This CloudFormation template helps you model and set up Kong's resources in AWS easily.
Note: For Kong's version older than 0.4.2 switch to tag 1.0.0
You have option to chose between two templates:
Provision Kong resources along with a new Cassandra cluster, using The Datastax Cassandra AMI.
Region | HVM AMIs | PV AMIs |
---|---|---|
us-east-1 |
||
us-west-1 |
||
us-west-2 |
||
eu-west-1 |
||
ap-northeast-1 |
||
ap-southeast-1 |
||
ap-southeast-2 |
||
sa-east-1 |
Provisions Kong resources with user provided Cassandra seed nodes.
Region | HVM AMIs | PV AMIs |
---|---|---|
us-east-1 |
||
us-west-1 |
||
us-west-2 |
||
eu-west-1 |
||
ap-northeast-1 |
||
ap-southeast-1 |
||
ap-southeast-2 |
||
sa-east-1 |
Parameter | Default | Description |
---|---|---|
SSHLocation |
0.0.0.0/0 |
The IP address range that can be used to SSH to the Kong and Cassandra EC2 instances |
KongProxyAccess |
0.0.0.0/0 |
The IP address range that can be used to access the Kong admin server |
KongAdminAccess |
0.0.0.0/0 |
The IP address range that can be used to access the Kong proxy server |
KongKeyName |
- |
Existing EC2 KeyPair to enable SSH access to the Kong instances |
KongFleetMaxSize |
2 |
Max Number of Kong instances (Min: 1 , Max: 10 ) |
KongFleetDesiredSize |
2 |
Desired Number of Kong instances (Min: 1 , Max: 10 ) |
KongInstanceType |
c3.8xlarge |
EC2 instance type for Kong |
KongVersion |
- |
Kong version, leave empty to install latest version |
CassandraKeyName |
- |
Existing EC2 KeyPair to enable SSH access to the instances for Cassandra |
CassandraFleetSize |
1 |
Number of nodes in cluster. (Min: 1 , Max: 10 ) |
CassandraAvailabilityZone |
- |
Availablity zone in which cassandra cluster would be created, for multi regions and zones cluster please refer to Datastax documentation. |
CassandraInstanceType |
c3.2xlarge |
EC2 instance type for Cassandra |
CassandraClusterName |
- |
Cassandra cluster name |
CassandraClusterVersion |
2.2.0 |
Cassandra cluster version |
CassandraVersion |
Community |
Cassandra version |
CassandraOpsCenterAccess |
0.0.0.0/0 |
The IP address range that can access OpsCenter for Cassandra cluster management |
-
Key Pairs:
Create two sets of key pairs, one to access Cassandra instances & one for Kong instances. Continue to next step if you want to use an existing key pair
-
Choose a Region & VM Type:
Choose the region closest to your API servers, and pick the virtualization type you'd like from the list of available templates above.
You should land on AWS Cloud Formation "Select Template" page
-
Parameters:
Fill in all the parameters details. If you chose to launch Kong with Cassandra you would be asked to fill in extra parameters to create a Cassandra cluster. check the description of each field and provide appropriate values.
Note: consult the parameters table for detailed description of parameters
-
Option page:
Add Tags and other fields according to your requirements.
Note: The template is configured to add a "Name" tag to each relevant resource
-
Grab a Coffee!:
It will take several minutes (~20 minutes) to create the stack. Once the stack has a status of
CREATE_COMPLETE
, click on "Output" tab to get the proxy and Admin URL, it may take 60 seconds more for links to become active.Note: To monitor the progress go to AWS CloudFormation console, select the stack in the list. In the stack details pane, click the "Events" tab to see the progress.
-
Use Kong:
Quickly learn how to use Kong with the 5-minute Quickstart.
You can install SSL Certificate on the Kong Load Balancer or use the SSl plugin on Kong to enable HTTPS support.
- Obtain the Kong Load Balancer
id
from the "Resources tab". - Find the matching Kong Load Balancer instance. 6 Edit Listeners from the bottom pane, click Add.
- In the Load Balancer Protocol column, select HTTPS (Secure HTTP). This updates the Load Balancer Port, Instance Protocol, and Instance Port columns. In the Instance Protocol column, select HTTP and update the Instance port to 8000.
- By default, Elastic Load Balancing selects the current predefined security policy, ELBSecurityPolicy-2015-05, for your HTTPS/SSL listener. This is the recommended setting.
- In the SSL Certificate column, click Change, and then you either upload a new certificate or choose an existing Certificate.
- Click Save to add the listeners you just configured.
- Click on Security tab.
- Click on Security Group id.
- In the bottom pane, select the Inbound tab.
- Click Edit.
- Add Load Balancer Port for the HTTPS to the list and save.
- SSH on each Kong node, upload the Certificate.
- Update Kong node Security Group to open TCP port 8443.
- Add HTTPS listener on Kong Load Balancer forwarding request to 8443 Instance port.
- Open HTTPS listener port in Kong Load Balancer security group.
- Enable the Kong SSL plugin.
- The security configuration on the templates opens up all externally accessible ports to incoming traffic from any IP address if default is chosen (
0.0.0.0/0
) - The risk of data leakage is high. If you desire a more secure configuration, please update access fields with appropiate IP address range
- The template installs many resources on AWS. You will be billed just for the AWS resources used
- Some of the instance types may not be supported in all the AWS Regions, so chose next best available option
Support, Demo, Training, API Certifications and Consulting available at http://getkong.org/enterprise.