Skip to main content

Overview

Deploy Metlo on AWS using CloudFormation templates. Metlo provides two deployment options:
  1. Metlo Manager - Main instance running all Metlo services
  2. Traffic Mirror Ingestor - Separate instance for processing VPC traffic mirroring

Prerequisites

  • AWS account with appropriate permissions
  • EC2 Key Pair for SSH access
  • VPC with appropriate networking configuration
  • For traffic mirroring: Subnet and availability zone details

Deployment Options

Deploy Metlo Manager

The Metlo Manager is the main instance that runs the complete Metlo platform including the web UI, backend API, and collector.
1

Launch CloudFormation Stack

Click the button below or use the AWS Console:
CloudFormation Template URL:
https://cf-templates-7639qxxr319s-us-west-1.s3.us-west-1.amazonaws.com/metlo-manager.template
The deployment will create:
  • EC2 instance (t3.large)
  • Security group with required ports
  • All Metlo services via Docker
2

Configure Parameters

Provide the following parameters:
  • Stack Name: Name for your CloudFormation stack (e.g., Metlo-Manager)
  • VPC: Select the VPC where Metlo will be deployed
  • EC2 Key Pair: Select key pair for SSH access
  • License Key: Optional enterprise license key
3

Wait for Deployment

The CloudFormation stack will:
  1. Launch an EC2 instance with Metlo AMI
  2. Configure security groups (ports 22, 8081)
  3. Run the deployment script automatically
  4. Start all Metlo services
This process takes approximately 15-20 minutes.
4

Access Metlo

Once the stack is complete:
  1. Get the public IP from the EC2 instance
  2. Access the UI at http://PUBLIC_IP:8000
  3. Backend API available at http://PUBLIC_IP:8080
  4. Collector endpoint at http://PUBLIC_IP:8081

Instance Details

Instance Type
string
default:"t3.large"
Recommended instance size for production workloads
Operating System
string
Amazon Linux 2 with pre-installed Metlo deployment scripts

Security Group Configuration

The CloudFormation template creates a security group with:Inbound Rules:
  • Port 22 (SSH) - From 0.0.0.0/0
  • Port 8081 (Collector) - From 0.0.0.0/0
Outbound Rules:
  • Ports 0-65535 (All traffic) - To 0.0.0.0/0
For production deployments, restrict the source IP ranges for ports 22 and 8081 to your specific network ranges.

Supported Regions

Metlo provides AMIs in the following AWS regions:
  • us-east-1 (N. Virginia)
  • us-east-2 (Ohio)
  • us-west-1 (N. California)
  • us-west-2 (Oregon)
  • ca-central-1 (Canada)
  • sa-east-1 (São Paulo)

Post-Deployment Configuration

SSH Access

Connect to your instance using the key pair you specified: 
ssh -i /path/to/your-key.pem ec2-user@YOUR_INSTANCE_IP

Management Commands

Once connected, use the metlo-deploy command: 
sudo metlo-deploy status

Environment Variables

Configuration is stored in /opt/metlo/.env. Key variables: 
LICENSE_KEY=your-license-key
ENCRYPTION_KEY=auto-generated
BACKEND_URL=http://YOUR_INSTANCE_IP:8081
EXPRESS_SECRET=auto-generated

Advanced Configuration

Custom CloudFormation Deployment

For more control, download and customize the CloudFormation templates: 
wget https://raw.githubusercontent.com/metlo-labs/metlo/master/deploy/cloudformation/metlo-manager-deployment.json
wget https://raw.githubusercontent.com/metlo-labs/metlo/master/deploy/cloudformation/metlo-traffic-mirror-deployment.json
Modify as needed and deploy via AWS CLI: 
aws cloudformation create-stack \
  --stack-name metlo-manager \
  --template-body file://metlo-manager-deployment.json \
  --parameters \
    ParameterKey=VPC,ParameterValue=vpc-xxxxx \
    ParameterKey=metloKeyPair,ParameterValue=your-keypair \
    ParameterKey=licenseKey,ParameterValue=your-license

Using Custom AMI

To build your own Metlo AMI:
  1. Launch a base Amazon Linux 2 instance
  2. Run the deployment script: 
    wget https://raw.githubusercontent.com/metlo-labs/metlo/master/deploy/deploy_script.sh
chmod +x deploy_script.sh
sudo ./deploy_script.sh
  3. Create an AMI from the configured instance
  4. Update the CloudFormation template with your AMI ID

Cost Estimation

Estimated monthly costs (us-east-1 region):
  • Metlo Manager (t3.large): ~$60-70/month
  • Traffic Mirror Ingestor (t3.small): ~$15-20/month
  • Data Transfer: Varies based on traffic volume
  • EBS Storage: ~$10/month for 50GB
Actual costs may vary based on usage and region.

Troubleshooting

  • Verify your EC2 key pair exists in the selected region
  • Ensure you have sufficient EC2 instance limits
  • Check IAM permissions for CloudFormation and EC2
  • Review CloudFormation Events tab for specific errors
  • Wait 15-20 minutes for full initialization
  • Check the EC2 instance is running
  • Verify security group allows inbound traffic on port 8000
  • SSH into the instance and check service status: sudo metlo-deploy status
  • Verify the Metlo Address parameter includes the correct port (8081)
  • Check the API key is valid
  • Ensure traffic mirror sessions are configured correctly
  • Verify security group allows UDP 4789 from your VPC CIDR
  • Check ingestor logs: sudo journalctl -u metlo-traffic-mirror
  • Review Data Transfer costs from VPC traffic mirroring
  • Consider using VPC endpoints to reduce data transfer costs
  • Scale down instance types for testing/development environments
  • Set up billing alerts in AWS Cost Explorer

Next Steps

Configure Traffic Mirroring

Set up VPC traffic mirroring

Connect Data Sources

Configure other data source integrations

Security Policies

Configure detection and blocking rules

Environment Variables

Configure environment settings

Build docs developers (and LLMs) love

Get started for freeTalk to us