# AWS Stream deployment ### AWS Stream Deployment The Stream software is available as an Amazon Machine Image along with an Amazon CloudFormation template that enables easy deployment as follows: * Browse to the AWS Marketplace Subscriptions service on the AWS console. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-622b1024ea499cc96e03a58ba779fecdac6a6239%2Faws-stream-deployment-1.png?alt=media) * Click Discover products and search for **Vectra**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-2830be78b9b2b17270ac769a7c4a0814362c033a%2Faws-stream-deployment-2.png?alt=media) * Select **Vectra Stream Connector**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-35ea0bf354bcb14be0439eb5bc225c7d6eb2620f%2Faws-stream-deployment-3.png?alt=media) * Click **Continue to Subscribe**. * There is no additional cost for this step. * All Vectra licensing is handled in your Vectra UI. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-900fe5b40d7d0094310faa5a40e7f553b149675b%2Faws-stream-deployment-4.png?alt=media) * Click **Accept Terms**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-d041ccea1598e02b354bb68df5309c8bf3b448ae%2Faws-stream-deployment-5.png?alt=media) * AWS will process the subscription before enabling next steps. * Once completed, AWS will allow you to **Continue to Configuration**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-afa84424f48b9e6c36ddf525abcd26e33b707779%2Faws-stream-deployment-6.png?alt=media) * Select the region to deploy the Sensor in. * Click **Continue to Launch**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-99b7bd9470666f29855585864c59e2cde02d36be%2Faws-stream-deployment-7.png?alt=media) * Under Choose Action, select **Launch CloudFormation**. * Click **Launch**. * You will be presented the CloudFormation screen pre-populated with the Template and S3 URL for the Vectra Stream AMI. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-37c809583a7d07b1ec634121074f1c6106a3a33c%2Faws-stream-deployment-8.png?alt=media) * Click **Next**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-9e56037c525c63d67e859f06333970fe31847828%2Faws-stream-deployment-9.png?alt=media) * If you have not already created an EC2 key pair to use with this Stream deployment, please do so before proceeding with the CloudFormation steps below. * The private key from this key pair will allow you to SSH to the CLI of Stream as the `vectra` user. During this process you will be asked to fill in the following fields: * **Stack name** - This is a collective name for all the AWS resources that will be deployed as part of Stream. * The Stack name can contain letters, numbers, and dashes only and cannot conflict with any other existing stacks. * **baseName** - This name will be prepended to the individual resources that are deployed for the template. * **brainIP** - The IP address or the Fully Qualified Domain Name (FQDN hostname) of the Vectra Brain. * This address must be reachable from the Sensor’s management subnet over port 22 and 443. * **instanceType** - Select from the options offered. * The **c5.xlarge** is rated for up to 5 Gbps of traffic. * The **c5.2xlarge** is rated for 5 to 10 Gbps of traffic. * The **c5.4xlarge** is rated for up to 20 Gbps of traffic. * **mgtSecurityGroup** - This setting determines what access is permitted for Stream. * If left blank, the template will auto-create a security group, and rules must be added after. * If there is an existing security group, add it here. * This security group must allow inbound TCP/22 from the Brain and allow outbound TCP/443 and TCP/22 to the Brain for management. * **mgtSubnet** - This specifies the subnet which Stream will use to communicate with the Brain. * **mgtVPC** - This specifies the VPC where the management interface of Stream is located. * **registrationToken** - This token must be copied from the Vectra UI. * The token is valid for 24 hours and can be regenerated on-demand. * A valid registration token must be presented by Stream in order to pair with the Brain. * Instructions to generate a Sensor registration token are shown in [Cloud Sensor Registration Token](#cloud-sensor-registration-token). * Stream pairs and communicates like a Sensor so “Sensor” language is sometimes used when referring to Stream. * **sshKey** - AWS recommends use of the EC2 key pair feature to manage access to Stream. * This field allows the user to add an authorized key pair for logging into Stream’s command line interface with the `vectra` user. * This key pair should have been created previously. * Select your key pair. * This private key will need to be used during SSH login to the CLI of Stream as the `vectra` user. * **tenancy** - Tenancy attribute for the AWS instance. * Click **Next**. * All fields in the next screen are optional - You may wish to configure tags as an example. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-6065d47704e95a7a521d0410a8c1f020de4cb61d%2Faws-stream-deployment-10.png?alt=media) * Click **Next**. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-1af65d15626f8abd1931654dca01ef303d13fc79%2Faws-stream-deployment-11.png?alt=media) * Click **Create Stack**. * At this point, the stack creation should proceed through to completion. * Once the stack is created, Stream will reach out to the Vectra Brain and attempt pairing.