Getting started with Glasnostic for AWS GWLB

AWS GWLB is a great way to add Glasnostic’s industry-leading traffic control capability to existing AWS VPCs, quickly and easily. The installation consists of three steps:

  1. Generate a unique network key via the Glasnostic UI,
  2. Install Glasnostic as a GWLB appliance,
  3. Connect your architecture to the Glasnostic appliance.

Step 1. Generate a Network Key

A unique network key is needed to identify the data that you’re sending from the VPC whose ingress and egress interactions you want to control to Glasnostic. To create the key, you need to sign up for an account at and log into the Glasnostic UI.

Glasnostic visualizes and controls interactions between services from one or more VPCs in environments. Once you are logged in, you’ll find a number of demo environments as well as an empty environment ready to receive data from your VPCs called “My environment”. To configure this environment, choose “Manage…” from the menu.

Screenshot of Glasnostic console showing dropdown list of environments

Under “Environments,” click on “Settings” to configure the environment:

Screenshot of Glasnostic console showing list of environments

Click on “+ Add network” to add a VPC to the environment:

Screenshot of Glasnostic console showing details of the environment

This creates a new network under “Networks” to represent your VPC. Copy the generated key by clicking on the icon:

Screenshot of Glasnostic console showing list of the networks

With that network key, you are ready to create the Glasnostic GWLB Service.

Step 2. Install Glasnostic as GWLB Appliance

After subscribing to Glasnostic Traffic Controller on the AWS Marketplace, you can configure the software by selecting the AWS region and software version:

Screenshot of AWS console showing configuration of Glasnostic

Once the software is configured, choose “Launch CloudFormation” as launch action. AWS Marketplace will redirect you to the CloudFormation console, where you can create a CloudFormation stack to install Glasnostic.

Currently, the following parameters can be changed for the installation:

  1. networkKey - the network key retrieved in the first setup step
  2. instanceType - the instance type of Glasnostic VM, should be greater than or equal to t2.xlarge which is sufficient for most workloads.
  3. keyName - the name of the EC2 key pair that you can use to login into the router instance.

The stack will provide a GWLB Endpoint Service which will be consumed by the GWLB Endpoint (GWLBe), which we will create in the next step.

Step 3. Connect your architecture to the Glasnostic appliance

Finally, create at least one subnet per GWLBE in your VPC, then create a GWLBE connected to the GWLB Endpoint Service created in Step 2 in each subnet and change your routing rules so that traffic that should be controlled by Glasnostic is directed to the corresponding GWLBE.

This step depends very much on your own AWS architecture. Here’s an example of a commonly used setup where a GWLBE is deployed into each Availability Zone:

Reference architecture for Glasnostic for AWS GWLB

Customer VPC with two Availability Zones sending ingress and egress traffic to the Glasnostic appliance via GWLB.

This setup lets Glasnostic control ingress and egress traffic of the entire VPC. The orange arrows show the connection of the GWLBEs to the GWLB provided by the Glasnostic appliance. In white, you can see the routes that have been added to each application subnet and the Internet Gateway to send ingress and egress traffic to GWLB.

A more advanced setup is to attach a GWLB to a Transit Gateway (TGW), which lets Glasnostic control east-west traffic between VPCs as well.

To actually create a GWLBE, you have to call the following command:

aws ec2-gwlbe create-vpc-endpoint --vpc-endpoint-type GatewayLoadBalancer --vpc-id $vpc_id --subnet-ids $subnet_id --service-name $service_name --region $region

As usual, you have to specify the AWS region where to create the resource with the parameter region. The parameters vpc_id and subnet_id specify the subnet to create the GWLBE in and service_name is the name of the GWLB Endpoint Service created in Step 2.

Please check the GWLB documentation for more details on how to set up a GWLBE.

• • •

That’s it! Now, you just have to log in to the Glasnostic UI at with the account that you created in Step 1. Select “My environment” from the environment drop-down and, once the GWLBE has started up (this can take a minute), you’ll see VPC ingress and egress traffic in the UI.

Glasnostic UI

Ingress and egress interactions of two EC2 services, as shown in the Glasnostic console. The large number of cyan-colored nodes represent anonymous requests. Unwanted sources such as these can be easily suppressed with Glasnostic.

By deploying Glasnostic as a GWLB appliance, you can now, with a single click, detect, respond to and proactively manage your unpredictable and disruptive traffic patterns—automatically, in any environment and in real-time.

Manage the complex behaviors of modern microservice architectures