Darktrace vSensor on the AWS Cloud

Quick Start Reference Deployment

QS

September 2021
Development Team Documentations at Darktrace
Tony Bulding, AWS Integration & Automation team

Visit our GitHub repository for source files and to post feedback, report bugs, or submit feature ideas for this Quick Start.

This Quick Start was created by Darktrace in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that use AWS CloudFormation templates to deploy key technologies on AWS, following AWS best practices.

Overview

This Quick Start reference deployment guide provides step-by-step instructions for deploying Darktrace vSensor on the AWS Cloud.

This guide is for database administrators, enterprise architects, system administrators, and developers who want to run Darktrace vSensor probes in a highly-available Amazon Elastic Compute Cloud (Amazon EC2) environment.

Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on the Quick Start.

Darktrace vSensor on AWS

This Quick Start deploys Darktrace vSensor virtual threat detection on the Amazon Web Services (AWS) Cloud. Instead of relying on flow logs, Darktrace probes analyze raw data from mirrored virtual private cloud (VPC) traffic to learn to identify threats.

Amazon Virtual Private Cloud (VPC) traffic mirroring copies traffic from Amazon Elastic Compute Cloud (Amazon EC2) instances you want to monitor. A Network Load Balancer distributes mirrored traffic to Darktrace vSensor probes in private subnets. The deployment also supports sending data to vSensors from Darktrace osSensors you configure on virtual machines, containerized applications, and legacy EC2 instance types that do not support traffic mirroring.

Darktrace vSensor extracts relevant metadata from mirrored traffic and stores it in an Amazon Simple Storage Service (Amazon S3) bucket. Your existing Darktrace deployment analyzes the metadata using Darktrace’s Enterprise Immune System to build metrics it uses to identify threats.

Darktrace vSensors support syslog to integrate with third-party security information and event management tools.

High Availability on AWS

If you choose to deploy more than one vSensor, they are deployed across multiple Availability Zones for high-availability. For more information, see Regions and Availability Zones.

AWS costs

You are responsible for the cost of the AWS services and any third-party licenses used while running this Quick Start. There is no additional cost for using the Quick Start.

The AWS CloudFormation templates for Quick Starts include configuration parameters that you can customize. Some of the settings, such as the instance type, affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you use. Prices are subject to change.

After you deploy the Quick Start, create AWS Cost and Usage Reports to deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. These reports provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, see What are AWS Cost and Usage Reports?

Software licenses

This Quick Start requires a valid update key obtained from the Darktrace Customer Portal or a Darktrace representative. You must provide a valid update key during deployment in order for the Quick Start to launch successfully. A free 30-day trial is available. Contact your Darktrace representative or see Start your free 30-day trial today.

Architecture

Deploying this Quick Start for a new virtual private cloud (VPC) with default parameters builds the following Darktrace vSensor environment in the AWS Cloud.

Architecture
Figure 1. Quick Start architecture for Darktrace vSensor on AWS

As shown in Figure 1, the Quick Start sets up the following:

  • A highly available architecture that spans two Availability Zones.

  • A virtual private network (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.

  • In the public subnets:

    • Linux bastion hosts in an Auto Scaling group managing inbound Secure Shell (SSH) access to Darktrace vSensor instances in the private subnets.*

  • In the private subnets:

    • Managed network address translation (NAT) gateways to allow outbound internet access to Darktrace vSensor instances.

    • An Auto Scaling group of Darktrace vSensor probes hosted on Amazon EC2 instances.

  • VPC traffic mirroring to send mirrored traffic to a Network Load Balancer.

  • A Network Load Balancer to distribute monitored VPC traffic to Darktrace vSensor instances.

  • An Amazon S3 bucket to store packets captured by Darktrace vSensor.

  • Amazon CloudWatch to provide:

    • An alarm to invoke dynamic scaling of the Darktrace vSensor Auto Scaling group.

    • Logs to collect metrics from Darktrace vSensor EC2 instances.

*The template that deploys the Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

Planning the deployment

Specialized knowledge

This deployment requires a moderate level of familiarity with AWS services. If you’re new to AWS, see Getting Started Resource Center and AWS Training and Certification. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

This deployment guide also requires knowledge of the Darktrace vSensor and Enterprise Immune System products. Contact a Darktrace representative or visit the Darktrace Customer Portal if you need more information or training.

AWS account

If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Part of the sign-up process involves receiving a phone call and entering a PIN using the phone keypad.

Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.

Technical requirements

Before you launch the Quick Start, review the following information and ensure that your account is properly configured. Otherwise, deployment might fail.

