Launch the Application Template
Learn how to launch the application templates.
Complete the following procedure to launch the application template.
- Create an S3 bucket from which you will launch the application template.
- If this is a cross-account deployment, create a new bucket.
- If there is one account you can create a new bucket or use the S3 bucket you created earlier (you can use one bucket for everything).
- Upload the app.zip file into the S3 bucket.
- Select the application launch template you want you launch.
- In the AWS Management Console, selectCloudFormationCreateStack
- Select Upload a template to Amazon S3, to choose the application template to deploy the resources that the template launches within the same VPC as the firewalls, or to a different VPC. ClickOpenandNext.
- Specify the Stack name. The stack name allows you to uniquely identify all the resources that are deployed using this template.
- Select the Availability Zones (AZ) that your setup will span in Select list of AZ.
- Enter a descriptiveVPC Name.
- Configure the parameters for Lambda.
- Enter the S3 bucket name where app.zip is stored.
- Enter the name of the zip file name.
- Select the EC2 instance type for the Ubuntu web server launched by this template.
- Enter your Amazon EC2 key pair.
- Enter the name of the service configuration (Service Name) for the GWLB endpoint in the security VPC.
- SelectDynamoDBfrom theServicesdrop-down in the AWS console.
- SelectTablesand locate your security VPC table.
- Click the Items tab and copy the Service Name.
- Paste the Service Name into the template configuration parameters.
- Enter the transit gateway ID. This is the same transit gateway you created before deploying the firewall template.
- Review the template settings and launch the template.
- After the application has been deployed, you must add a route to the transit gateway route table to enable east-west and outbound traffic inspection.
- Log in to the AWS VPC console.
- SelectTransit Gateway Route Tablesand choose your transit gateway route table. This route table is created by the template and is called<app-stack-name>-<region>-PANWAppAttRt.
- SelectRoutesand clickCreate static route.
- Enter 0.0.0.0/0 in theCIDRfield.
- From theChoose attachmentdrop-down, select the VM-Series firewall VPC attachment.
- ClickCreate static route.
- (Optional) Create a bastion host (also called a jump box) to access the web server created by the application template.
- Create a public-facing subnet in your application VPC.
- Add a route to this subnet from your IP address to the internet gateway.
- Create a new EC2 instance in the public subnet with a public IP address.
- Create a security group for this EC2 instance that allows SSH from your IP address.
Recommended For You
Recommended videos not found.