Deploy in AWS

How to Deploy in AWS

๐Ÿ“œ Prerequisites

  • Create an AWS sub-account(optional but recommended). AWS sub-account will help monitor cost and will be more secure as there will be no interference with production or other workloads running in existing AWS accounts.

  • Create a user with the following users who should have below IAM permissions.

IAM User Permissions

๐Ÿ‘€ Note: You can create a new IAM user or use an existing user with the above permissions to deploy Atlan CF. After stack creation is completed you can remove the permissions from the IAM User.

๐Ÿ› ๏ธ A Step-by-Step Guide for Atlan Cloud Deployment on AWS

STEP 1: Go to CloudFormation AWS console and select "Create a New Stack".

STEP 2: Fill in the required parameters that are needed by the CF template to create the resources.**

Details of what to fill in each parameter field are given below.

  • Key Name: AWS key pair which will be used to launch EC2 machines. Make sure you have access to this AWS key pair.

  • License URL: Enter the License URL which is shared by the Atlan team. Deployment will fail without License URL.

  • Other parameters: Use the default value.

The image below will help you in filling up the details.

Sample Parameter List-1
Sample Parameter List -2

Advanced Configuration (Optional)

  • VPC Configuration: Create network resources like VPC, InternetGateway, NatGateway, Subnets and Security Groups. The defaults are already present.

๐Ÿ‘€ Note:

  • VPC CIDR: Creates a new VPC CIDR block. Do ensure that the CIDR range is different from that of your existing VPC which might need to be peered with Atlan's VPC. Also, do not overlap with any CIDR block assigned to the IP CIDR to be used by the EKS cluster.

  • VPC CIDR IP addresses used:

  • Public Subnet: 50 IP addresses

  • Private Subnets: 250 IP addresses

  • EKS Cluster IP CIDR: The CIDR block to assign Kubernetes service IP addresses. If you don't specify a block, Kubernetes assigns addresses 172.20.0.0/16 CIDR. We recommend that you specify a block that does not overlap with resources in other networks peered or connected to your VPC. The block must meet the following requirements:

  • Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0.0/12, or 192.168.0.0/16.

  • Does not overlap with any CIDR block assigned to the VPC that you selected for VPC.

  • Netmask between /24 and /12.

  • 10.0.0.0/8, 192.168.0.0/12 wonโ€™t work. Make sure netmask and CIDR block is between the mentioned ranges.

  • Recommended CIDR range /16.

  • Termination Protection: On the Specify stack options page of the Create stack wizard, under Advanced options, expand the Termination Protection section and select Enable. (Recommended)

โ€‹Termination Protectionโ€‹

To enable on existing stacks https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-protect-stacks.htmlโ€‹

  • Choosing ManagedNodeGroup (Default) OR AutoScalingNodeGroup:

NodeGroupSelection
  • You can choose to keep the AMI field empty if you donโ€™t need a custom AMI.

  • If you need to set up a custom EC2 AMI in place of AWS EKS optimised AMI for 1.17 version, make sure to choose โ€œAutoScalingNodeGroupโ€.

  • โ€œManagedNodeGroupโ€ does not support custom AMIs

  • Amazon Elastic Kubernetes Service (Amazon EKS) has open-sourced the build scripts that are used to build the Amazon EKS optimized AMI. These build scripts are now available on GitHub. More details on building a Custom AMIs for EKS find more details here:

    โ€‹https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-build-scripts.htmlโ€‹

STEP 3: After entering the values of the parameters, click on the "Next" button and define the Tags as per IT or Security compliance guidelines. Else, proceed to the next step by clicking on the "Next" button.

Tags

STEP 4: Verify all the details and enable the "IAM options" at the bottom and then click on the "Create stack" button.

Accept

STEP 5: It will take around 35 to 40 minutes for stack creation.

Output

In case you face any issue, recheck the parameters. Otherwise, reach out to Atlan Support team with the Cloudformation error logs.

Cloudformation template is now successful ๐ŸŽ‰

STEP 6: Setup Admin account**

Post-deployment, users need to set up the organization. Just follow the instruction given below to do that ๐Ÿ‘‡

  • Access the AtlanUrl which is displayed as output in CF stack and fill the setup page:

Setup
  • Log in with the email and password entered on the setup page.

Login

STEP 7: Configure DNS and SSL/TLS (Optional)

Additional steps to set this up can be found here: How to configure DNS for Atlan?โ€‹

Now you are ready to invite new users to Atlan ๐Ÿ˜Š