reference deployment

XQ Message Zero-Trust Gateway on AWS

Helps protect your data in transit

This Partner Solution deploys XQ Message Zero-Trust Gateway in the Amazon Web Services (AWS) Cloud. It helps protect your data as it moves to or from your AWS virtual private cloud (VPC) or between AWS Regions. You might use this solution, for example, to migrate data, back up or archive data, move data for artificial intelligence and machine learning (AI/ML) workloads, or move data for Internet of Things (IoT) deployments.

With XQ Zero-Trust Gateway, you can configure trusted devices to automatically encrypt and decrypt data. The gateway encrypts data at the packet level and stores keys and policies with an XQ distributed keystore. It logs every attempt to access the data and notifies you of any unauthorized attempts.

XQ Message logo

This Partner Solution was developed by XQ Message Inc. in partnership with AWS. XQ Message is an AWS Partner.

  •  What you'll build
  • This Partner Solution sets up the following:

    • A highly available architecture that spans two Availability Zones.*
    • A VPC configured with public subnets, according to AWS
      best practices, to provide you with your own virtual network on AWS.*
    • In the public subnets:
      • An Amazon Elastic Compute Cloud (Amazon EC2) instance running XQ Zero-Trust Gateway software.
      • An Auto Scaling group that automatically scales the number of instances to meet demand and, if needed, restarts the XQ Zero-Trust Gateway software in a secondary Availability Zone.
      • An Elastic IP address to provide a reserved public IP address to assign to the EC2 instance.
      • An AWS Transfer Family server to provide an SFTP (Secure File Transfer Protocol) interface to an Amazon Simple Storage Service (Amazon S3) bucket.
    • An S3 bucket to store data that XQ Zero-Trust Gateway has transferred in.

    * The template that deploys the Partner Solution into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • To deploy this Partner Solution, follow the instructions in the deployment guide, which includes these steps.

    1. Sign in to XQ.
    2. Complete the predeployment steps to create your application and your API keys, find your XQ team ID, create your gateway-configuration secure key, and name your gateway.
    3. Sign in to your AWS account. If you don’t have an AWS account, sign up at
    4. Launch the Partner Solution. The stack takes about 15 minutes to deploy. Before you create the stack, choose the AWS Region from the top toolbar. Choose one of the following options:
    5. Complete the postdeployment steps to update the range of trusted IP addresses and configure the newly created gateway.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Cost and licenses
  • You need an XQ Zero-Trust Gateway license to deploy this Partner Solution. For details, refer to the XQ Message plans and pricing page.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?