ZAIO deployment on AWS / EC2

This is a guide to run a fully functional Zentral instance on Amazon AWS. We will be using the Zentral all in one pre-build AMI (Amazon image).

Note: We also provide a guide for a Google Cloud based setup – please look here.

To follow this tutorial, you will need an admin access to the AWS web console – Getting Started with Amazon EC2 .

Note: This tutorial is only a first step toward a production deployment on AWS.

Start a new instance

In the AWS EC2 console, in one of the supported region (us-east-1, us-west-2, eu-central-1), click on the Launch instances button. Pick a Name.

Select the Zentral all in one AMI

Click on the Browse more AMIs link. Select Community AMIs. Use zaio as search term.

Owner account ID: 221790496544

AMIs name pattern: zaio-ARCH-YYYYMMDD-HHMMSS

Pick an instance type

You can start with a t4g.medium instance type. We strongly advice against using any kind of "smaller" instances. A lot of software will be running on the instance (elasticsearch, postgres, rabbitmq, prometheus, grafana, django app, …)

Then click on the Next: Configure Instance Details button.

Key pair

It will be required for the first login. You can use an existing key pair, or create a new one. The username for the login is admin.

Network settings

The required open ports are 22, 80, and 443.

If you are new to this, just create a new security group for the Zentral instance.

Select Create security group and tick the three boxes for SSH, HTTP and HTTPS (you can restrict the allowed ip ranges if you like).

Add storage

You can start with one 10GB general purpose SSD (gp2) volume. But that would be only enough to store a limited amount of events. As a rule of thumb, you will need about 9GB + 1GB for every million of events stored, but that can vary a lot depending on your inventory sources, and the kind of events you are collecting.

Launch the instance

Click on the Launch button.

Setup the domain name(s) for your instance

Zentral requires a domain name resolving to the IP address of the launched instance.

  1. In the AWS console, find the public IP address of the instance that is starting. No need to wait for the instance to be available.
  2. Use this IP to setup an A record. ( for the rest of this tutorial)
  3. Test the resolution of this record! You cannot move on to the next section before they are setup.

Log onto your instance

You need the path to the key pair you have just setup. The default username is admin.

ssh -i ~/.ssh/TheNameOfTheKeyPairFile

Once logged in, you can use a command line tool to setup your instance. Because this last step is the same for a Google Cloud deployment, we have kept it on a separate wiki page.