Deploy SDP Private Gateway with an AMI

This section guides you how to deploy a SDP Private Gateway with an AMI

We have not supported cloudinit, so while AWS expects you to select an ssh key when deploying this has no effect. We only support username and password authentication over ssh to configure the gateway.

1. Find the most recent SDP gateway AMI for your region

MetaAccess Tenant

Available AMI

Tenant B

Console: console.metaaccess-b.opswat.com

  • us-east-1: ami-0ca11b9a6d9117a4d

  • us-east-2: ami-022175bcb8c1aad79

  • us-west-1: ami-0662341c7b018b6a0

  • us-west-2: ami-00a313aa64d596938

Tenant EU

Console: console.metaaccess-eu.opswat.com

  • eu-north-1: ami-0cbe2a4c8cc125bc0

2. Launch a new AMI. Make sure to configure the following properties:

  • The gateway instance should be at least a t2.medium (2 CPU cores and 4 GB of memory).

  • You have some ssh access to the resulting instance. This means giving it a public IP address, or in some VPC that you can access via some other means. Note that you should not enable ssh access to the gateway from all sources. It’s a good idea to lock down ssh (port 22) to just those sites you want to configure the gateway from (e.g. your organization’s home office).

  • AWS will request that you provide an ssh key. We don’t currently support this, so you can ignore this or provide any key you want. Our gateway will ignore this setting.

3. Get registration code for your gateway from MetaAccess console

  • Log into MetaAccess console

  • Navigate to Settings > Global

  • copy the registration code on your account

4. Connect the private gateway to your MetaAccess account:

  • Once you’ve launched the AMI, ssh to it. The default credentials are admin, password admin. It is highly advised to change this default password once you reach the gateway.

  • Enter the registration code of your MA account on the gateway console. Once you have done so the gateway should show up in your MA account.

5. Accept the gateway:

  • Login into MetaAccess console

  • Navigate to Secure Access > Access Methods

  • Click Activate on that gateway