Install connector in Amazon Web Services

Install an EAA connector or Amazon Machine Image (AMI) in Amazon Web Services (AWS) environment.

Installation Requirements

Compatible virtual environment:

  • Amazon Web Services (AWS), either classic or EC2/VPC

Computing capability:

  • CPU. Four virtual cores.
  • Memory. 12 GB for an AWS connector as they do not use swap space for storage
  • Storage. 16 GB hard drive disk space


  • A private IP address inside the Local Area Network (LAN), either DHCP or static. The connector should run close to internal applications, possibly in the same subnet as the application, and be able to communicate with the application in test.
  • Dial-out access to the Internet on TCP port 443. A connector must reach the Enterprise Application Access service over the internet. This communication is carried out over an open TCP port 443, and only needs outbound connectivity.
  • Access to the applications. The port and protocol must be accessible in the LAN.
  • A firewall that allows the connector's private IP address to reach the application on configured port numbers. For example, a firewall rule to allow the connector to reach the application server internal IP address or hostname (if DNS is configured) on port numbers 80, 443, or any application specific port.



If you access browser based applications, configure connector with 4 vCPUs, 8 GB RAM and 40 GB storage space at a minimum.

Download the connector

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Clients & Connectors > Access and Identity Connectors.

  3. Click Add New Connector (+). Provide a name and an optional description.

  4. For Package select Amazon AWS EC2/VPC.

  5. (Optional) If you need remote debugging, enable Debugging.

  6. Click Save. The connector status changes to Created (Download CloudFormation Template). Download the CloudFormation template.

Install the connector


The connector does not receive traffic from outside but it may need to connect to EAA cloud instances for configuration and other data. Make sure the security group associated with the connector is set up with the following policy:

  • Outgoing traffic: Allow all.

  • Incoming traffic: Deny all.

  1. Log in to your AWS console and select AWS services menu > AWS CloudFormation > CREATE STACK.
  2. Under Create Template, select Upload a template to Amazon S3.
  3. Click Choose File.
  4. Select the downloaded CloudFormation template.
  5. Enter a stack name, NAT instance type, VPC ID, and subnet information and click Next.



For the NAT instance type, a recommended minimum is m4.xlarge.

  1. Complete the configuration of tags, storage, and other features as needed. Since AWS does not use swap space for storage use a minimum of 16 GB RAM.
  2. Click CREATE. Once the stack creation is complete, the connector instance starts and automatically connects to the EAA cloud.

Verify the connector is running

  1. Return to Enterprise Center.
  2. In the Enterprise Center navigation menu, select Application Access > Clients & Connectors > Access and Identity Connectors.
  3. On the connectors list page, select your AWS connector and click Approve.
  4. Verify that the connector shows the private and public IP addresses assigned to it. The connector reaches out to the EAA Cloud. The status changes to Ready and Connector is running.