Resource quotas

If necessary, request service quota increases for the following resources. You might need to request increases if your existing deployment currently uses these resources and if this Quick Start deployment could result in exceeding the default quotas. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see What is Service Quotas? and AWS service quotas.

Resource This deployment uses

VPCs

1

Subnets

4

Elastic IP addresses

3

S3 Buckets

1

AWS Lambdas

4

AWS Identity and Access Management (IAM) roles

7

Auto Scaling groups

2

Elastic Network Load Balancers

1

t3.micro instances (bastion hosts)

1

vSensor instances (size-configurable)

1+

Supported Regions

The following table represents the regions that are currently supported by the Darktrace vSensor Quick Start.

Table 1. Supported Regions
Code Name

ap-south-1

Asia Pacific (Mumbai)

ap-northeast-1

Asia Pacific (Tokyo)

ap-northeast-2

Asia Pacific (Seoul)

ap-southeast-1

Asia Pacific (Singapore)

ap-southeast-2

Asia Pacific (Sydney)

ca-central-1

Canada (Central)

eu-central-1

Europe (Frankfurt)

eu-west-1

Europe (Ireland)

eu-west-2

Europe (London)

eu-west-3

Europe (Paris)

sa-east-1

South America (São Paulo)

us-east-1

US East (N. Virginia)

us-east-2

US East (Ohio)

us-west-1

US West (N. California)

us-west-2

US West (Oregon)

Certain Regions are available on an opt-in basis. For more information, see Managing AWS Regions.

EC2 key pairs

Make sure that at least one Amazon EC2 key pair exists in your AWS account in the Region where you plan to deploy the Quick Start. Make note of the key pair name. You need it during deployment. To create a key pair, see Amazon EC2 key pairs and Linux instances.

For testing or proof-of-concept purposes, we recommend creating a new key pair instead of using one that’s already being used by a production instance.

IAM permissions

Before launching the Quick Start, you must sign in to the AWS Management Console with IAM permissions for the resources that the templates deploy. The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions. For more information, see AWS managed policies for job functions.

Register a push token

Register a new push token to enable connection between vSensor probes and an existing Darktrace on-premise or cloud appliance. All of the vSensor instances in this deployment share the same push token.

  1. Log into the Darktrace console.

  2. On the main menu, choose Admin > System Config.

  3. In the Push Probe Tokens section, enter a label for the vSensor deployment.

  4. Choose Add. A token is generated in the form of [label:string].

  5. Record the token, as it only displays once. You must enter the token in the Appliance push token parameter field during Quick Start deployment.

If your Darktrace appliance is behind a firewall, you must grant access to the appliance to the IP addresses of your NAT Gateways after deployment. For more information, see Post deployment steps, later in this guide.

Darktrace cloud appliances are already configured to allow push token access, no firewall changes are necessary.

Deployment options

This Quick Start provides two deployment options:

  • Deploy Darktrace vSensor into a new VPC (end-to-end deployment). This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components. It then deploys Darktrace vSensor into this new VPC.

  • Deploy Darktrace vSensor into an existing VPC. This option provisions Darktrace vSensor in your existing AWS infrastructure.

The Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and vSensor settings, as discussed later in this guide.

Deployment steps

Sign in to your AWS account

  1. Sign in to your AWS account at https://aws.amazon.com with an IAM user role that has the necessary permissions. For details, see Planning the deployment earlier in this guide.

  2. Make sure that your AWS account is configured correctly, as discussed in the Technical requirements section.

Launch the Quick Start

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service used by this Quick Start. Prices are subject to change.
  1. Sign in to your AWS account, and choose one of the following options to launch the AWS CloudFormation template. For help with choosing an option, see deployment options earlier in this guide.

Deploy Darktrace vSensor into a new VPC on AWS

View template

Deploy Darktrace vSensor into an existing VPC on AWS

View template

If you’re deploying Darktrace vSensor into an existing VPC, make sure that your VPC has two private subnets in different Availability Zones for the workload instances, and that the subnets aren’t shared. This Quick Start doesn’t support shared subnets. These subnets require NAT gateways in their route tables, to allow the instances to download packages and software without exposing them to the internet.

Each deployment takes about 30 minutes / 1 hour to complete.

  1. Check the AWS Region that is displayed in the upper-right corner of the navigation bar, and change it if necessary. This is where the network infrastructure for Darktrace vSensor will be built. The template is launched in the us-east-1 Region by default.

  1. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  2. On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. For details on each parameter, see the Parameter reference section of this guide. When you finish reviewing and customizing the parameters, choose Next.

  3. On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you’re finished, choose Next.

  4. On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources and might require the ability to automatically expand macros.

  5. Choose Create stack to deploy the stack.

  6. Monitor the status of the stack. When the status is CREATE_COMPLETE, the Darktrace vSensor deployment is ready.

  7. To view the created resources, see the values displayed in the Outputs tab for the stack.

Post deployment steps

Configure networking

If your Darktrace appliance is behind a firewall, you must grant access to the appliance to the IP addresses of your NAT gateways. For a new VPC deployment, use the NatGatewayEIPs on the Outputs tab of the stack in the AWS CloudFormation console. For an existing VPC deployment, use the IP addresses of the existing NAT gateways.

Configure traffic mirroring

To add your existing EC2 instances to be mirrored and monitored, configure a traffic mirror session. For more information, see Traffic mirror sessions. When doing this, use the traffic mirror target and filter IDs on the Outputs tab of the stack in the AWS CloudFormation console. You can automate the process of adding your existing EC2 instances to this deployment. For more information, contact your Darktrace representative for scripts and guidance to do this.

VPC Traffic Mirroring is only supported on AWS Nitro-based EC2 instance types and some non-Nitro instance types. For more information, see Amazon VPC Traffic Mirroring is now supported on select non-Nitro instance types.

To monitor EC2 instance types that do not support VPC Traffic Mirroring, configure them with Darktrace osSensors. When doing this, use the DNS name of the Network Load Balancer on the Outputs tab of the stack in the CloudFormation console. For more information about configuring osSensors, visit the Darktrace Customer Portal.

Test the deployment

After deployment, verify that all vSensors are listed in the Probes section of the System Config screen in the Darktrace Threat Visualizer. After adding the Traffic Mirror Sessions of EC2 instances that you wish to monitor, or configured osSensors to communicate with the vSensors, verify that they display in the Threat Visualizer.

Security

Network security

This deployment follows AWS security best practices for network security. The vSensor instances are deployed in private subnets. They are only accessible from the internet using SSH to connect to bastion hosts in the private subnets. For existing VPC deployments, it is important that security groups only allow SSH access from trusted sources. It is not recommended to allow direct SSH access to vSensors from the internet. For more information, see Best Practices for Security, Identity, & Compliance.

OS security

To gain root access to vSensor instances, use the ubuntu user name and the EC2 key pair parameter you entered during deployment as the private key path. Then sudo to root. The EC2 key pair is also required to access ec2-user of the bastion hosts. For more information, see Connect to your Linux instance using SSH.

The bastion hosts deployed by this Quick Start are set to update automatically. The deployed vSensors are configured to receive the latest security and product updates daily from Darktrace and Ubuntu package repositories.

Additional resources

FAQ

Q. I encountered a CREATE_FAILED error when I launched the Quick Start.

A. If AWS CloudFormation fails to create the stack, we recommend that you relaunch the template with Rollback on failure set to Disabled. (This setting is under Advanced in the AWS CloudFormation console, Options page.) With this setting, the stack’s state is retained and the instance is left running, so you can troubleshoot the issue. (For Windows, look at the log files in %ProgramFiles%\Amazon\EC2ConfigService and C:\cfn\log.)

When you set Rollback on failure to Disabled, you continue to incur AWS charges for this stack. Please make sure to delete the stack when you finish troubleshooting.

For additional information, see Troubleshooting AWS CloudFormation on the AWS website.

Q. I encountered a size limitation error when I deployed the AWS CloudFormation templates.

A. We recommend that you launch the Quick Start templates from the links in this guide or from another S3 bucket. If you deploy the templates from a local copy on your computer or from a location other than an S3 bucket, you might encounter template size limitations. For more information about AWS CloudFormation quotas, see the AWS CloudFormation quotas.

Customer responsibility

After you successfully deploy this Quick Start, confirm that your resources and services are updated and configured — including any required patches — to meet your security and other needs. For more information, see the AWS Shared Responsibility Model.

Parameter reference

Unless you are customizing the Quick Start templates for your own deployment projects, keep the default settings for the parameters labeled Quick Start S3 bucket name, Quick Start S3 bucket Region, and Quick Start S3 key prefix. Changing these parameter settings automatically updates code references to point to a new Quick Start location. For more information, see the AWS Quick Start Contributor’s Guide.

Parameters for deploying into a new VPC

Table 2. Network configuration
Parameter label (name) Default value Description

Availability Zones (AvailabilityZones)

Requires input

Availability Zones to use for the subnets in the VPC. Two Availability Zones are used for this deployment.

