Getting Started

Once subscribed, there are two paths available for making use of Proxylity in your organization:

• The "IaC First" approach in which UDP Gateway resources are created and managed using CloudFormation, and
• The "Click Ops" approach where roles and resources are manually managed.

Proxylity supports either method of interacting with our services, but many organizations prefer an IaC-based approach, so let's start there.

Infrastructure as Code (IaC First)

Proxylity is designed to be used with Infrastructure as Code] (IaC) tools, and specifically CloudFormation. This allows you to create and manage your Proxylity Listeners and Destinations in a repeatable and automated way just as you do for other parts of your infrastructure. There isn't any setup required for this approach -- start building!

Your subscription immediately provides access to the custom resource used to manage Listeners and Destinations. So, once you've subscribed to UDP Gateway, head over to the examples repository and follow the directions. Deploying an example takes about a minute, and the example templates can act as starting points for your own solutions.

One important thing you'll find in the examples repository is how to setup a least privelige "DestinationRole" that grants only the necessary permissions to your resources.

Using the Web App (Interactive)

Setting-up Proxylity for interactive use is easy, but involves a few extra setps:

1. First, subscribe to UDP Gateway from your AWS account. Once subscribed, click the "Setup Product" button, then the "Setup Account" button which will take you to the Proxylity application.
2. To give permission to Proxylity to use resources in your account a Role is needed. The role will be assumed by Proxylity's services to operate. We recommend using per-destination, least privilege roles. To help with creating destination roles, we provide a template generator in under the "Account" section of the web appliction. Navigate there, select the services you'd like to use with UDP Gateway, then download the generated CloudFormation and deploy it to your account in the AWS CloudFormation console. You don't have to do this right away, but without destination roles proxility won't be able to do its job.
3. Back in the Proxility application, use the "Add Destiation..." option and enter the ARN of the AWS resource to receive traffic and the ARN of the role created above.
4. Finally, use the "Add Listener..." option to create a new UDP Listener that will forward packets to your destination. When the Listener is created an ingress domain and port will be assigned to it.

Manual Testing

To test a newly created Listener, send a UDP packets to the ingress domain (by name or IP address) and port assigned to above. For example, assuming you were given port 15678 on ingress-1.proxylity.com, in a Linux bash terminal you can send a single packet with:

 > echo "hello world!" > /dev/udp/ingress-1.proxylity.com/15678

Or, if you have a UDP client available, you can use that to send packets. For example, using netcat:

> echo "hello world!" | nc -u ingress-1.proxylity.com 15678

If the setup is correct, your destination resource will receive the packets. To learn more about the API calls and format used to deliver packets, see the service-specific details under the destinations page.

Next Steps

Now that you have a start, continue to drill-down on some of the details and more advanced capabilities of Proxylity:

• Protect your listeners from unwanted traffic by configuring client restrictions (highly recommended).
• For the best performance and reliability you may want to configure your destinations with region-specific ARNs.