This article suggests a method of provisioning resilient production-grade auto scaling group for Secure Access Cloud connectors, based on Virtual Machines running connectors as Docker Containers.
|This article is a work in progress. All of its content and attachments should currently be treated as temporary materials. This note will be removed once the article reaches its final form.|
Below diagram depicts the steps for the approach. Each suggested technology can be swapped for an sufficient alternative:
In order to ensure automatic registration of a new Secure Access Cloud connector upon initiation of a new EC2 Instance, it is recommended to use either User Data script or a Life-cycle Hook script.
For the optional pre-termination cleanup of the connector (using Secure Access Cloud Management API) it is recommended to use either a Life-cycle Hook script (will require Lambda functions) or running scripts on the EC2 instance itself.
For more information on both of these approaches please refer to:
Please find a suggested template for a bash script using AWS Cli to retrieve Secure Access Cloud API Client credentials from an AWS Secrets Manager and a combination of curl and jq tools to automatically register a connector. The script is provided as-is under a 3-Clause BSD license.
The script is using the following open-source command-line tools:
Please note that the script supports two main operations - creation and deletion of the connector.