Cloud Login Install

AWS Marketplace

To get started easily, Tyk offers AWS Marketplace products which bootstrap the entire stack, via CloudFormation templates.

The AWS Marketplace products:

  • use AWS Elasticache in place of Redis
  • Runs Mongo OSS in HA mode in EC2 (Primary, Secondary, Arbiter)

BYOL

These AWS Marketplace products are delivered as CloudFormation products. You will need to bring your own license. You can choose from one of 3 fulfillment options:

  • PoC (1 gw node)
  • High Availability (2 nodes)
  • Autoscaling (3+ nodes)

Please contact an account manager in order to get a license.

PAYG

There are three billed through AWS Marketplace PAYG products to get you started. The license for these products is baked into the product as an hourly cost. Please follow this video in order to get started

Installation

You will need to create the following AWS resources in an AWS VPC before you are able to deploy the PAYG products.

Prerequisites

  • 3 Subnets in 3 different Availability Zones in the AWS Region
  • an Elasticache Cluster in one of the aforementioned subnets
  • An EC2 Keypair for SSH into EC2 instances

Once these 3 are setup, we can deploy the AWS Marketplace PAYG products.

Example:

Resource IPV4 CIDR
VPC 10.0.0.0 /24
CF-US Subnet East 1A 10.0.0.0 /28
CF-US Subnet East 1B 10.0.0.32 /28
CF-US Subnet East 1C 10.0.0.64 /28

Video Walkthrough

This video will walk you through how to set up a PAYG product beginning to end on AWS, including the prerequisites.

Logging Into Dashboard

Once the stack is running, in order to access the Dashboard, simply set up an Elastic IP to the Dashboard instance and then visit:

http://<elastic_public_ip>:3000

The username & password were created using the variables you gave the CloudFormation template

username: <TYKDashboardAdminUserName>@<TYKDBAdminOrganization>.com

Password: <TYKDashboardAdminUserPassword>

  1. You need to use a password that is at least 8 characters long, or you will not be able to log in.
  2. If accessing the Dashboard from a public space, don’t forget to add an Internet Gateway to the AWS VPC.

The CF Template already creates Security Groups for the Dashboard with port 3000 open

cURLing the GW(s)


In order to access GW, simply assign Elastic IP to the GW instance. The auto generated GW security group is already set up to allow traffic on port 8080.

To test, cURL the following:

$ curl http://<elastic_public_ip>:8080/hello
{"status":"pass","version":"v3.0.0","description":"Tyk GW","details":{"dashboard":{"status":"pass","componentType":"system","time":"2020-08-28T17:19:49+02:00"},"redis":{"status":"pass","componentType":"datastore","time":"2020-08-28T17:19:49+02:00"}}}

The CloudFormation stack sets up an Elastic Load Balancer for the Gateway cluster.

Navigate to the AWS Load Balancing section and find the TYKElasticLoadBalancerALB. The Cloud Formation template sets up a public DNS entry, something like TYKElasticLoadBalancerALB-2050138050.us-east-1.elb.amazonaws.com

We can check it is running by visiting

$ curl http://TYKElasticLoadBalancerALB-2050138050.us-east-1.elb.amazonaws.com/hello
{"status":"pass","version":"v3.0.0","description":"Tyk GW","details":{"dashboard":{"status":"pass","componentType":"system","time":"2020-08-28T17:19:49+02:00"},"redis":{"status":"pass","componentType":"datastore","time":"2020-08-28T17:19:49+02:00"}}}

Note that ALB rules are already setup to accept traffic on port 80 and forward it to the Gateways on port 8080.

Tyk Component Updates

Updates to the PAYG products can be done manually or automatically. The manual method requires SSHing into the EC2 instances and doing the updates through the CLI. To do this automatically, there is a mechanism to upgrade CloudFormation stack. The idea is to apply a new version of CloudFormation to your existing stack. We are releasing new versions of the product from time to time. When this happens, you will get a notification from AWS.