User Guide
DocumentationGuided DemoFree Trial
Searchโ€ฆ
What's Atlan?
๐Ÿ“Œ
Quick Start
๐Ÿ“œ
Our Manifesto
The DataOps Culture Code
๐Ÿ”Ž
Understanding Data
Search
README
Glossary Terms
Data Dictionary
Data Profile
Auto Column Descriptions
Auto Glossary Suggestions
โœ…
Trusting your Data
Lineage & Impact Analysis
Auto-PII Detection
Asset Status Tag
Owners & Experts
Business Metadata
๐Ÿค
Collaborating on Data
SQL Editor
Visual Query Builder
Chat
Save Queries
Open in BI Tools - Tableau
Crowdsourcing Metadata
Approval Workflows
๐Ÿ›ก๏ธ User Management
Granular Access Policies
User Invites & Manage
User Roles
User Groups
Classifications
SAML
๐Ÿงฐ
Deployment
Atlan Architecture
Atlan Platform Management
AWS Authentication
Deploy Using Terraform
Deploy Using CloudFormation
Deploy within Existing VPC
Air-Gapped Deployment
Air-Gapped Deployment in Existing VPC
Application Release Process
Configure SMTP
Atlan Infra Cost
Cost Reports in AWS
Bucket Access to Node Instance
EKS Access for an IAM User
Reset KOTS Admin Console Password
Reset Atlan Stack
Delete Atlan Deployment
Request Atlan License
๐Ÿงฐ
Security
Atlan Security Explained
Configure SSL Certificate
Enable VPN access with IP whitelisting
Set Up Transit Gateway
๐Ÿงฐ
Backup & Disaster Recovery
Disaster Recovery
Backups
Migrate Atlan Stack
๐Ÿงฐ
Troubleshooting
Check Status of Atlan Components
Access pods log
Add a user through Keycloak
Disable VPN IP addresses via Kubectl
Make Public ELB to Private
Disable Caching on Cloudfront
Increase Cassandra PVC
Export Atlas Audit Records from Elasticsearch
Fix Crashing Pod
๐Ÿ“ฆ
Integrations
Whitelisting
Collaboration
Data Lake
Data Warehouse
Relational Database
Query Engine
BI Applications
Metastore
dbt
๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Customer Success & Supporty
Customer Success & Support
๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ Community
Data Wiki
Atlan on AWS Marketplace
Release Notes
Powered By GitBook
Deploy Using CloudFormation
How to deploy Atlan in AWS

๐Ÿ“œ Prerequisite

    Create an AWS sub-account (optional but recommended). This will both help monitor costs and be more secure, as it will not interfere with production or other workloads running in the existing AWS accounts.
    Make sure users should have the below permissions on their id to launch the Atlan stack. In case if user dosen't have the below permissions then follow this doc to create a new IAM user or grant access to an existing users. It's always recommended to use the AWS IAM best practices to create a user and policies.
    โ€‹
    โ€‹
๐Ÿ‘€ Note: You can either create a new IAM user or enable an existing user with the above permissions. After stack creation is complete, you can remove these permissions from the IAM user.

๐Ÿ› ๏ธ A step-by-step guide for Atlan cloud deployment on AWS

STEP 1: Create a new stack

Go to the CloudFormation AWS console, and select the option to "Create a New Stack". For the template source, select Amazon S3 URL.
Here is the Atlan CloudFormation S3 template URL: https://atlan.s3.ap-south-1.amazonaws.com/deploy/marketplace/cloudformation/templates/main.yamlโ€‹
Cloud Formation AWS console

STEP 2: Specify the stack details

Fill in the parameters needed by the CloudFormation template to create the resources:
    Deployment Method: The deployment method for installing the product.
      Online (recommended): The stack will be launched with Internet Gateway and NAT Gateway. The product will be accessible via Internet without using a VPN.
      Airgapped: The stack will be launched without any Internet Gateway, NAT Gateway, or public endpoints. The cluster won't have any kind of internet access and will be only accessible via VPN. Some of the features won't be available, such as:
        Slack notifications
        Chat feature
        Email notifications (you'll need to configure AWS SES separately)
    If you are going with the Airgapped method, follow these steps.
    License URL: Enter the License URL that was shared by the Atlan team. The deployment will fail without a License URL.

