FileMaker Cloud for AWS 1.18.0 Getting Started Guide
Preparing to purchase and create a FileMaker Cloud for AWS instance
Getting to know Amazon Web Services
You must have an Amazon Web Services (AWS) account before you create a FileMaker Cloud® for AWS instance.
If you are unfamiliar with AWS, review these sections:
Before purchasing FileMaker Cloud for AWS, decide which type of license subscription you want:
To purchase a new FileMaker Cloud for AWS license, determine the number of connections you need. You can choose from SKUs with 5, 10, 25, and 100 connections.
Note:For SKUs with 25 or fewer connections, the maximum number of supported FileMaker® Perform Script on Server (PSoS) sessions is 25. For SKUs with greater than 25 connections, the maximum is 100.
- To use an existing FileMaker Server license, or if the number of connections you need differs from the AWS SKUs, choose FileMaker Cloud for AWS BYOL.
Understanding AWS regions
Most Amazon Web Services offer regional endpoints to reduce data latency in applications. FileMaker Cloud for AWS supports these regions:
- US East (Northern Virginia)
- US West (Oregon)
- Canada (Central)
- EU (Ireland)
- EU (Frankfurt)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
The resources in each region are independent. For example, if you create FileMaker Cloud for AWS instances in US West and US East, the two instances are independent.
When you sign in to the AWS Elastic Compute Cloud (EC2) Management Console, you choose a region from the list next to your user name in the navigation bar. To reduce data latency, choose the region nearest you.
Step 1: Create your EC2 key pair
Notes:Key pairs are region specific. When you create the key pair, it is valid only for the region selected upon sign-in.
- Sign in to the EC2 Management Console.
- If a region isn't already selected, select one from the top navigation bar.
- In the left navigation pane, under Network & Security, choose Key Pairs.
- Click Create Key Pair.
- In the Create Key Pair dialog box, name your key pair and click Create.
The key pair is downloaded by your browser to your computer. If the extension .txt is added, delete that extension so that the key pair filename ends in .pem.
Note:Save the downloaded file in a safe place.
Step 2: Purchase FileMaker Cloud for AWS
Sign in to AWS Marketplace, using your AWS account ID, IAM user name, and password. (Do not use private Amazon credentials.)
Note:If you have to sign in again to AWS Marketplace, click Sign in at the top of the page.
- Search for FileMaker Cloud for AWS.
- Click the SKU you want to purchase.
Click Continue to Subscribe on the FileMaker Cloud for AWS homepage.
Click Accept Terms on the next page.
The page displays a message about the pending subscription. After a few minutes, the message confirms that you are subscribed, and the page shows the terms for your subscription.
Note:The total price displayed on this page is an estimate.
The default subscription term is hourly. To configure the hourly subscription, click Continue to Configuration. Choose a fulfillment option and enter the information required to configure the deployment. Click Continue to Launch, then skip to step 8.
To choose an annual subscription term, continue to step 7.
To choose an annual subscription, click View Options. Choose the instance type and number of subscriptions, then click Add.
The instance type must be the same as the one you select when you create the instance. See Create your instance.
Important:To purchase one subscription for the selected SKU, make sure Number of subscriptions is set to 1. For example, if the selected SKU is for 10 users, and the number of subscriptions is 1, you purchase one subscription for 10 connections. If you add subscriptions, you must use the same instance type; otherwise, the subscription term will be hourly.
Review the subscription information, then click Purchase. (You might have to scroll up to see the Purchase button.)
If all the information is correct, click Confirm Order on the next page.
Important:You will be charged the full annual subscription fee after you click Confirm Order.
After the purchase is complete, the page displays the terms for your subscription.
Click Continue to Configuration.
Review the information about your subscription, then click Continue to Launch.
Click Usage Instructions to display instructions and links necessary for creating your instance. To choose a link for a regional cloud template on the Usage Instructions page, see Create your FileMaker Cloud for AWS instance.
Important:Do not click the Launch button on this page. To create your instance, you need to click Usage Instructions.
Create your FileMaker Cloud for AWS instance
Step 1: Create your instance
To create your instance from the Launch This Software page in AWS:
- Click Usage Instructions.
