      Use the create-local-gateway-route-table-vpc-association command.

      Example

      aws ec2 create-local-gateway-route-table-vpc-association \ --local-gateway-route-table-id lgw-rtb-059615ef7dEXAMPLE \ --vpc-id vpc-07ef66ac71EXAMPLE

      Output

      { "LocalGatewayRouteTableVpcAssociation": { "LocalGatewayRouteTableVpcAssociationId": "lgw-vpc-assoc-0ee765bcc8EXAMPLE", "LocalGatewayRouteTableId": "lgw-rtb-059615ef7dEXAMPLE", "LocalGatewayId": "lgw-09b493aa7cEXAMPLE", "VpcId": "vpc-07ef66ac71EXAMPLE", "State": "associated" } }

      Add a route entry in the Outpost subnet route table to enable traffic between the Outpost subnets and LGW.

      Outpost subnets within a VPC, which is associated with Outpost LGW route tables, can have an additional target type of a Outpost Local gateway ID for their route tables. Consider the case where you want route traffic with a destination address of 172.16.100.0/24 to the customer network through the LGW. To do this, edit the Outpost subnet route table and add the following route with the destination network and a target of the LGW (lgw-xxxx).

      Destination Target

      172.16.100.0/24

      lgw-id

      To add a route entry with lgw-id as a target in the Outpost subnet route table:
      1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

      2. In the navigation pane, choose Route tables, and select the route table you created in 2b: Create a custom route table.

      3. Choose Actions and then Edit routes.

      4. To add a route, choose Add route.

      5. For Destination enter the destination CIDR block to the customer network.

      6. For Target, choose Outpost local gateway ID.

      7. Choose Save changes.

      VIF groups are logical groupings of virtual interfaces (VIFs). Associate the local gateway route table with the VIF group.

      To associate the custom LGW route table with the LGW VIF groups
      1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.

      2. To change the AWS Region, use the Region selector in the upper-right corner of the page.

      3. On the navigation pane, choose Local gateway route tables.

      4. Choose the route table.

      5. Choose the VIF group association tab in the details pane, and then choose Edit VIF group association.

      6. For VIF group settings, select Associate VIF group, and choose a VIF group.

      7. Choose Save changes.

      Edit the local gateway route table to add a static route that has the VIF Group as the target and your on-premise subnet CIDR range (or 0.0.0.0/0) as the destination.

      Destination Target

      172.16.100.0/24

      VIF-Group-ID

      To add a route entry in the LGW route table
      1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.

      2. On the navigation pane, choose Local gateway route table.

      3. Select the local gateway route table, and then choose Actions, Edit routes.

      4. Choose Add route.

      5. For Destination, enter the destination CIDR block, a single IP address, or the ID of a prefix list.

      6. For Target, select the ID of the local gateway.

      7. Choose Save routes.

      If you configured your Outposts in the 3a. Create a custom local gateway route table to use a customer-owned IP (CoIP) address pool, you must allocate an Elastic IP address from the CoIP address pool and associate the Elastic IP address with the instance. For more information about CoIP, see Customer-owned IP addresses.

      If you configured your Outposts to use Direct VPC routing (DVR), skip this step.

      Amazon VPC console
      To assign a CoIP address to the instance
      1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

      2. In the navigation pane, choose Elastic IPs.

      3. Choose Allocate Elastic IP address.

      4. For Network Border Group, select the location from which the IP address is advertised.

      5. For Public IPv4 address pool, choose Customer owned IPv4 address pool.

      6. For Customer owned IPv4 address pool, select the pool that you configured.

      7. Choose Allocate.

      8. Select the Elastic IP address, and choose Actions, Associate Elastic IP address.

      9. Select the instance from Instance, and then choose Associate.

      AWS CLI
      To assign a CoIP address to the instance
      1. Use the describe-coip-pools command to retrieve information about your customer-owned address pools.

        aws ec2 describe-coip-pools

        The following is example output.