Advanced configuration (optional)

    VPC Configuration: Create network resources like VPC, InternetGateway, NatGateway, Subnets, and Security Groups. The default options are already filled in.
๐Ÿ‘€ Note:
    VPC CIDR: This creates a new VPC CIDR block. Ensure that the CIDR range is different from your existing VPC, which might need to be peered with Atlan's VPC. Also, do not overlap the range with any CIDR block assigned to the IP CIDR to be used by the EKS cluster.
    VPC CIDR IP addresses used:
      Public Subnets: 30 IP addresses
      Private Subnets: 250 IP addresses
    EKS Configuration: Configuration of the EKS control plane deployed with the stack.
      Launch EKS in Private Subnet: When this is set to "True", the EKS control plane will be deployed in private subnets.
        The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC.
        The product will be only accessible via VPN after VPC peering or transit gateway is set up.
        The load balancer will be internal, and it will only be accessible with VPC or via VPN after VPC peering is done.
      EKS Cluster IP CIDR: This is the CIDR block to assign Kubernetes service IP addresses. If you don't specify a block, Kubernetes assigns the addresses 172.20.0.0/16 CIDR. We recommend that you specify a block that does not overlap with resources in other networks peered or connected to your VPC. The block must meet the following requirements:
        Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 100.64.0.0/10 or 198.19.0.0/16
        Does not overlap with any CIDR block assigned to the VPC that you selected.
        Netmask between /24 and /12.
        10.0.0.0/8 and 192.168.0.0/12 wonโ€™t work. Make sure the netmask and CIDR block is between the mentioned ranges.
        Recommended CIDR range: /16
      AWS IAM User/Role ARN to Access the EKS Cluster through Kubectl: Enter the ARN value of the IAM user or role to get access to the EKS cluster via kubectl. The user/role deploying the stack will have access to the EKS cluster. Use this to provide access to any other user. Refer to this page for more information.
    Nodes Configuration: Configurations for the nodes being launched. The nodes are divided into a 70-30 ratio of spot and on-demand capacity.
      Launch All Spot Instances: Atlan product can run on all spot instances, low cost setup, though less reliable. If you enable the option, make sure account has availability for the selected instance type.
      EC2 Instance Type: The instance type for Atlan nodes. t3a.2xlarge is recommended for normal workloads. For large workloads, you can increase this to m5a.4xlarge or m5.4xlarge.
      Launch Spark Nodes: This sets whether to launch Spark nodes. Set this to "True" if you have Azure ADLS. This is set to "False" by default.
      Additional Userscript: You can add a Bash script that needs to be executed on every node whenever a new node is added. For this, put the public link to the script in the "Link to additional script to run on nodes while bootstrapping" field. However, this is completely optional and can be left blank.
๐Ÿ‘€ Note: While passing the script link, make sure it is public and accessible over the internet. You can use a signed URL with timeout. Once the stack is created, the script will be copied to the S3 bucket launched via CloudFormation, and it will only be fetched by nodes from S3 instead of the internet.
    Transit Gateway Configuration: These are the configurations to set up the Transit Gateway with the Atlan VPC. Read this documentation for detailed steps.
Sample Parameter List #1
Sample Parameter List #1

STEP 3: Configure the stack options

After entering the parameters above, click on "Next". You can define optional tags as per your IT or Security compliance guidelines, then click the "Next" button.
Tags

STEP 4: Verify all the details

Click on the two checkboxes, and then click on "Create stack".
Accept

STEP 5: Wait 35-40 minutes for stack creation

Output
If you face any issues, recheck the parameters. Otherwise, reach out to the Atlan support team with the CloudFormation error logs.
Your CloudFormation template is now successful ๐ŸŽ‰

STEP 6: Set up the admin account

After deployment, you will need to set up the organization. Just follow these instructures ๐Ÿ‘‡
    1.
    Access the Atlan Product URL, which is displayed as output in the CloudFormation stack.
    2.
    Fill out the setup page:
Setup
    1.
    Log in with the email and password entered on the setup page.
Login

STEP 7: Configure DNS and SSL/TLS (optional)

Looking to configure DNS and SSL/TLS? Here are additional steps to set them up:
โ€‹How to configure DNS with ACMโ€‹
โ€‹How to configure DNS with wildcard private certsโ€‹
Now you are ready to invite new users to Atlan ๐Ÿ˜Š
Deployment - Previous
Deploy Using Terraform
Next
Deploy within Existing VPC
Last modified 3d ago
Copy link
Contents
๐Ÿ“œ Prerequisite
๐Ÿ› ๏ธ A step-by-step guide for Atlan cloud deployment on AWS
STEP 1: Create a new stack
STEP 2: Specify the stack details
Advanced configuration (optional)
STEP 3: Configure the stack options
STEP 4: Verify all the details
STEP 5: Wait 35-40 minutes for stack creation
STEP 6: Set up the admin account
STEP 7: Configure DNS and SSL/TLS (optional)