// Batfish Enterprise for AWS Getting Started Guide // Detailed Setup Instructions // I. Create the Batfish Enterprise CloudFormation Stack

I. Create the Batfish Enterprise CloudFormation Stack

Sign-in to the AWS account that you want to analyze in the AWS console and access the CloudFormation template for Batfish Enterprise. By default, Batfish Enterprise will pull data from a group of regions based on the deployment region. You can change the set of polled regions from cloud settings page after Batfish Enterprise is up and running.

This CloudFormation template will create a new VPC and allocate a new public IP for the EC2 instance running Batfish Enterprise.

CloudFormation will open in your AWS console, starting at Step 1 – Specify template.

AWS Cloudformation template step 1


Don’t change any of the options on the Create stack page. The S3 template is already selected.

Click Next to go to Step 2 – Specify Stack Details

AWS Cloudformation template step 2


You do not need to configure anything on this page.

Optionally, you can update the input fields to specify your own SSL cert + key for the UI (just copy the full cert text and key text into these input fields), change the CloudFormation stack name, specify the VPC and Subnet CIDR blocks, select the instance size, restrict access based on IP address and change the polling interval.

Click Next to go to Step 3 – Configure stack options

AWS Cloudformation template step 3


On Configure stack options, you don’t need to configure any options.

Optionally, you can add tags to the resources that will be created, set the IAM role that the stack will assume, configure the stack policy, or adjust any of the other settings. Any tags that you create will be added to all resources created using the template. By default, all resources will have a tag called Name with a value Batfish Enterprise AWS Trial

Click Next to go to Step 4 – Review.

AWS Cloudformation template step 4


On the Review page, click the box reading I acknowledge that AWS CloudFormation might create IAM resources. By checking this box, you are giving Batfish Enterprise read-only access to the AWS configuration and access to attach/detach the volume storing persistent Batfish Enterprise data. The specific IAM role and policy can be seen in the AWS IAM Role and Policy Requirements section.

Click Create Stack. Stack creation can take up to 5 minutes. Once the stack has been created, click the Outputs tab and make a note of the BatfishEnterpriseUrl and DefaultAdminPassword values. You will need this information to connect to the Batfish Enterprise service.

Outputs tab of the newly created CloudFormation Stack