Register my AWS Account as a CONS3RT Cloud

If you have your own AWS account, you can "bring your own cloud" (BYOC) to CONS3RT. To do this, register your AWS account as a "Cloud" in CONS3RT.

Step 1: Set up your AWS Account for CONS3RT

Set up an IAM Account for CONS3RT

  • Log in to AWS as an administrator with IAM access
  • Open the IAM Dashboard
Create an IAM Policy
  • Click on "Policies"
  • Click "Create Policy" and then click the "JSON" tab
  • Copy and paste the following JSON policy:
    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": "*"
  • Click "Review Policy" and ensure it is valid
  • Name the policy "AA-Cons3rtCloudApiUserPolicy", and click "Create Policy"
Create a Group
  • Next, click on "Groups" and click "Create Group"
  • For the group name, use "cons3rt-api-group", and click "Next step"
  • Attach the following 2 policies by checking the checkboxes:
    • AA-Cons3rtCloudApiUserPolicy (created in the previous steps)
    • AmazonEC2FullAccess (a standard AWS policy)
  • Click "Next Step", and click "Create Group"
Create a User with Programmatic Access
  • Next, click "Users", then click "Add User"
  • Type a username that you will remember like "cons3rt-cloud"
  • Check the only "Programmatic access" checkbox, and click "Next: Permissions"
  • Add the user to the "cons3rt-api-group" by checking the box, and click "Next: Review"
  • Click "Create User"
  • IMPORTANT be sure to copy the "Access key ID" and "Secret access key", this is the only chance to retrieve it

AWS Service Limits

Keep in mind that AWS has default service limits by account, region, and service. Once you start using AWS, you may need to open a support ticket to increase service limits. This link details the AWS service limits. The service limits that may need to increase to support a CONS3RT cloudspace are:

  • VPCs per region
  • Elastic IP addresses per region
  • Internet Gateways per region
  • Overall EC2 instances per region

Step 2: Create a CONS3RT Cloud

You must be a Team Manager for your CONS3RT team in order to complete the remaining steps in CONS3RT.

  • From the main menu, click the New button next to Clouds
  • Select Amazon EC2 as the cloud type
  • For Owning Team select your team
  • Name your cloud (Hint: You may want to include the AWS region that you are using in the name)
  • Set the Maximum Impact Level of the AWS region that you are using (reference:
  • Click Next
  • Select Yes I want to connect thius cloud and click Next
  • Set the AWS Region that you plan to use
  • Enter your AWS account number, and the access key information created in Step 1
  • Click "Test connection" and ensure a green checkmark appears. If the connection test fails, please double check the region, access key information, and also ensure the account permissions in AWS IAM

Configure Cloud

Network Configuration

The next step allows you to configure networks that will be created in your cloudspaces. CONS3RT creates a VPC to contain your cloudspace resources, and for each network created at this step, CONS3RT creates a subnet, network ACLs, routing tables, and security groups to support the network firewall and NAT rules.

  • There is one default network called the "cons3rt-net". We recommend leaving this as-is, since this network enable communications with the CONS3RT application supporting provisioning and remote access to your EC2 instances
  • We also recommend creating a second "user-net" to enable communications to the Internet, and communications between your EC2 instances. Please see these instructions for configuring a standard user-net.
  • Configure other networks as desired
  • Click "Next" when done

Allocate a Cloudspace into your AWS Cloud!