On the Usage Instructions page, click the link for a regional cloud template. Choose the link for the region nearest you. If you previously created a key pair, choose the same region as before.
The Create Stack wizard guides you through the four steps to create an instance.
On the Select Template page, click Next to use the stack template URL selected at the bottom of the screen. This URL determines the properties of the cloud stack that will be created.
On the Specify Details page, enter the following and then click Next.
- A stack name. This name identifies your stack in AWS. It can contain only letters, numbers, and dashes.
- An email address for signing in to FileMaker Cloud for AWS. This email address will be the root administrator user name.
- An instance type.
For annual subscriptions, you must choose the same instance type as the one you selected when you purchased FileMaker Cloud for AWS. See Purchase FileMaker Cloud for AWS.
- The key name of your key pair.
Click Next on the Options page to continue. (These settings are optional.)
Review your settings, acknowledge possible Identity and Access Management (IAM) resource creation, and click Create.
The CloudFormation Management Console screen appears. If you have not created stacks before, no stacks are listed. You can check on your stack by clicking the Refresh button at the top right of the list.
The stack status is CREATE_IN_PROGRESS.
Wait several minutes while the stack is created. The status changes to CREATE_COMPLETE when the process is finished.
- Monitoring stack creation on the Events tab for your instance in the CloudFormation Management Console is good practice. You can add a CloudFormation shortcut (and other services, such as EC2) to the AWS Services navigation bar by clicking the pushpin icon in the navigation bar and dragging the CloudFormation service there.
- If the stack detects an internal failure during creation, the cloud formation template terminates the stack, and the CloudFormation Console displays a failure message.
- If the stack creation is successful, the CloudFormation console displays a success message.
- If the stack times out, its creation is rolled back and the console displays a "wait condition" message. The default wait time is 15 minutes, and the timer starts after the instance is created.
Step 2: Set up FileMaker Cloud for AWS
- If you did not select a BYOL license, skip to step 2. If you selected a BYOL license, you receive an email with a link to the FileMaker Store. Use the link in the email to complete purchasing FileMaker Cloud for AWS. After your transaction is complete, you will receive a welcome email.
Wait to receive a welcome email, sent to the address specified when you created the instance.
Note:If you plan to use a custom signed SSL certificate instead of the default SSL certificate, copy and save the URL that appears in the browser when you click the Setup page link in the email. You will need the generated host name for Domain Name Service (DNS) mapping when you import the custom certificate.
Click the link in the email, complete these fields on the Welcome page, then click Set Up:
- Amazon Account Number: Your Amazon account number. To locate it on the AWS Management Console, click Support, choose Support Center, and view your 12-digit account number at the upper right.
- Host Name: Create a host name for FileMaker Cloud for AWS. This name appears in the server URL, and cannot exceed 40 characters.
- Password: Create a password. The password must have from 8 to 128 characters and include three of these four character types: uppercase letter, lowercase letter, number, and symbol.
- Confirm Password: Confirm the password you created.
- Local Time Zone: Choose your local time zone from the list.
- The Admin Console Setup page appears, displaying a timer and a wait message.
Sign in when the Admin Console Sign In page appears. Your user name is the email address you specified when you created the instance.
You are prompted to accept the End User License Agreement for FileMaker Cloud for AWS. Click Agree and Continue.
If you don't agree and choose Disagree and Delete Instance, the Proceed with Deletion dialog box appears. Enter the root administrator email address and password, and confirm deletion. In AWS, your FileMaker Cloud for AWS stack is immediately deleted and the instance is terminated.
Note:When you delete your FileMaker Cloud for AWS instance, your subscription is not canceled in AWS. (You need to cancel your software subscription via your AWS account.)
In the FileMaker Cloud for AWS Opt-in Registration page, enter your information and click Submit. Or, click I will do this later at the bottom of the page.
If you choose to register later, in Admin Console, go to the Opt-in Registration area in Subscription > Subscription Center to complete registration.
- For information on using Admin Console, see FileMaker Cloud for AWS Help.
- Once the stack creation is complete, charges for your instance begin accruing on AWS.