VPC CIDR (VPCCIDR)

10.0.0.0/16

CIDR block for the VPC.

Private subnet 1 CIDR (PrivateSubnet1CIDR)

10.0.0.0/19

CIDR block for private subnet 1, located in Availability Zone 1.

Private subnet 2 CIDR (PrivateSubnet2CIDR)

10.0.32.0/19

CIDR block for private subnet 2, located in Availability Zone 2.

Public subnet 1 CIDR (PublicSubnet1CIDR)

10.0.128.0/20

CIDR block for the public (DMZ) subnet 1, located in Availability Zone 1.

Public subnet 2 CIDR (PublicSubnet2CIDR)

10.0.144.0/20

CIDR block for the public (DMZ) subnet 2, located in Availability Zone 2.

Bastion host CIDR (RemoteAccessCIDR)

Requires input

CIDR IP range that is permitted to access the bastion hosts. We recommend that you set this value to a trusted IP range.

Table 3. Bastion configuration
Parameter label (name) Default value Description

Bastion host instance type (BastionInstanceType)

t3.micro

Amazon EC2 instance type for the bastion hosts.

Key pair name (BastionKeyPairName)

Requires input

Name of an existing public/private key pair, which allows you to securely connect to your instance after it launches.

Bastion host AMI operating system (BastionAMIOS)

Amazon-Linux2-HVM

Linux distribution for the Amazon Machine Image (AMI) used for the bastion host instances.

Table 4. Darktrace appliance configuration
Parameter label (name) Default value Description

Appliance host name (VSensorApplianceHostname)

Requires input

Host name of the Darktrace appliance.

Appliance port (VSensorAppliancePort)

443

Connection port between vSensor and the Darktrace appliance.

Appliance push token (VSensorAppliancePushtoken)

Requires input

Push token to authenticate with the appliance. For more information, see the Darktrace Customer Portal.

Table 5. Darktrace vSensor configuration
Parameter label (name) Default value Description

EC2 instance type (VSensorInstanceType)

t3.medium

EC2 instance type. Default is t3.medium.

EC2 key pair name (VSensorKeyPairName)

Requires input

EC2 key pair to use to connect to vSensor.

Update key (VSensorUpdatekey)

XXXXXX:XXXX

Darktrace update key. If you don’t have one, contact your Darktrace representative.

Desired vSensor instance capacity (VSensorDesiredCapacityASG)

1

Desired number of vSensor instances in the Auto-Scaling group.

Minimum vSensor instance capacity (VSensorMinSizeASG)

1

Minimum number of vSensor instances in the Auto-Scaling group.

Maximum vSensor instance capacity (VSensorMaxSizeASG)

5

Maximum number of vSensor instances in the Auto-Scaling group.

osSensor HMAC Token (VSensorOsSensorHMAC)

Blank string

Hash-based message authentication code (HMAC) token to authenticate osSensors with vSensor.

Table 6. VPC Traffic Mirror configuration
Parameter label (name) Default value Description

Traffic Mirror rule number (VSensorTrafficMirrorRuleNumber)

100

Enter a priority to assign to the rule.

Source traffic CIDR to filter (0.0.0.0/0 for all traffic) (VSensorTrafficMirrorSourceCIDR)

0.0.0.0/0

Source CIDR for the Traffic Mirror filter. Enter 0.0.0.0/0 for all traffic.

Destination traffic CIDR to filter (0.0.0.0/0 for all traffic) (VSensorTrafficMirrorDestCIDR)

0.0.0.0/0

Destination CIDR for the Traffic Mirror filter. Enter 0.0.0.0/0 for all traffic.

Table 7. Logs and captured packet retention
Parameter label (name) Default value Description

CloudWatch logs retention (days) (VSensorLogGroupRetention)

30

Number of days to retain Cloudwatch logs.

Captured packets storage retention (days) (VSensorLifecycleS3BucketDays)

7

Number of days to retain captured packets in Amazon S3.

Table 8. AWS Quick Start configuration
Parameter label (name) Default value Description

Quick Start S3 bucket name (QSS3BucketName)

aws-quickstart

Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html.

Quick Start S3 bucket Region (QSS3BucketRegion)

us-east-1

AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.

Quick Start S3 key prefix (QSS3KeyPrefix)

quickstart-darktrace-vsensor/

S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html.

Quick Start unique run ID (12 characters or less) (ShortID)

Blank string

Quick Start short unique ID used to identify resources from other installations of this Quick Start. If left empty, a random string is generated.

