Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Set up remote access from WSO2 to your AWSAmazon EC2 instances. See Managing Remote Access.
  • Set up the environments (e.g., Dev, Test, Pre-Prod, and Prod).
  • Implement monitoring and alerting. See Implementing Monitoring and Alerting for details.
  • Implement backup and disaster recovery.
  • Commit all scripts, diagrams, and documents to the repository for versioning and history.


Managing remote access

<coming up soon>

 WSO2 recommends you to do all Managed Cloud deployments in an Amazon Virtual Private Cloud (Amazon VPC). A VPC enables you to launch Amazon Web Services (AWS) into a virtual network that you define. A VPC improves the security of your data by providing network-level control and isolation for the AWS. You can keep your data and configurations in a private space and expose them through the DMZ. This virtual network closely resembles a traditional network, but with improved security and scalability.

To set up your Cloud environments, WSO2 requires access to your Amazon EC2 instances. We access these instances over SSH only, with a Bastion host working as the SSH gateway. The Bastian host can either reside in the VPC or in your own datacenter. The diagrams below depict both scenarios.

Bastian host in the VPC

Bastian host in your datacenter


In addition to the AWS instances, WSO2 requires access to the following resources:

Need access toPurposePrerequisites
AWS management consoleTo access and manage your AWS.

WSO2 needs separate user accounts with the following form you:

  • AWS account ID.

  • AWS IAM user with admin privileges for VPC, EC2, RDS, S3, SES and Route53 services.

  • IAM user with admin console access.

  • MFA enabled for the user accounts as well as the root account.

AWS API serviceTo execute automated tools to bring up the infrastructure services such as the VPC, network setup, databases etc.

WSO2 needs the following from you:

  • AWS IAM user with admin privileges for VPC, EC2, RDS and S3.

  • Access key and secret key generated for the same user.

Implementing monitoring and alerting