- BYOL users may have to wait as long as a day for the FileMaker Store to validate their license. During any wait time, they will accrue AWS charges before receipt of the welcome email.
Processing your host name and SSL certificate
During FileMaker Cloud for AWS setup, FileMaker provides a default Secure Socket Layer (SSL) certificate. The certificate authority reviews your requested host name and assigns the SSL certificate to your fully qualified domain name (FQDN).
If a delay occurs in processing your request, FileMaker Cloud for AWS provides a temporary host name for you to sign in with.
Follow these steps while you wait for your host name request to be processed:
In the Admin Console Sign In page, enter your user name and password, then click Sign In.
You see a notification that the associated SSL certificate is not yet available and the temporary host name has been assigned. You can work with FileMaker databases while you wait, but do not make any changes to your FileMaker Cloud for AWS instance.
- When the SSL certificate for your host name is ready, a second notification appears. Click Restart.
- As you wait for the instance to restart, a page displays the URL with the new host name. Write down the URL and keep it in a safe place.
- You receive an email when your instance with the requested host name is ready. Click the URL in the email to sign in.
Creating a new host name
A delay in host name processing might mean that your host name will be rejected by the certificate authority. For example, if your host name includes an established company or website name, it can be rejected.
If your host name is rejected, you see a notification in Admin Console.
To create a new host name:
- Click Enter Host Name in the notification.
- In the host name dialog box, enter a new host name and click OK.
- When the host name and SSL certificate have been successfully processed, a notification appears. Click Restart.
- As you wait for the instance to restart, a page displays the URL with the new host name. Write down the URL and keep it in a safe place.
- You receive an email when your instance with the new host name is ready. Click the URL in the email to sign in.
Downloading the license certificate
You must have a valid license certificate file to install the client software. Keep the license certificate in a safe place in case you need to reinstall the software.
To download the license certificate and the client software:
- In Admin Console, click Subscription > Subscription Center.
- In the Downloads and Resources area, click Download License Certificate.
- To download the software, click the link for your FileMaker client.
Use the downloaded license certificate when you install FileMaker Pro Advanced.
- If you have a BYOL license, you receive an email with a link to your Electronic Software Download page. You can either follow the instructions in the email or use the links in Admin Console to download the software and the license certificate.
FileMaker Cloud for AWS system requirements
Hardware, software, and supported data sources requirements
FileMaker Cloud for AWS hardware, software, and supported data sources requirements are listed here: FileMaker Cloud for AWS Technical Specifications.
Instance sizing and pricing
Review the AWS EC2 Instance types to choose the instance type that best suits your needs. See the following summary table, or see Amazon EC2 instance types.
- Review the pricing details for your instance type on the FileMaker Cloud for AWS homepage. See Amazon EC2 pricing.
Important: Your FileMaker Cloud for AWS instance is a compute resource in AWS. If you have an hourly subscription, you pay on an hourly basis from the time you launch or start a compute resource until the time you stop or terminate it. (For data storage and transfer, you pay on a per-gigabyte basis.) You can turn off your compute resources and stop paying for them when you don’t need them. See AWS EC2 User Guide, "Stop and Start your Instance".
This table summarizes the instance types supported for FileMaker Cloud for AWS. For each type, storage is Amazon Elastic Block Storage (EBS), a durable block-level storage volume attached to a single EC2 instance. For optimal operation, FileMaker Cloud for AWS requires 40 GB of storage. Each instance will include 40 GB of EBS. You can upgrade the volume size at additional cost.
|Type||Description||Use for||vCPU||CPU credits/hour||Memory (GiB)|
|t2.medium||Used for workloads that don’t use the full CPU often or consistently, but occasionally need to burst (surge). The baseline performance and ability to burst are governed by CPU Credits.||Early product experiments, small databases||2||24||4|
|m4.xlarge||Provides a balance of compute, memory, and network resources. A good choice for many applications. Provides EBS optimization through dedicated EBS throughput of 750 Mbps. Provides support for EC2 Enhanced Networking.||Most applications||4||16|
|c4.xlarge||Features the highest performing processors and the lowest price/compute performance in EC2. Provides EBS optimization through dedicated EBS throughput of 750 Mbps. Provides support for Enhanced Networking and Clustering.||High compute performance and advanced optimization||4||7.5|
FileMaker Cloud for AWS security
AWS security features
This section describes AWS security features and the steps you can take as the root administrator to apply these security features to your FileMaker Cloud for AWS instance.