        { "CoipPools": [ { "PoolId": "ipv4pool-coip-0abcdef0123456789", "PoolCidrs": [ "192.168.0.0/16" ], "LocalGatewayRouteTableId": "lgw-rtb-0abcdef0123456789" } ] }
      2. Use the allocate-address command to allocate an Elastic IP address. Use the pool ID returned in the previous step.

        aws ec2 allocate-address--address 192.0.2.128 --customer-owned-ipv4-pool ipv4pool-coip-0abcdef0123456789

        The following is example output.

        { "CustomerOwnedIp": "192.0.2.128", "AllocationId": "eipalloc-02463d08ceEXAMPLE", "CustomerOwnedIpv4Pool": "ipv4pool-coip-0abcdef0123456789", }
      3. Use the associate-address command to associate the Elastic IP address with the Outpost instance. Use the allocation ID returned in the previous step.

        aws ec2 associate-address --allocation-id eipalloc-02463d08ceEXAMPLE --network-interface-id eni-1a2b3c4d

        The following is example output.

        { "AssociationId": "eipassoc-02463d08ceEXAMPLE", }
      Shared customer-owned IP address pools

      If you want to use a shared customer-owned IP address pool, the pool must be shared before you start the configuration. For information about how to share a customer-owned IPv4 address, see Sharing your AWS resources in the AWS RAM User Guide.

      Step 4: Configure the on-premises network

      The Outpost establishes an external BGP peering from each Outpost Networking Device (OND) to a Customer Local Network Device (CND) to send and receive traffic from your on-premise network to the Outposts. For more information, see Local gateway BGP connectivity.

      To send and receive traffic from your on-premises network to the Outpost, ensure that:

      • On your customer network devices, the BGP session on the Local gateway VLAN is in an ACTIVE state from your network devices.

      • For traffic going from on-premises to Outposts, ensure that you are receiving in your CND the BGP advertisements from Outposts. These BGP advertisements contain the routes that your on-premises network must use to route traffic from the on-premises to Outpost. Hence, ensure that your network has the right routing between Outposts and the on-prem resources.

      • For traffic going from Outposts to on-premises network, ensure that your CNDs are sending the BGP route advertisements of on-premises network subnets to Outposts (or 0.0.0.0/0). As an alternative, you can advertise a default route (e.g. 0.0.0.0/0) to Outposts. The on-premises subnets advertised by the CNDs must have a CIDR range that is equal to or included in the CIDR range that you configured in 3e: Add a route entry in the LGW route table.

      Consider the scenario where you have an Outpost, configured in Direct VPC mode, with two Outposts rack network devices connected by a local gateway VLAN to two customer local network devices. The following is configured:

      • A VPC with a CIDR block 10.0.0.0/16.

      • An Outpost subnet in the VPC with a CIDR block 10.0.3.0/24.

      • A subnet in the on-premises network with a CIDR block 172.16.100.0/24

      • Outposts uses the private IP address of the instances on the Outpost subnet, for example 10.0.3.0/24, to communicate with your on-premises network.

      In this scenario, the route advertised by:

      • The local gateway to your customer devices is 10.0.3.0/24.

      • Your customer devices to the Outpost local gateway is 172.16.100.0/24.

      As a result, the local gateway will send outbound traffic with destination network 172.16.100.0/24 to your customer devices. Ensure that your network has the correct routing configuration to deliver traffic to the destination host within your network.

      For the specific commands and configuration required to check the state of the BGP sessions and the advertised routes within those sessions, see the documentation from your networking vendor. For troubleshooting, see AWS Outposts rack network troubleshooting checklist.

      Consider the scenario where you have an Outpost with two Outposts rack network devices connected by a local gateway VLAN to two customer local network devices. The following is configured:

      • A VPC with a CIDR block 10.0.0.0/16.

      • A subnet in the VPC with a CIDR block 10.0.3.0/24.

      • A customer-owned IP pool (10.1.0.0/26).

      • An Elastic IP address association that associates 10.0.3.112 to 10.1.0.2.

      • A subnet in the on-premises network with a CIDR block 172.16.100.0/24

      • Communication between your Outpost and on-premises network will use the CoIP Elastic IPs to address instances in the Outpost, the VPC CIDR range is not used.

      In this scenario the route advertised by:

      • The local gateway to your customer devices is 10.1.0.0/26.

