Satellite AMI on AWS EC2

AWS Console
Terraform

1. Open the EC2 Launch Wizard and select the Levo Satellite AMI

Levo provides pre-built AMIs for Satellite. You can launch an EC2 instance using the AMI in the AWS region you wish to install the satellite in.

2. EC2 Configuration

Pick the following appropriately for your instance. Make sure that this instance is reachable from the eBPF sensors running in your VPC.

Instance Name & tags
Key pair
The security group

Make sure to add rules to allow https traffic.
Allow UDP port 4789 if you are using traffic mirroring.

Disk storage. Choose at least 40GB

3. Add User Metadata to the EC2 instance

Under Advanced details > User Data, add the following (pick the appropriate value of levo_auth_key):

#!/bin/bash
echo "LEVOAI_AUTH_KEY='Authorization Key'" > /opt/levoai/.levoenv
sudo /opt/levoai/levo_satellite.sh upgrade >> satellite-start.log 2>&1
# Uncomment the following line to enable the traffic mirroring listener
# sudo /opt/levoai/levo_traffic_listener.sh start >> traffic-listener-start.log 2>&1

info

Depending on the region you are installing in, you may need to set a different Levo base URL for the satellite.

For example, if the satellite will be used with app.india-1.levo.ai, add the following line to the /opt/levoai/.levoenv file as well.

echo "LEVOAI_BASE_URL='https://api.india-1.levo.ai'" >> /opt/levoai/.levoenv

1. Download the Terraform script

Download the

file.

2. Run the Terraform Script

Run the following command in the same directory -

terraform apply

3. TF Script Configuration

Enter the AWS Region and Satellite Refresh Token as prompted to create a task definition in your AWS account.

Traffic Mirroring

In order to use traffic mirroring setup uncomment the last line of the user data script. Check AWS Traffic Mirroring for configuring traffic mirroring using Levo CLI.

4. Launch the EC2 instance

Satellite services should start automatically once the EC2 instance is initialized

5. Verify the Satellite services

To check logs, debug and manage the Satellite services, you can SSH into the VM and use the following commands.

Stop the Satellite: sudo /opt/levo/levo_satellite.sh stop
Start the Satellite: sudo /opt/levo/levo_satellite.sh start
Upgrade the Satellite: sudo /opt/levo/levo_satellite.sh upgrade
Check the services: sudo docker ps

6. Verify connectivity with Levo.ai

a. Check Satellite health

The Satellite is comprised of four sub components 1) levoai-collector, 2) levoai-rabbitmq, 3)levoai-satellite, and 4) levoai-tagger.

Wait couple of minutes after the install, and check the health of the components by executing the following:

sudo docker ps -f name=levoai

If the Satellite is healthy, you should see output similar to below.

CONTAINER ID   IMAGE                     COMMAND                  CREATED             STATUS                  PORTS                                                                                                                                    NAMES
2b32cd6b9ced   levoai/collector:stable   "/usr/local/bin/levo…"   10 seconds ago      Up 8 seconds            0.0.0.0:4317->4317/tcp, 9411/tcp                                                                                                         levoai-collector
06f3c597cad0   levoai/satellite:stable   "gunicorn --capture-…"   10 seconds ago      Up 9 seconds            0.0.0.0:9999->9999/tcp                                                                                                                   levoai-satellite
89026034c567   levoai/satellite:stable   "python -OO /opt/lev…"   10 seconds ago      Up Less than a second                                                                                                                                            levoai-tagger
f74524d02fbd   bitnami/rabbitmq:3.10     "/opt/bitnami/script…"   10 seconds ago      Up 9 seconds            5551-5552/tcp, 0.0.0.0:4369->4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 0.0.0.0:15672->15672/tcp, 0.0.0.0:25672->25672/tcp, 15671/tcp   levoai-rabbitmq

b. Check connectivity

Execute the following to check for connectivity health:

sudo docker logs levoai-tagger  2>&1 | grep "Ready to process; waiting for messages."

If connectivity is healthy, you will see output similar to below.

{"level": "info", "time": "2022-06-07 08:07:22,439", "line": "rabbitmq_client.py:155", "version": "fc628b50354bf94e544eef46751d44945a2c55bc", "module": "/opt/levoai/e7s/src/python/levoai_e7s/satellite/rabbitmq_client.py", "message": "Ready to process; waiting for messages."}

7. Note down `Host:Port` information

The Collector now runs in a container, and is reachable on the host via port 4317 (on all the host's network interfaces).

Please note down the either the host's IP address or domain name. The Sensor will be configured to communicate with the Collector at <Host's IP|Domain-Name>:4317.

Please proceed to install Traffic Capture Sensors.

Satellite AMI on AWS EC2

1. Open the EC2 Launch Wizard and select the Levo Satellite AMI​

2. EC2 Configuration​

3. Add User Metadata to the EC2 instance​

1. Download the Terraform script​

2. Run the Terraform Script​

3. TF Script Configuration​

Traffic Mirroring​

4. Launch the EC2 instance​

5. Verify the Satellite services​

6. Verify connectivity with Levo.ai​

a. Check Satellite health​

b. Check connectivity​

7. Note down Host:Port information​