AWS Deployment

Deploying Kinant Platform using AWS console.

This guide takes you through the step by step process to deploy the Kinant Data Security Platform using the AWS console. The deployment process consists of three primary steps:

  1. Creating an IAM Role.
  2. Creating a security group.
  3. Deploying the Kinant instance.

Create an IAM Role

Kinant Platform needs permission to access your AWS resources, in this step we will create an IAM Role with these permissions. This role will later be assigned to the Kinant instance. To create the IAM Role:

  1. Login to your AWS console and select “Services” > “IAM”.
  2. Select “Roles” from the left panel and click “Create role”.
  3. Since we will be assigning this role to an EC2 instance, we should select EC2 as the trusted entity for this role. To do this, in “Select the type of trusted entity” section, select “AWS service” as the main selection, followed by “EC2”(refer to image below).
  4. Further, select “EC2: Allows EC2 instances to call AWS services on your behalf” as your use case.
  5. Click on “Next:Permissions” to proceed. Select trusted entity
  6. Click on “Create policy” to create a custom policy for this Role.
  7. In the “Create policy” window, click on the “JSON” tab and replace the existing document with the text below.
    {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Sid": "KinantPermissions",
             "Effect": "Allow",
             "Action": [
                 "kms:Decrypt",
                 "kms:List*",
                 "elasticfilesystem:Describe*",
                 "elasticfilesystem:CreateMountTarget",
                 "kms:Get*",
                 "s3:Get*",
                 "ec2:*",
                 "kms:Describe*",
                 "s3:List*"
             ],
             "Resource": "*"
         }
     ]
    }
    
  8. Click on “Review Policy” to proceed to the next screen.
  9. Give your Policy an identifiable name like “KinantPlatformPolicy” and description such as “Permissions to run the Kinant Platform”.
  10. Click on “Create policy” to finish the create policy process.
  11. Now its time to assign the newly created policy to the role that we are about to create. Return to the “Create role” tab to proceed further.
  12. Use the “Customer managed” filter to filter the policies and hit “Refresh” for the newly created policy to appear.
  13. Select the newly created policy and hit “Next: Review”.
  14. In the Review section, give the role an identifiable name and description like, “KinantPlatformRole” and “Role granting permissions to Kinant Platform”.
  15. Hit “Create role” at the bottom of the page to finish creating the Role.

Summary: In this step we first created a custom policy granting permissions required by the Kinant Platform. This was followed by creating an IAM Role and attaching the custom policy to this role.

Create a security group for the deployment

Now we will create a security group that defines network rules for Kinant Platform instance.

  1. Login to your AWS console and select “Services” > “EC2”.
  2. In the left pane under the sub menu “NETWORK & SECURITY”, select “Security Groups”.
  3. Click on “Create Security Group” to proceed.
  4. Enter an identifiable name and description for the security group, like “KinantPlatformSG” and “Network rules for Kinant Platform”.
  5. Select the VPC where you want the Kinant Platform instance deployed. Note: If you want to analyze ElasticFileSystem(EFS) storage assets, make sure you select the VPC that has your EFS file system, since currently it is not possible to create mount targets for a EFS across VPCs. Also make sure the selected VPC is attached to an Internet Gateway, the gateway is essential for the user to access the platform user dashboard.
  6. Specify the following Inbound rules:

    Type Protocol Port Range Source Description
    Custom TCP TCP 8000 Anywhere  
    Custom TCP TCP 8443 Anywhere  
    SSH TCP 24 Anywhere  
  7. Click on “Create” to create the security group.

Summary: In this section we created a security group with defined inbound rules inside the desired VPC.

Deploy the instance

Now that we are done with all the essential prerequisites, we will deploy a Kinant instance. Make sure you have our AMI id ready before you begin. You can connect to us at contactus@kinant.com or register here to get our AMI id.

  1. Login to your AWS console and select “Services” > “EC2”.
  2. In the left pane under the sub menu “INSTANCES”, select “Instances”.
  3. Click on “Launch Instance”
  4. For “Step 1: Choose an Amazon Machine Image (AMI)”, select “My AMIs” and check the box “Shared with me”.
  5. Search for and select the AMI id shared with you.
  6. For “Step 2: Choose an Instance Type”, select one of the t2.medium, t2.large or t2.xlarge. These are the instance types supported by the platform at the moment.
  7. Click on “Next: Configure Instance Details” to proceed.
  8. Choose the Network VPC for which we we created the security group in section 2(refer the image below).
  9. Choose the “Subnet” you want to deploy in.
  10. Select the IAM role that we created in section 1. Configure Instance Details
  11. Click on “Next: Add Storage” to proceed.
  12. Leave this section unchanged and click on “Next:Add Tags” to proceed.
  13. Click on “Next: Configure Security Group” and choose “Select an existing security group”, and select the security group that we created in section 2.
  14. Click on “Review and Launch” to proceed.
  15. Go through the review summary and click “Launch” at the bottom to launch the Kinant instance.

Summary: In this section we deployed a Kinant instance in the desired VPC. We assigned a previously created IAM Role to this instance and also set a network security group to it.

Once the instance is up, you can administer the platform through the user dashboard. You can access the dashboard from the public IP on port number 8443. For steps on how to navigate through the UI, checkout our Web UI guide.


About The Kinant Team

Kinant site administrator.