Root credentials: Secure your root AWS account credentials by setting up multi-factor authentication (MFA), to require more than one method of authentication. See Using Multi-Factor Authentication in AWS.
Protecting your key pair
You created an EC2 key pair used to launch your FileMaker Cloud for AWS instance and to provide Secure Shell (SSH) access. Amazon EC2 stores the public key only, and you store the private key. Anyone who possesses your private key can decrypt your login information, so it's important that you store your private keys in a secure place.
For increased security, instead of using Amazon EC2 to create your key pair, you can create an RSA key pair using a third-party tool and import the public key into Amazon EC2. For example, use
ssh-keygen (provided with the standard OpenSSH installation) to create a key pair and protect your key pair with a passphrase.
To create a key pair with passphrase protection using
On the Linux command line of your local machine, enter
ssh-keygen -f /path/filename
Your private key will be stored in the path and file specified. For example:
When prompted, enter and reenter a passphrase.
The key pair is generated, as shown in a series of messages.
- Import the public key: in the AWS Management Console, under Network and Security, choose Key Pairs and click the Import Key Pair tab.
- In the Import Key Pair dialog box, browse to the public key file location, or use the
catcommand to copy and paste the public key.
To connect to your instance using the passphrase-protected private key:
- On the Linux command line, enter
ssh -i /path/filename centos@ipaddress
yeswhen prompted to connect.
- Enter the passphrase in the dialog box, and click OK.
AWS Simple Email Service (SES): FileMaker Cloud for AWS uses AWS SES for sending emails to administrators. Security is enhanced because you don't have to set up an SMTP server and open port 25.
AWS Web Application Firewall (WAF): Consider purchasing AWS WAF, a web application firewall that can help protect FileMaker Cloud for AWS against web security risks. With AWS WAF, you first identify the Amazon CloudFront web distribution to protect, and then create and deploy the rules and filters that will best protect your instance. See AWS WAF Product Details.
Managing ports in your security group
Control network access to your EC2 instance through the security group, which acts like a built-in software firewall for your instance. The security group allows you to filter both inbound and outbound traffic. FileMaker Cloud for AWS doesn't filter outbound traffic because each customer's users will be unique. However, if you have a known set of outbound ports, you can configure them for your instance's security.
Limit inbound traffic to specific ports and protocols, and specify which IP addresses can have access to your instance. FileMaker Cloud for AWS restricts access for each instance's default security group to the following inbound ports.
|80||FileMaker Cloud for AWS web server, Admin Console users, client users||HTTP|
|443||FileMaker Cloud for AWS web server, client users||HTTPS|
|5003||FileMaker Pro Advanced, FileMaker Go® client users||Hosting databases|
|16000||Admin Console users||HTTPS|
You may need to configure two additional ports for your FileMaker Cloud for AWS instance:
- For Secure Shell (SSH) access, open port 22.
- For access by ODBC or JDBC clients, open port 2399.
To configure a port:
- In the AWS Management Console, select your instance.
- On the Description tab, click the Security groups link.
- Click the Inbound tab.
- Click Edit.
- In the Edit inbound rules dialog box, click Add Rule.
For each port, specify the port type, number, source, and IP address or range in CIDR notation.
- For SSH access, choose SSH. Port 22 appears as the number. Choose Custom and enter the IP address or range.
- For ODBC or JDBC client access, choose Custom TCP Rule and enter port 2399. Choose Custom and enter the IP address or range.
- Click Save.
- Click the i button for information on accepted values for any column.
- Restrict inbound traffic for the remaining ports 80, 443, 5003, and 16000. Avoid inbound access from Anywhere.
- For secure access from an ODBC or JDBC client, use a Virtual Private Network (VPN) to connect the client to FileMaker Cloud for AWS.
- Make sure to protect the SSH key pair with a passphrase to limit access to your instance. See Protecting your key pair.
