VPC Guide
Quick Start
To quickly get up and running with a VPC pre-configured for use with Corellium Private Cloud, use the provided VPC creation script.
./create_vpc.sh
This script will create and configure a VPC in your environment's configured AWS region. This script will provision:
- A VPC with DNS and hostnames support
- Two subnets per availability zone (AZ) in the target region (DMZ and App subnet)
- An Internet Gateway
- An S3 VPC Endpoint
- One NAT Gateway per AZ
- Network Access Control Lists (NACLs) and Security Groups (SGs)
- Routing table entries for egress from the VPC
The user or IAM role running the create_vpc.sh
must have the following IAM
permissions:
- EC2:AllocateAddress
- EC2:AssociateRouteTable
- EC2:AttachInternetGateway
- EC2:AuthorizeSecurityGroupEgress
- EC2:AuthorizeSecurityGroupIngress
- EC2:CreateInternetGateway
- EC2:CreateNatGateway
- EC2:CreateNetworkAcl
- EC2:CreateNetworkAclEntry
- EC2:CreateRoute
- EC2:CreateRouteTable
- EC2:CreateSecurityGroup
- EC2:CreateSubnet
- EC2:CreateTags
- EC2:CreateVpc
- EC2:CreateVpcEndpoint
- EC2:ModifySubnetAttribute
- EC2:ModifyVpcAttribute
- EC2:ModifyVpcEndpoint
Requirements
To instantiate a Corellium Private Cloud instance in your AWS environment, you must first provision a VPC in your target AWS account. This VPC must meet the following requirements:
VPC must be located in US East (Ohio), US East (N. Virginia), US West (Oregon), or Europe (Ireland)
Corellium Private Cloud works best on the EC2 c7g.metal instance type. As these instance are only available in the us-east-1, us-east-2, us-west-2, and eu-west-1 AWS regions, the VPC must be colocated in one of these regions.
Expected output
Upon successful provisioning of the VPC, the script will prompt you with several options to provision the c7g instance based off availability zones. Ensure you have provisioned an S3 bucket and uploaded the requisite files before attempting to provision your c7g instance.