# Deploying the Brain

## Overview

In this lab you will be using AWES CloudFormation to deply the Vectra Brain.

AWS CloudFormation provides a common language to describe and provision all the infrastructure resources in your environment in a safe, repeatable way.

## Brain Deployment

Before you start download the [CloudFormation Template](./mainTemplate_6.19.json)

You will also need to make sure you have a **provisionToken** procived by doing a Ultimate Case, or provided by TME or Enablement.

### Deploy The Brain

1.  In the search bar, search for **Cloud Formation**

2.  Click on **CloudFormation**

3.  From the **Create stack** dropdown, select **With new resources (standard)**

4.  Select **Template is ready**, and **Upload a template file** to upload the **mainTemplateFromBrain.json** you downloaded earlier

    ![Create Stack](./images/create_stack.png)

5.  Click **Next**

6.  Fill in the following fields below:

    -   **Stack name** - *initials*-stack
    -   **baseName** - *initials*-brain
    -   **instanceTyoe** - r5d.2xlarge
    -   **mgtSubnet** - *initials-project-private1-us-west-2a
    -   **mgtVPC** - *initials*-project-vpc
    -   **provisionToken** - *provided by Instructor or TME/Enablement
    -   **publicIP** - True
    -   **sshKey** - *initials*-key
  
    ![Stack Details](./images/stack_details.png)

7.  Click **Next**, and then click **Next** again

8.  Review your stack config, and then click **Create stack**

### Validate The Brain Deployment

1.  Go to **CloudFormation > Stacks**

2.  Search for ***initials*-stack**

3.  Verify the deployment shows **CREATE_COMPLETE**

4.  Now lets go look at the instance in EC2. Go to **EC2 > Instances > Instances**

5.  Search for your ***initials*-brain** instance, and click into it and verify the details.

### Security Group

We need to edit our sucurity group, and add a new Inbound rule.

<div class="alert alert-info">
    <strong>Note:</strong> We will open access to everywhere, as we'll be using ZeroTier to access it. 
    <br><br>
    <strong>Never do that in real life.</strong>
</div>

1.  Go to **EC2 > Network & Security > Security Groups**

2.  Search for ***initials*-brain-mgtsecgroup**, and open it

3.  Click  <i class="fas fa-edit"></i>, and edit the name of your Security group to ***initials*-SecurityGroup**

    ![Security Group Name](./images/security_group_name.png)
   
4.  Click into the Security Group

5.  Click **Edit inbound rules**

6.  Click **Add rule**, and fill in the following fields:

    -   **Type** - SSH
    -   **Source** - Anywhere-IPv4
  
7.  Click **Add rule**, and fill in the following fields:

    -   **Type** - HTTPS
    -   **Source** - Anywhere-IPv4

    ![Inbound Rules](./images/inbound_rule.png)

8.  Click **Save rule**

## Connecting To The Brain

You will need the Private IPv4 address for you ***initials*-brain** instance

### SSH Connection

1.  Change the security rights of your key so you are the only one to access it, run the following command:

    ```
    chmod 700 ./PathToKey/xyz-key.pem
    ```
2.  Now connect to your Vectra Brain appliance using your key, run the following command:

    ```
    ssh vectra@*Brain-Private-IP* -i ./PathToKey/xyz-key.pem
    ```
### HTTPS Connection

1.  Now lets go look at the instance in EC2. Go to **EC2 > Instances > Instances**

2.  Search for your ***initials*-brain** instance, and click **Connect**

    -   **Username** - admin
    -   **Password** - *Instance ID*
 
3.