This article describes how to deploy the Assembler in AWS. This replaces Step 2: Set up the Expel Assembler in Getting Started with Expel. For everything else, follow Getting Started with Expel.
You may need to do things differently than described in this procedure, based on how you use AWS.
Getting access to the Expel Assembler AMI
- Send your AWS account ID and the AWS region(s) in which you want to deploy an Assembler to your engagement manager.
- Your engagement manager lets you know after the Expel Assembler AMI is shared with your account.
Start an instance from the Expel Assembler AMI
- Go to the AWS EC2 console at https://console.aws.amazon.com/ec2/.
- Select AMIs from the left navigation pane.
- Change the image selector list to Private Images.
- Select the latest Expel Assembler image with owner 555836951224 (Expel’s AWS Account ID).
- Click Launch.
- Select an instance type of t2.large. Expel may ask you to resize to t2.xlarge if the number and types of security devices you onboard require additional resources.
- Change other instance parameters at your discretion.
Note: The Expel Assembler image allows inbound SSH from all addresses. Expel recommends assigning the Assembler to a Security Group that restricts inbound SSH to your authorized IP addresses.
- Click Review and Launch.
- Click Launch.
- Select a key pair that you to log into the Assembler.
Register the Assembler in Expel Workbench
- In Expel Workbench, click Settings in the top navigation bar. You should see a dialog box with the Assembler Name and Location fields. If not, click the Add Assembler button.
- Type the Assembler Name and Location for the Assembler. It’s best to use names that are meaningful to both you and to Expel so you can easily identify the Assembler. For example: ACME HQ.
- Click Save.
- Note the Install Code for the newly registered Assembler. You need this in the next section to activate the Assembler.
- To add another Assembler, click the Add Assembler button and repeat the steps.
Activate the Assembler
- SSH to the expel account on the instance you just launched: ssh expel@<hostname>
Activate the Assembler by supplying the 8-character install code created in the previous step: sudo expelmanage –activate <eight-character install code>
You see output like this:
[expel@hostname ~]$ sudo expelmanage --activate abcd1234
Activation code set
Regenerating SSH keys
- Run exit to log out of the Assembler.
Authorize the Assembler in Expel Workbench
Within 30 seconds of activating the Assembler with a matching install code, the Assembler you registered at https://workbench.expel.io/settings/assemblers changes status from Not Yet Connected to Connected, and an Authorize button appears for the Assembler. Click the Authorize button.
Expel now automatically configures the Assembler. This process takes between 10 and 30 minutes. After complete, the status changes to Active.
To complete onboarding, return to Getting Started with Expel and follow Step 3: Register your Security Devices.