Satellite AMI on AWS EC2

AWS Console
Terraform

1. Open the EC2 Launch Wizard and Select the Levo Satellite AMI

Levo provides pre-built AMIs for the Satellite. Select your preferred AWS region below to launch an EC2 instance:

2. Configure EC2 Instance Settings

Configure the following settings for your instance. Ensure the instance is reachable from the eBPF sensors running in your VPC:

Instance Name & Tags: Provide a descriptive name for easy identification
Key Pair: Select or create a key pair for SSH access
Security Group: Configure network access rules
- Add rules to allow HTTPS traffic
- Allow UDP port 4789 if using traffic mirroring
Disk Storage: Allocate at least 40GB of storage

3. Add User Metadata to the EC2 Instance

Under Advanced details → User Data, add the following configuration. Replace the placeholder values with your actual credentials:

#!/bin/bash
sudo bash -c 'cat <<EOF > /opt/levo/.levoenv
LEVOAI_AUTH_KEY="YOUR_AUTH_KEY"
LEVOAI_ORG_ID="YOUR_ORG_ID"
LEVOAI_BASE_URL="BASE ENV URL"
EOF'

sudo chmod 600 /opt/levo/.levoenv
sudo chown ubuntu:ubuntu /opt/levo/.levoenv
sudo /opt/levo/levo_satellite.sh upgrade >> satellite-start.log 2>&1

# Uncomment the following line to enable the traffic mirroring listener
# sudo /opt/levoai/levo_traffic_listener.sh start >> traffic-listener-start.log 2>&1

info

Depending on the region you are installing in, you may need to set a different Levo base URL for the satellite.

For example, if the satellite will be used with app.india-1.levo.ai, add the following line to the /opt/levoai/.levoenv file as well.

echo "LEVOAI_BASE_URL='https://api.india-1.levo.ai'" >> /opt/levoai/.levoenv

1. Download the Terraform Script

Download the

file to your local machine.

2. Run the Terraform Script

Navigate to the directory containing the downloaded file and run:

terraform apply

3. Configure Terraform Variables

Enter the AWS Region and Satellite Auth Token as prompted to create a task definition in your AWS account.

Traffic Mirroring

To enable traffic mirroring, uncomment the last line of the user data script.

Refer to AWS Traffic Mirroring for detailed configuration instructions using the Levo CLI.

4. Launch the EC2 Instance

Once configured, launch the EC2 instance. The Satellite services will start automatically after initialization.

5. Verify the Satellite services

To check logs, debug and manage the Satellite services, you can SSH into the VM and use the following commands.

Stop the Satellite: sudo /opt/levo/levo_satellite.sh stop
Start the Satellite: sudo /opt/levo/levo_satellite.sh start
Upgrade the Satellite: sudo /opt/levo/levo_satellite.sh upgrade
Check the services: sudo docker ps

6. Verify connectivity with Levo.ai

a. Check Satellite Health

The Satellite consists of four components: levoai-collector, levoai-rabbitmq, levoai-satellite, and levoai-tagger.

Wait a few minutes after installation, then check the health of all components by running:

sudo docker ps -f name=levoai

If the Satellite is healthy, you should see output similar to the following:

CONTAINER ID   IMAGE                     COMMAND                  CREATED             STATUS                  PORTS                                                                                                                                    NAMES
b82fc90aef82   levoai/haproxy:latest     "docker-entrypoint.s…"   5 hours ago         Up 3 seconds            0.0.0.0:80->8080/tcp, [::]:80->8080/tcp                                                                                                  levoai-haproxy
2b32cd6b9ced   levoai/collector:stable   "/usr/local/bin/levo…"   10 seconds ago      Up 8 seconds            0.0.0.0:4317->4317/tcp, 9411/tcp                                                                                                         levoai-collector
06f3c597cad0   levoai/satellite:stable   "gunicorn --capture-…"   10 seconds ago      Up 9 seconds            0.0.0.0:9999->9999/tcp                                                                                                                   levoai-satellite
89026034c567   levoai/satellite:stable   "python -OO /opt/lev…"   10 seconds ago      Up Less than a second                                                                                                                                            levoai-tagger
f74524d02fbd   bitnami/rabbitmq:3.10     "/opt/bitnami/script…"   10 seconds ago      Up 9 seconds            5551-5552/tcp, 0.0.0.0:4369->4369/tcp, 5671/tcp, 0.0.0.0:5672->5672/tcp, 0.0.0.0:15672->15672/tcp, 0.0.0.0:25672->25672/tcp, 15671/tcp   levoai-rabbitmq

b. Check Connectivity

Verify connectivity to Levo.ai by running:

sudo docker logs levoai-tagger  2>&1 | grep "Ready to process; waiting for messages."

If connectivity is healthy, you will see output similar to the following:

{"level": "info", "time": "2022-06-07 08:07:22,439", "line": "rabbitmq_client.py:155", "version": "fc628b50354bf94e544eef46751d44945a2c55bc", "module": "/opt/levoai/e7s/src/python/levoai_e7s/satellite/rabbitmq_client.py", "message": "Ready to process; waiting for messages."}

7. Note the Host and Port Information

The Satellite runs in a container and is accessible on port 80 across all network interfaces of the host.

Please note down the either the host's IP address or domain name. The Sensor will be configured to communicate with the Collector at <Host's IP|Domain-Name>:80.

Please proceed to install Traffic Capture Sensors.

1. Open the EC2 Launch Wizard and Select the Levo Satellite AMI​

2. Configure EC2 Instance Settings​

3. Add User Metadata to the EC2 Instance​

1. Download the Terraform Script​

2. Run the Terraform Script​

3. Configure Terraform Variables​

Traffic Mirroring​

4. Launch the EC2 Instance​

5. Verify the Satellite services​

6. Verify connectivity with Levo.ai​

a. Check Satellite Health​

b. Check Connectivity​

7. Note the Host and Port Information​