Deploying from AWS snapshot with encrypted volume

(Bronius Motekaitis) #1

Deploying Graylog from AWS snapshots is super easy! But if I need to deploy to encrypted EBS, I think the options are:

I like the looks of second bullet above, but when I come to:

I can’t seem to get from this list (and any names, descriptions, nor identifiers) to locate the Public Snapshot in AWS Console EC2 Dashboard “Snapshots”

How can I reference a Graylog-provided AWS snapshot for copying and saving as Encrypted?


(Jochen) #2

The EC2 AMI and the OVA are very opinionated in their configuration.

If you want to customize your Graylog installation, I’d recommend setting it up yourself (e. g. using Puppet, Chef, or any other mechanism of your choice).

(Bronius Motekaitis) #3

Got it, thanks.

/me …shudders at the thought: it’s been a long time since I’ve installed and configured a JVM server app.

But Graylog2 looks like it’s taken SO much guesswork out with its great documentation and helpful config script(s).

(Bronius Motekaitis) #4

Just rounding back with a couple hiccups for anyone else stumbling along:

  • AWS console lets you create a fresh EC2 only with unencrypted root volume. Create it, then copy (no snapshot needed) as new EC2 with Encrypted checked. Delete the original EC2 instance created.
  • Freshly deployed EC2 will have really restrictive AWS firewall (see AWS Console > Security), and modify or create a new Security Group for the new EC2. Add a rule for port :9000 (80/443 not needed for default config). Of course also add a rule for :514 coming from your source machine’s IP address.

Graylog ansible makes it so easy out of the box!

(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.