  • Click "Create a Cloudspace" to tell CONS3RT to automatically set up all the required AWS resources
  • Enter a cloudspace name (exclude whitespaces, but dashes or underscores as needed)
  • Set the maximum virtual machine limit
  • Leave "Access Point" blank. CONS3RT will select an elastic IP address from the list of IPs added to your cloud
  • Click "Next", and CONS3RT will automatically create your cloudspace in your AWS account!
  • Click "Next"

Add Cloud Administrators

  • You can optionally click the "Add more" button to add other members of your team as cloud administrators. Cloud administrators can edit cloud configurations, and allocate new cloudspaces.
  • Click "Finish" to complete your Cloud configuration

Step 3: Configure your Cloudspace

  • From the main menu, select "Cloudspaces"
  • Select the cloudspace that you created under your new AWS cloud
  • Ensure the "Connectivity" status is "online", if not, double check the AWS access keys

Add Projects

  • Click "Manage" then "Projects"
  • Click "Add", search for your project by name, select it, and click "Done"
  • Add additional projects to your cloudspace as needed

Add Operating System Templates

The CONS3RT community team has a standard set of AWS AMI templates in the us-east-1, us-east-2, us-west-2, and us-gov-west-1 AWS regions. To access these templates, you have 2 options described below:

Enter a support ticket

Enter a support ticket to and the team will share these templates with your cloudspace.

Add CONS3RT Community AMIs by myself

You can also search for and register the community CONS3RT AMIs. Use these instructions to search for CONS3RT AMIs:

  • In the AWS EC2 dashboard, click on AMIs from the left pane
  • At the top selector, click on Public images
  • In the search bar, type the CONS3RT owner ID:
    • For GovCloud, use: 907795672550
    • For commercial AWS, use: 017800072961

This should display the full list of shared CONS3RT AMIs. See the AMI ID lists below (per AWS region) to select the specific OS AMI that you would like to add. And do the following to add to your Cloudspace:

  • Select the AMI you would like to add, and select the Tags tab at the bottom
  • Click Add/Edit Tags
  • Set Key to cons3rtenabled and set Value to true
  • Click Save

With the cons3rtenabled tag applied, your CONS3RT cloudspace can now "see" the AMI. Complete the next steps in CONS3RT to register the AMI to your cloudspace:

  • From the main menu, click Cloudspaces
  • Click on the Operating System Templates tab
  • Select Unregistered from the drop down
  • If you don't see the AMI that you expect, click the Refresh button, and any unregistered AMI with cons3rtenabled=true should appear as shown:

Unregistered AMIs

  • Click the Register button next to the AMI to register
  • Select the Operating System for the AMI
  • Specify the Service Management and Package Management
  • Set the Display Name as desired
  • For Available CPU, Available Memory, and Boot Disk slide the bars all the way right
  • Click the Add Remote Access button
  • For Windows, select RDP Remote Access and click Save
  • For Linux:
    • Select SSH Remote Access and click Save
    • Click the *Add Remote Access button again
    • Select VNC Remote Access, enter milCloud123 as the VNC password, and click Save
  • Under Default Credentials:
    • Set Username: cons3rt
    • Set Password: TMEroot!!
  • Check the "The CONS3RT agent has been installed" checkbox
  • Review your registration info, it should resemble this screenshot:

Register AMI

  • Click Save, then click Register
  • At this point, a new AMI tag called cons3rtuuid is added to the public CONS3RT AMI in AWS

Next, to make the AMI available as an OS template in CONS3RT:

  • From the dropdown menu at the top select All registered templates
  • For the AMI you just registered, click Publish

Congrats! You can now deploy that OS in your AWS cloudspace!

Community AMI IDs - AWS GovCloud

GovCloud (us-west-1):

  • Amazon Linux: ami-46e16727
  • CentOS 7: ami-d9e462b8
  • Red Hat 6: ami-b8eb6dd9
  • Red Hat 7: ami-4fc2442e
  • Ubuntu Server 14.04: ami-b2eb6dd3
  • Ubuntu Server 16.04: ami-fdc84e9c
  • Windows Server 2008 R2: ami-54b90535
  • Winder Server 2012 R2: ami-75bf0314

N. Virginia (us-east-1):

  • Red Hat 6: ami-62c7e374
  • Ubuntu Server 14.04: ami-1d4fc762
  • Ubuntu Server 16.04: ami-b7fb73c8

Ohio (us-east-2):

  • Red Hat 6: ami-ddb692b8


More Help

Review the basics of network setup with these video tutorials: