Create an AWS Certificate Manager certificate
The DuploCloud Platform needs a wild character AWS Certificate Manager (ACM) certificate corresponding to the domain for the Route 53 Hosted Zone.
For example, if the Route 53 Hosted Zone created is apps.acme.com
, the ACM certificate specifies *.apps.acme.com
. You can add additional domains to this certificate (for example, *.acme.com
).
The ACM certificate is used with AWS Elastic Load Balancers (ELBs) created during DuploCloud application deployment. Follow this AWS guide to issue an ACM certificate.
Once the certificate is issued, add the Amazon Resource Name (ARN) of the certificate to the DuploCloud Plan (starting with the DEFAULT Plan) so that it is available to subsequent configurations
In the DuploCloud Platform, navigate to Administrator -> Plans. The Plans page displays.
Select the default Plan from the NAME column.
Click the Certificates tab.
Click Add.
In the Name field, enter a certificate name.
In the Certificate ARN field, enter the ARN.
Click Create. The ACM Certificate with ARN is created.
Note that the ARN Certificate must be set for every new Plan created in a DuploCloud Infrastructure.
Configure DuploCloud to automatically generate Amazon Certificate Manager (ACM) certificates for your Plan's DNS.
From the DuploCloud portal, navigate to Administrator -> Systems Settings.
Select the System Config tab, and click Add. The Add Config pane displays.
From the Config Type list box, select Flags.
From the Key list box, select Other.
In the Key field that displays, enter enabledefaultdomaincert
.
In the Value list box, select True.
Click Submit. DuploCloud automatically generates Amazon Certificate Manager (ACM) certificates for your Plan's DNS.
Tasks to perform before you use AWS with DuploCloud
Access the shell for your Native Docker, EKS, and ECS containers
Enable and access shells for your DuploCloud Docker, EKS, and ECS containers directly through the DuploCloud Portal. This provides quick and easy access for managing and troubleshooting your containerized environments.
In the DuploCloud Portal, navigate to Docker -> Services.
From the Docker list box, select Enable Docker Shell. The Start Shell Service pane displays.
In the Platform list box, select Docker Native.
From the Certificate list box, select your certificate.
From the Visibility list box, select Public or Internal.
Click Update. DuploCloud provisions the dockerservices-shell
Service, enabling you to access your Docker container shell.
From the DuploCloud portal, navigate to Docker -> Containers.
Select Container Shell. A shell session launches directly into the running container.
In the Tenant list box, select the Default Tenant.
In the DuploCloud Portal, navigate to Docker -> Services.
Click the Docker button, and select Enable Docker Shell. The Start Shell Service pane displays.
In the Platform list box, select Kubernetes.
In the Certificate list box, select your certificate.
In the Visibility list box, select Public or Internal.
Click Update. DuploCloud provisions the dockerservices-shell
Service, enabling you to access your Kubernetes container shell.
From the DuploCloud Portal, navigate to Kubernetes -> Services.
Click the KubeCtl Shell button. The Kubernetes shell launches in your browser.
From the DuploCloud Portal, navigate to Cloud Services -> ECS. The ECS Task Definition page displays.
Select the name from the TASK DEFINITION FAMILY NAME column.
Select the Tasks tab.
In the row of the task you want to access, click the actions icon (>_).
Select the Task Shell option. The ECS task shell launches in your browser.
Create a Route 53 Hosted Zone to program DNS entries
The DuploCloud Platform needs a unique Route 53 hosted zone to create DNS entries for Services that you deploy. The domain must be created out-of-band and set in DuploCloud. The zone is a subdomain such as apps.[
MY-COMPANY
].com
.
Never use this subdomain for anything else, as DuploCloud owns all CNAME entries
in this domain and removes all entries it has no record of.
Log in to AWS Console.
Navigate to Route 53 and Hosted Zones.
Create a new Route53 Hosted Zone with the desired domain name, for example, apps.acme.com
.
Access the Hosted Zone and note the name server names.
Go to your root domain provider's site (e.g., acme.com
), and create an NS
record that references the domain name of the Hosted Zone you created (apps.acme.com
). Add the zone name to the name servers that you noted above.
Once this is complete, provision the Route53 domain in every DuploCloud Plan, starting with the DEFAULT Plan. Add the Route53 Hosted Zone ID and domain name, preceded with a dot (.).
Do not forget the dot (.) at the beginning of the DNS suffix, in the form as shown below.
Note that this domain must be set in each new Plan you create in your DuploCloud Infrastructure.
Accept OpenVPN, provision the VPN, and add VPN users
DuploCloud integrates with OpenVPN by provisioning VPN users that you add to the DuploCloud Portal. OpenVPN setup is a two-step process.
Accept OpenVPN Free Tier (Bring Your Own License) in the AWS Marketplace:
Log into your AWS account. In the console, navigate to: https://aws.amazon.com/marketplace/pp?sku=f2ew2wrz425a1jagnifd02u5t.
Accept the agreement. Other than the regular EC2 instance cost, no additional license costs are added.
In the DuploCloud Portal, navigate to Administrator -> System Settings.
Select the VPN tab.
Click Provision VPN.
After the OpenVPN is provisioned, it is ready to use. Behind the scenes, DuploCloud launches a CloudFormation script to provision the OpenVPN.
You can find the OpenVPN admin password in the CloudFormation stack in your AWS console.
For instructions to add or delete a VPN user, see the DuploCloud User Administration documentation.
Users connected to a VPN can SSH or RDP into EC2 instances by default. Users can also connect to internal application Load Balancers and endpoints. However, to connect to other Services, such as databases and ElastiCache, you must open the port to the VPN:
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Select the Tenant from the NAME column.
Click the Security tab.
Click Add. The Add Tenant Security pane displays.
From the Source Type list box, select IP Address.
From the IP CIDR list box, select your IP CIDR.
Click Add.
Obtain VPN credentials and connect to the VPN
DuploCloud integrates natively with OpenVPN by provisioning VPN users in the Duplocloud Portal. As a DuploCloud user, you can access resources in the private network by connecting to the VPN with the OpenVPN client.
The OpenVPN Access Server only forwards traffic destined for resources in the DuploCloud-managed private networks. Traffic accessing other resources on the internet does not pass through the tunnel.
You can find your VPN credentials on your user profile page in the DuploCloud Portal. It can be accessed by clicking Profile in the user menu on the upper right of the page or through the User menu option on the left.
Click on the VPN URL link in the VPN Details section of your user profile. Modern browsers will call the link unsafe since it uses a self-signed certificate. Make the necessary selections to proceed.
Log into the OpenVPN Access Server user portal using the username and password from the VPN Details section of your DuploCloud user profile page.
Click on the OpenVPN Connect Recommended for your device icon to install the OpenVPN Connect app for your local machine.
Navigate to your downloads folder, open the OpenVPN Connect file you downloaded in the previous step, and follow the prompts to finish the installation.
In the OpenVPN access server dialog box, click on the blue Yourself (user-locked profile) link to download your OpenVPN user profile.
Navigate to your Downloads folder and click on the .ovpn file downloaded in the previous step. The Onboarding Tour dialog box displays.
In the Onboarding Tour dialog box, click the > button twice. Click Agree and OK as needed to proceed to the Import .ovpn profile dialog box, and click OK.
Click OK, and select Connect after import. Click Add in the upper right. If prompted to enter a password, use the password in the VPN Profile area of your user profile page in the DuploCloud Portal. You are now connected to the VPN.
In the row of the container you want to access, click the options menu icon ( ).