This topic describes the pre-deployment procedures that you must do in your AWS console before starting the deployment workflow. Ensure that you have a VPC set up in your AWS account before proceeding.

CIDR block for CloudFormation stack

The CloudFormation stack requires an IPv4 CIDR block as part of provisioning the resources for Automation Anywhere Cloud Service. The AWS Elastic Kubernetes Services (EKS) cluster that the CloudFormation stack provisions requires this CIDR block to create individual subnets.

You must create a new CIDR block in AWS VPC where you set up Automation Anywhere Cloud Service. For more information about adding IPv4 CIDR blocks, see Add CIDR block to AWS VPC.

Prerequisites

Ensure that you have the necessary permissions to create and add a new IPv4 CIDR block to the VPC.

Procedure

  1. Log in to AWS account console as an administrator.
  2. Go to Virtual private cloud > Your VPCs in the VPC console, and select the VPC in which you must set up Automation Anywhere Cloud Service.
  3. Select Actions > Edit CIDRs.
    The Edit CIDRs page appears with the default CIDR of the VPC.
  4. Select Add new IPv4 CIDR and enter a new CIDR block in the Add IPv4 CIDR modal.
    Ensure that you enter a /16 CIDR block.
  5. Select Save to add the new CIDR block to the VPC.
    The new CIDR block appears on the IPv4 CIDRs table of the VPC.

Next steps

Add both the CIDRs to the security group that you create next and specify the new CIDR as AACSSubnetsCidr and the existing default CIDR block as the ControlRoomSubnetsCidr in the CloudFormation stack.

Security group for EC2 instance

The security group in the EC2 instance serves as the firewall to manage the incoming and outgoing traffic. For Automation Anywhere Cloud Service, the security group must allow traffic only from the CIDR blocks that are added in the VPC.

Create this security group in the VPC where you set up the Automation Anywhere Cloud Service. For more information about security groups in AWS EC2 instance, see Create new security group in EC2.

Prerequisites

Ensure that you have the necessary permissions to create security groups in the EC2 console.

Procedure

  1. Log in to AWS account console as an administrator.
  2. Go to Network & Security > Security Groups in the EC2 console, and select Create security group.
  3. Specify the following in the Basic details section.
    1. Enter an appropriate name for the security group in Security group name.
      You cannot change the name after you complete creating the security group.
    2. Enter an appropriate description for the security group in Description.
    3. Select the appropriate VPC in VPC.
  4. Select Add rule in the Inbound rules section and specify the following:
    • Type: Select All traffic as the protocol type.
    • Source: Select Custom and specify the existing default CIDR block of the VPC.
    • Description: Enter an appropriate description for the rule.
    Repeat the steps to add the new CIDR block that you created earlier as the Inbound rule.
  5. Select Create security group to create the security group.
    The EC2 console displays the created security group on the Security Groups page.

Next steps

Link the EC2 instance in which you install the Control Room to this security group.