Skip to main content

Glasnostic for AWS GWLB Setup Guide

AWS GWLB is a great way to add Glasnostic’s industry-leading traffic control capability to existing AWS VPCs, quickly and easily. The installation consists of two steps:

  1. Install Glasnostic as a GWLB appliance,
  2. Connect your architecture to the Glasnostic appliance.


A unique network id is needed to identify the data that you’re sending from the VPC whose ingress and egress interactions you want to control to Glasnostic. To create the id, see Creating Environments and Network IDs.

Install Glasnostic as GWLB appliance

After subscribing to Glasnostic Traffic Controller on the AWS Marketplace, you can configure the software by selecting the AWS region and software version:

AWS Marketplace

Once the software is configured, choose “Launch CloudFormation” as launch action. AWS Marketplace will redirect you to the CloudFormation console, where you can create a CloudFormation stack to install Glasnostic.

Currently, the following parameters can be changed for the installation:

  1. networkKey - the Network ID retrieved from the environment.
  2. instanceType - the instance type of Glasnostic VM, should be greater than or equal to t2.xlarge which is sufficient for most workloads.
  3. keyName - the name of the EC2 key pair that you can use to login into the router instance.

The stack will provide a GWLB Endpoint Service which will be consumed by the GWLB Endpoint (GWLBe), which we will create in the next step.

Connect your architecture to the Glasnostic appliance

Finally, create at least one subnet per GWLBE in your VPC, then create a GWLBE connected to the GWLB Endpoint Service created in Step 1 in each subnet and change your routing rules so that traffic that should be controlled by Glasnostic is directed to the corresponding GWLBE.

This step depends very much on your own AWS architecture. Here’s an example of a commonly used setup where a GWLBE is deployed into each Availability Zone:

Reference Architecture for AWS GWLB Customer VPC with two Availability Zones sending ingress and egress traffic to the Glasnostic appliance via GWLB.

This setup lets Glasnostic control ingress and egress traffic of the entire VPC. The orange arrows show the connection of the GWLBEs to the GWLB provided by the Glasnostic appliance. In white, you can see the routes that have been added to each application subnet and the Internet Gateway to send ingress and egress traffic to GWLB.

A more advanced setup is to attach a GWLB to a Transit Gateway (TGW), which lets Glasnostic control east-west traffic between VPCs as well.

To actually create a GWLBE, you have to call the following command:

aws ec2-gwlbe create-vpc-endpoint --vpc-endpoint-type GatewayLoadBalancer --vpc-id $vpc_id --subnet-ids $subnet_id --service-name $service_name --region $region

As usual, you have to specify the AWS region where to create the resource with the parameter region. The parameters vpc_id and subnet_id specify the subnet to create the GWLBE in and service_name is the name of the GWLB Endpoint Service created in Step 1.

Please check the GWLB documentation for more details on how to set up a GWLB Endpoint.

Verify the result

Now, you just have to log in to the Glasnostic Console, and select “My environment” from the environment drop-down. Once the GWLBE has started up (this can take a minute), you’ll see VPC ingress and egress traffic in the UI.

By deploying Glasnostic as a GWLB appliance, you can transparently detect, respond to and proactively manage your application communication automatically, in any environment and in real-time.