Aegis Install on EC2

Overview

This flow installs the `velikey-aegis` service, writes an agent config under `/opt/velikey-aegis`, and registers to Axis over TLS.

Use unique customer install URLs and never reuse install scripts across tenants.

Endpoint Assumptions

• Production auth and API host: https://axis.velikey.com (signin: https://axis.velikey.com/auth/signin).
• Non-production override: set AXIS_BASE_URL explicitly before running docs commands.
• Manual operator substitutions: provide tenant-scoped values for cookies, bearer tokens, agent IDs, and tenant slugs.

Actionable Steps

1. Confirm outbound connectivity from instance to Axis domain.
2. Run customer-specific installer from Axis.
3. Confirm service health and enrollment in Axis dashboard.

# manual-only example
export CUSTOMER_NAME="customer-prod"
# production default; set AXIS_BASE_URL explicitly for staging/test.
export AXIS_BASE_URL="${AXIS_BASE_URL:-https://axis.velikey.com}"

curl -fsSL "https://install.velikey.com/customers/$CUSTOMER_NAME/install" | bash
sudo systemctl status velikey-aegis --no-pager
sudo journalctl -u velikey-aegis -n 100 --no-pager

Validation Checks (Last Step)

# executable example
command -v bash
command -v curl
command -v openssl
command -v shasum

When these commands are unavailable, bootstrap prerequisites before host enrollment.

Common Failure Modes

• Installer URL copied from wrong tenant, resulting in cross-tenant registration attempts.
• Missing egress to Axis endpoint blocks certificate exchange and first policy pull.
• Service appears active but cannot fetch policy due to stale host time or TLS trust chain issues.

Navigate Docs

Docs Index • Previous: Aegis Overview • Next: Aegis Install on Kubernetes • Troubleshooting