AWS Installation Prerequisites

This document describes the prerequisites for installing the Apcera Platform on AWS using Terraform. You must complete each of the following prerequisites before you install the Apcera Platform on AWS:

Create and download user access keys

To deploy cluster components to AWS, you must populate the configuration file with your AWS access keys (account credentials). You have two options:

  • Option 1: For production deployments, as a best practice you should create an AWS Identity & Access Management (IAM) user that has the necessary access keys.
  • Option 2: Provide the root AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY values for your AWS account.

Create and download IAM user access keys

To create an IAM user and policy, follow these steps:

  • Log into the AWS console.
  • Select Identity & Access Management.
  • Select Users.
  • Click Create New Users.
  • Enter one or more user names to create.
  • Check the box for Generate an access key for each user (should be selected by default).
  • Click Create.
  • Select Show User Security Credentials
  • Click Download Credentials; a file named credentials.csv is downloaded to your computer and contains the user name, access key and secret access key for each user created; this file is only available once.
  • Click Close.
  • Select Users again.
  • Select the user name you created.
  • Click the Permissions tab.
  • Click Attach Policy.
  • Select the check-box next to each of the following:
    • AmazonVPCFullAccess
    • AmazonEC2FullAccess
    • AmazonS3FullAccess
    • AmazonRDSFullAccess
    • IAMFullAccess (so the PM can talk to Amazon S3)
  • Click Attach Policy.
  • Verify that you have attached the necessary policy.

    screenshot

Create and download root access keys

To create and download the root access key for your AWS account:

  • Select [account-name] > Security Credentials from the upper right of the AWS menu bar
  • Select Access Keys (Access Key ID and Secret Access Key)
  • Click Create New Access Key
  • Download the file rootkey.csv.txt

Create and download EC2 key pair

The Orchestrator host is a EC2 Linux instance. To deploy the cluster, you connect to the Orchestrator instance using SSH and run the orchestrator-cli utility.

Amazon EC2 uses public key cryptography to encrypt and decrypt login information. Linux instances have no password, and you use a key pair to log in using SSH.

To create an EC2 key pair so you can access the Orchestrator host:

  • Go to the AWS EC2 Dashboard > Network & Security > Key Pair screen.
  • Create a key pair named apcera.pem, or any name you choose.
  • Download the apcera.pem.txt private key to your local machine.

If you need additional instructions, see Creating Your Key Pair Using Amazon EC2 in the AWS documentation.

Generate SSL certificate and key for HTTPS

You can user either HTTP or HTTPS for your cluster. As a best practice you should use HTTPS for production clusters

By default the Terraform module that we provide assumes that that you are using HTTPS. If you are not using HTTPS, you can comment out this block.

In addition, you need an SSL/TLS private key, a Certificate Signing Request (CSR), a certificate from the Certificate Authority, and the intermediate trust chain as well. You use this information to populate the cluster.conf file.

Refer to Using HTTPS for details on how to create and provide this information.

Configure an Identity Provider

For production deployments Apcera supports various third-party identity providers, including Google auth, Crowd, LDAP, and Microsoft Active Directory.

For new production clusters without access to an existing LDAP or Active Directory server, to get started it is recommended that you use Google Auth because it is comparatively easy to set up. Refer to these instructions to configure Google Auth for your Apcera Platform deployment. For LDAP and Active Directory set up, refer these instructions.

Configure DNS

You need to configure DNS to point to the cluster. DNS setup is not contingent on the cluster being up, but you will need to update DNS after you have deployed the Apcera Platform to AWS.

Refer to the DNS configuration documentation.

Configure Terraform for AWS

Once you have completed the prerequisites, the next step is configure Terraform for AWS.