      • Your customer devices to the Outpost local gateway is 172.16.100.0/24.

      As a result the local gateway will send outbound traffic with destination network 172.16.100.0/24 to your customer devices. Ensure that your network has the right routing configuration to deliver traffic to the destination host within your network.

      For the specific commands and configuration required to check the state of the BGP sessions and the advertised routes within those sessions, see the documentation from your networking vendor. For troubleshooting, see AWS Outposts rack network troubleshooting checklist.

      Step 5: Launch an instance on the Outpost

      You can launch EC2 instances in the Outpost subnet that you created, or in an Outpost subnet that has been shared with you. Security groups control inbound and outbound VPC traffic for instances in an Outpost subnet, just as they do for instances in an Availability Zone subnet. To connect to an EC2 instance in an Outpost subnet, you can specify a key pair when you launch the instance, just as you do for instances in an Availability Zone subnet.

      Considerations
      • You can create a placement groups to influence how Amazon EC2 should attempt to place groups of interdependent instances on the Outposts hardware. You can choose the placement group strategy that meets the needs of your workload.

      • If your Outpost has been configured to use a customer-owned IP (CoIP) address pool, you must assign a customer-owned IP address to any instances that you launch.

      To launch instances in your Outpost subnet
      1. Open the AWS Outposts console at https://console.aws.amazon.com/outposts/.

      2. On the navigation pane, choose Outposts.

      3. Select the Outpost, and then choose Actions, View details.

      4. On the Outpost summary page, choose Launch instance. You are redirected to the instance launch wizard in the Amazon EC2 console. We select the Outpost subnet for you, and show you only the instance types that are supported by your Outposts rack.

      5. Choose an instance type that is supported by your Outposts rack. Note that instances that appear greyed out are not available for your Outpost.

      6. (Optional) To launch the instances into a placement group, expand Advanced details and scroll to Placement group. You can either select an existing placement group or create a new placement group.

      7. Complete the wizard to launch the instance in your Outpost subnet. For more information, see the following in the Amazon EC2 User Guide:

        Note

        If you are creating an Amazon EBS volume, you must use the gp2 volume type or the wizard will fail.

      Step 6: Test the connectivity

      You can test connectivity by using the appropriate use cases.

      Test connectivity from your local network to the Outpost

      From a computer in your local network, run the ping command to the Outpost instance's private IP address.

      ping 10.0.3.128

      The following is example output.

      Pinging 10.0.3.128 Reply from 10.0.3.128: bytes=32 time=<1ms TTL=128 Reply from 10.0.3.128: bytes=32 time=<1ms TTL=128 Reply from 10.0.3.128: bytes=32 time=<1ms TTL=128 Ping statistics for 10.0.3.128 Packets: Sent = 3, Received = 3, Lost = 0 (0% lost) Approximate round trip time in milliseconds Minimum = 0ms, Maximum = 0ms, Average = 0ms
      Test the connectivity from an Outpost instance to your local network

      Depending on your operating system, use ssh or rdp to connect to the private IP address of your Outpost instance. For information about connecting to a Linux instance, see Connect to your Linux instance in the Amazon EC2 User Guide for Linux Instances. For information about connecting to a Windows instance, see Connect to your Windows instance in the Amazon EC2 User Guide for Windows Instances.

      After the instance is running, run the ping command to an IP address of a computer in your local network. In the following example, the IP address is 172.16.0.130.

      ping 172.16.0.130

      The following is example output.

      Pinging 172.16.0.130 Reply from 172.16.0.130: bytes=32 time=<1ms TTL=128 Reply from 172.16.0.130: bytes=32 time=<1ms TTL=128 Reply from 172.16.0.130: bytes=32 time=<1ms TTL=128 Ping statistics for 172.16.0.130 Packets: Sent = 3, Received = 3, Lost = 0 (0% lost) Approximate round trip time in milliseconds Minimum = 0ms, Maximum = 0ms, Average = 0ms
      Test connectivity between the AWS Region and the Outpost

      Launch an instance in the subnet in the AWS Region. For example, use the run-instances command.

      aws ec2 run-instances \ --image-id ami-abcdefghi1234567898 \ --instance-type c5.large \ --key-name MyKeyPair \ --security-group-ids sg-1a2b3c4d123456787 \ --subnet-id subnet-6e7f829e123445678

      After the instance is running, perform the following operations:

      1. Get the private IP address of the instance in the AWS Region. This information is available in the Amazon EC2 console on the instance detail page.