- Denial of service attack prevention: FileMaker Cloud for AWS implements rules for rate control. If ports 80, 443, 16000, or 2399 receive greater than 20 hits per second from the same incoming IP address, subsequent hits are dropped.
FileMaker Cloud for AWS security features
This section describes FileMaker Cloud for AWS security features and the steps you can take as the root administrator to manage these features in your FileMaker Cloud for AWS instance.
Software patching: You receive notifications when patches are available.
Non-root credentials: FileMaker Cloud for AWS requires that you set up Login with Amazon, an identity provider based on OAuth 2.0. This feature allows authenticated users to sign in to FileMaker Cloud for AWS with their Amazon credentials. These users have limited access to FileMaker Cloud for AWS; for example, they cannot update the FileMaker license, configure SSL certificates, or change user passwords or email addresses. For more information about FileMaker Cloud for AWS users, see FileMaker Cloud for AWS Help.
Database encryption: FileMaker Cloud for AWS encrypts all the information stored in a database file (also known as encryption at rest) before opening it. You are required to create an encryption password for the database, and have the option of saving the password and creating a hint for it.
Session timeouts: Review and update session timeouts for FileMaker clients, if needed. When client users' idle periods reach the timeout setting, they are disconnected. Setting session timeouts reduces the risk of database files being accessed by an unattended computer or mobile device.
FileMaker Cloud for AWS plug-ins: Use plug-ins only from trusted sources. Plug-ins can access and modify your solution and connect to other services over the Internet. If you enable FileMaker Script Engine (FMSE) plug-ins, you can choose whether to allow scripts to install, update, and load plug-ins using the Install Plug-In File script step. Similarly, if you allow FileMaker WebDirect™ plug-ins, you can choose whether to allow the Install Plug-In File script step in FileMaker WebDirect.
Log file entries: Frequently download and review the Event.log file for the keyword SECURITY to see security-related entries.
FileMaker Script Engine (FMSE) access: FileMaker Cloud for AWS limits FMSE access for enhanced security in the following ways:
- FMSE cannot query the AWS metadata service.
- FMSE cannot send requests to localhost at ports 1895 and 16002.
- FMSE cannot execute applications from the Data folder, and it can access only the Data/Documents and Data/Database folders.
The following terms appear during purchase or stack creation. For detailed descriptions, see the AWS documentation.
Amazon Elastic Blockstore (Amazon EBS) – Block-level storage volumes for use with Amazon EC2 instances.
Amazon Elastic Compute Cloud (Amazon EC2) – Scalable computing capacity in the AWS cloud.
Amazon Machine Image (AMI) – A preconfigured template for instance creation.
Amazon Simple Storage Service (Amazon S3) – Storage for the Internet, used to store and retrieve any amount of data at any time, from anywhere on the web.
BYOL – Bring Your Own License. A license model that lets you use an existing software license for a cloud instance.
Identity and Access Management (IAM) – A web service that lets you control access to AWS resources for your users.
instance – A virtual computing environment.
instance type – A preset configuration of CPU, memory, storage, and networking capacity.
key pair – Provides secure login information for your instances. AWS stores the public key, and you store the private key in a secure place.
SKU – Stockkeeping unit. An identification, usually alphanumeric, of a specific product that allows it to be tracked for inventory purposes.
snapshot – A backup of your volumes that is stored in Amazon S3. Use these snapshots as the starting point for new Amazon EBS volumes or to protect your data for long-term durability.
stack – A group of related resources that you manage as a named unit.
switchover – For FileMaker Cloud for AWS, an instance switchover occurs when the administrator initiates a change that produces a fresh copy of the instance. These actions trigger an instance switchover: version upgrade, instance refresh, and instance type or storage volume upgrade.
tag – Metadata that you create and assign to your Amazon EC2 resources. Tags are case-sensitive key-value pairs that help you manage your instances. For example, you could define a tag with Key = Name and Value = OregonServer.
template – An AWS CloudFormation template is a formatted text file that describes the resources to be provisioned in your AWS CloudFormation stacks.
timeout – Sets the number of minutes before stack creation times out. The default is 15 minutes for initial stack creation and 60 minutes for upgraded stacks.