Parameters for deploying into an existing VPC

Table 9. Darktrace appliance configuration
Parameter label (name) Default value Description

Appliance host name (ApplianceHostname)

Requires input

Host name of the Darktrace appliance.

Appliance port (AppliancePort)

443

Connection port between vSensor and the Darktrace appliance.

Appliance push token (AppliancePushtoken)

Requires input

Push token to authenticate with the appliance. For more information, see the Darktrace Customer Portal.

Table 10. Darktrace vSensor configuration
Parameter label (name) Default value Description

EC2 instance type (InstanceType)

t3.medium

EC2 instance type. Default is t3.medium.

EC2 key pair Name (KeyPairName)

Requires input

EC2 key pair to use to connect to vSensor.

Security groups (InstanceSecurityGroups)

Requires input

Darktrace vSensor security group IDs. A basic vSensor connectivity Security Group (port 80, 443, 4789 for the VPC) will be added by this cloudformation.

Update key (VsensorUpdatekey)

XXXXXX:XXXX

Darktrace update key. If you don’t have one, contact your Darktrace representative.

Desired vSensor instance capacity (DesiredCapacityASG)

1

Desired number of vSensor instances in the Auto-Scaling group.

Minimum vSensor instance capacity (MinSizeASG)

1

Minimum number of vSensor instances in the Auto-Scaling group.

Maximum vSensor instance capacity (MaxSizeASG)

5

Maximum number of vSensor instances in the Auto-Scaling group.

osSensor HMAC Token (osSensorHMAC)

Blank string

Hash-based message authentication code (HMAC) token to authenticate osSensors with vSensor.

Table 11. Network configuration
Parameter label (name) Default value Description

Deployment VPC (DeploymentVPC)

Requires input

VPC of target deployment.

VPC CIDR block (VpcCIDRBlock)

172.16.0.0/12

VPC CIDR block.

SSH CIDR block (SshCIDRBlock)

172.16.0.0/12

Allowed CIDR block for SSH (Secure Shell) access to vSensor.

Subnets (Subnets)

Requires input

List the Subnet Ids that the vSensor should be launched into. You can specify at most one subnet per Availability Zone.

Table 12. VPC Traffic Mirror configuration
Parameter label (name) Default value Description

Traffic Mirror rule number (TrafficMirrorRuleNumber)

100

Enter a priority to assign to the rule.

Source traffic CIDR to filter (0.0.0.0/0 for all traffic) (TrafficMirrorSourceCIDR)

0.0.0.0/0

Source CIDR for the Traffic Mirror filter. Enter 0.0.0.0/0 for all traffic.

Destination traffic CIDR to filter (0.0.0.0/0 for all traffic) (TrafficMirrorDestCIDR)

0.0.0.0/0

Destination CIDR for the Traffic Mirror filter. Enter 0.0.0.0/0 for all traffic.

Table 13. Logs and captured packet retention
Parameter label (name) Default value Description

CloudWatch logs retention (days) (LogGroupRetention)

30

Number of days to retain Cloudwatch logs.

Captured packets storage retention (days) (LifecycleS3BucketDays)

7

Number of days to retain captured packets in Amazon S3.

Table 14. Quick Start configuration
Parameter label (name) Default value Description

Quick Start S3 bucket name (QSS3BucketName)

aws-quickstart

Name of the S3 bucket for your copy of the Quick Start assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Quick Start location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). See https://aws-quickstart.github.io/option1.html.

Quick Start S3 bucket Region (QSS3BucketRegion)

us-east-1

AWS Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Quick Start location. When using your own bucket, specify the Region. See https://aws-quickstart.github.io/option1.html.

Quick Start S3 key prefix (QSS3KeyPrefix)

quickstart-darktrace-vsensor/

S3 key prefix that is used to simulate a directory for your copy of the Quick Start assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Quick Start location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. See https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html.

Quick Start unique run ID (12 characters or less) (ShortID)

Blank string

Quick Start short unique ID used to identify resources from other installations of this Quick Start. If left empty, a random string is generated.

Send us feedback

To post feedback, submit feature ideas, or report bugs, use the Issues section of the GitHub repository for this Quick Start. To submit code, see the Quick Start Contributor’s Guide.

Quick Start reference deployments

GitHub repository

Visit our GitHub repository to download the templates and scripts for this Quick Start, to post your comments, and to share your customizations with others.


Notices

This document is provided for informational purposes only. It represents AWS’s current product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS’s products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either expressed or implied. See the License for specific language governing permissions and limitations.