      2. Depending on your operating system, use ssh or rdp to connect to the private IP address of your Outpost instance.

      3. Run the ping command from your Outpost instance, specifying the IP address of the instance in the AWS Region.

        ping 10.0.1.5

        The following is example output.

        Pinging 10.0.1.5 Reply from 10.0.1.5: bytes=32 time=<1ms TTL=128 Reply from 10.0.1.5: bytes=32 time=<1ms TTL=128 Reply from 10.0.1.5: bytes=32 time=<1ms TTL=128 Ping statistics for 10.0.1.5 Packets: Sent = 3, Received = 3, Lost = 0 (0% lost) Approximate round trip time in milliseconds Minimum = 0ms, Maximum = 0ms, Average = 0ms
      Test the connectivity from your local network to the Outpost

      From a computer in your local network, run the ping command to the Outpost instance's customer-owned IP address.

      ping 172.16.0.128

      The following is example output.

      Pinging 172.16.0.128 Reply from 172.16.0.128: bytes=32 time=<1ms TTL=128 Reply from 172.16.0.128: bytes=32 time=<1ms TTL=128 Reply from 172.16.0.128: bytes=32 time=<1ms TTL=128 Ping statistics for 172.16.0.128 Packets: Sent = 3, Received = 3, Lost = 0 (0% lost) Approximate round trip time in milliseconds Minimum = 0ms, Maximum = 0ms, Average = 0ms
      Test the connectivity from an Outpost instance to your local network

      Depending on your operating system, use ssh or rdp to connect to the private IP address of your Outpost instance. For information about connecting to a Linux instance, see Connect to your Linux instance in the Amazon EC2 User Guide for Linux Instances. For information about connecting to a Windows instance, see Connect to your Windows instance in the Amazon EC2 User Guide for Windows Instances.

      After the Outpost instance is running, run the ping command to an IP address of a computer in your local network.

      ping 172.16.0.130

      The following is example output.

      Pinging 172.16.0.130 Reply from 172.16.0.130: bytes=32 time=<1ms TTL=128 Reply from 172.16.0.130: bytes=32 time=<1ms TTL=128 Reply from 172.16.0.130: bytes=32 time=<1ms TTL=128 Ping statistics for 172.16.0.130 Packets: Sent = 3, Received = 3, Lost = 0 (0% lost) Approximate round trip time in milliseconds Minimum = 0ms, Maximum = 0ms, Average = 0ms
      Test connectivity between the AWS Region and the Outpost

      Launch an instance in the subnet in the AWS Region. For example, use the run-instances command.

      aws ec2 run-instances \ --image-id ami-abcdefghi1234567898 \ --instance-type c5.large \ --key-name MyKeyPair \ --security-group-ids sg-1a2b3c4d123456787 \ --subnet-id subnet-6e7f829e123445678

      After the instance is running, perform the following operations:

      1. Get the AWS Region instance private IP address, for example 10.0.0.5. This information is available in the Amazon EC2 console on the instance detail page.

      2. Depending on your operating system, use ssh or rdp to connect to the private IP address of your Outpost instance.

      3. Run the ping command from your Outpost instance to the AWS Region instance IP address.

        ping 10.0.0.5

        The following is example output.

        Pinging 10.0.0.5 Reply from 10.0.0.5: bytes=32 time=<1ms TTL=128 Reply from 10.0.0.5: bytes=32 time=<1ms TTL=128 Reply from 10.0.0.5: bytes=32 time=<1ms TTL=128 Ping statistics for 10.0.0.5 Packets: Sent = 3, Received = 3, Lost = 0 (0% lost) Approximate round trip time in milliseconds Minimum = 0ms, Maximum = 0ms, Average = 0ms