This article suggests a method of provisioning resilient production-grade auto scaling group for Secure Access Cloud connectors, based on Virtual Machines running connectors as Docker Containers.

in-progress-icon-1.jpg This article is a work in progress. All of its content and attachments should currently be treated as temporary materials. This note will be removed once the article reaches its final form.

Below diagram depicts the steps for the approach. Each suggested technology can be swapped for an sufficient alternative:

In order to ensure automatic registration of a new Secure Access Cloud connector upon initiation of a new EC2 Instance, it is recommended to use either User Data script or a Life-cycle Hook script.

For the optional pre-termination cleanup of the connector (using Secure Access Cloud Management API) it is recommended to use either a Life-cycle Hook script (will require Lambda functions) or running scripts on the EC2 instance itself.

For more information on both of these approaches please refer to:

Please find a suggested template for a bash script using AWS Cli to retrieve Secure Access Cloud API Client credentials from an AWS Secrets Manager and a combination of curl and jq tools to automatically register a connector. The script is provided as-is under a 3-Clause BSD license. 

The script is using the following open-source command-line tools:

Please note that the script supports two main operations - creation and deletion of the connector.