-
Notifications
You must be signed in to change notification settings - Fork 140
/
aws.html.md.erb
342 lines (293 loc) · 15 KB
/
aws.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
---
title: Installing Ops Manager on AWS
owner: Ops Manager
---
This guide describes how to install [<%= vars.platform_name %>](https://network.pivotal.io/products/pivotal-cf) on Amazon Web Services (AWS).
## <a id='overview'></a> Overview
You can install <%= vars.platform_name %> on AWS with either the <%= vars.app_runtime_full %> (<%= vars.app_runtime_abbr %>) or <%= vars.k8s_runtime_full %> (<%= vars.k8s_runtime_abbr %>) runtime. There are resource requirements specific to each runtime. Ensure you meet the requirements for your runtime and the requirements specific to AWS before installing <%= vars.platform_name %> on AWS.
## <a id="requirements"></a> Requirements
This section lists the following resource requirements for installing <%= vars.platform_name %> on AWS:
* General <%= vars.platform_name %> resource requirements. For more information, see [<%= vars.platform_name %> Resource Requirements](#general-requirements).
* AWS-specific resource requirements. For more information, see [AWS Resource Requirements](#aws-requirements).
### <a id="general-requirements"></a> <%= vars.platform_name %> Resource Requirements
This section lists resource requirements for installing <%= vars.platform_name %> on AWS. It includes general resource requirements for both the <%= vars.app_runtime_abbr %> and <%= vars.k8s_runtime_abbr %> runtimes.
See one of the following sections, depending on your runtime:
* [<%= vars.app_runtime_abbr %> Resource Requirements](#pas)
* [<%= vars.k8s_runtime_abbr %> Resource Requirements](#pks)
#### <a id="pas"></a> <%= vars.app_runtime_abbr %> Resource Requirements
The following are general resource requirements for deploying and managing an <%= vars.ops_manager %> deployment with <%= vars.app_runtime_abbr %>:
* <%= vars.app_runtime_abbr %> requires sufficient IP allocation. The following lists the minimum required IP allocations:
* One static IP address for either HAProxy or one of your Gorouters
* One static IP address for each job in each tile. For a full list, see the **Resource Config** pane for each tile.
* One static IP address for each job listed below:
* Consul
* NATS
* File Storage
* MySQL Proxy
* MySQL Server
* Backup Restore Node
* HAProxy
* Router
* MySQL Monitor
* Diego Brain
* TCP Router
* One IP for each VM instance created by the service.
* An additional IP address for each compilation worker. Use the following formula to determine the total IPs required: `IPs needed = static IPs + VM instances + compilation workers`.
* <%= vars.company_name %> recommends that you allocate at least 36 dynamic IP addresses when deploying <%= vars.ops_manager %> with <%= vars.app_runtime_abbr %>. BOSH requires additional dynamic IP addresses during installation to compile and deploy VMs, install <%= vars.app_runtime_abbr %>, and connect to services.
* <%= vars.company_name %> recommends using a network without DHCP for deploying <%= vars.app_runtime_abbr %> VMs.
<p class="note"><strong>Note:</strong> If you have DHCP, see <a href="./troubleshooting.html">Troubleshooting Deployment Problems</a> to avoid issues with your installation.</p>
#### <a id='pks'></a> <%= vars.k8s_runtime_abbr %> Resource Requirements
For <%= vars.k8s_runtime_abbr %>-specific resource requirements, see [AWS Prerequisites and Resource Requirements](https://docs.pivotal.io/tkgi/aws-requirements.html).
### <a id="aws-requirements"></a> AWS Resource Requirements
The following are AWS-specific resource requirements for installing <%= vars.platform_name %> on AWS with an external database and external file storage:
* Installing <%= vars.platform_name %> on AWS requires a minimum of the following VM instance limits in your AWS account. The number of VMs required depends on the number of tiles and availability zones (AZs) you plan to deploy. The following VM guidelines apply to the <%= vars.app_runtime_abbr %>, Small Footprint <%= vars.app_runtime_abbr %>, and <%= vars.k8s_runtime_abbr %> runtimes:
* **<%= vars.app_runtime_abbr %>:** At a minimum, a new AWS deployment requires the following VMs for <%= vars.app_runtime_abbr %>:
<table border="1" class="nice">
<tr>
<th>AWS Requirements</th>
<th>VM Name</th>
<th>VM Type</th>
<th>Default VM Count</th>
<th>Required or Optional VM</th>
</tr><tr>
<th rowspan=22><%= vars.app_runtime_abbr %></th>
<td>NATS</td>
<td>t3.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>File Storage</td>
<td>m5.large</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Proxy</td>
<td>t3.micro</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Server</td>
<td>r5.large</td>
<td>3</td>
<td>Optional</td>
</tr><tr>
<td>Backup Restore Node</td>
<td>t3.micro</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Diego BBS</td>
<td>t3.micro</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>UAA</td>
<td>m5.large</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Cloud Controller</td>
<td>m5.large</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>HAProxy</td>
<td>t3.micro</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>Router</td>
<td>t3.micro</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>MySQL Monitor</td>
<td>t3.micro</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Clock Global</td>
<td>t3.medium</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Cloud Controller Worker</td>
<td>t3.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Diego Brain</td>
<td>t3.small</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Diego Cell</td>
<td>r5.xlarge</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Loggregator Traffic Controller</td>
<td>t3.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Doppler Server</td>
<td>m5.large</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>TCP Router</td>
<td>t3.micro</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>CredHub</td>
<td>r5.large</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>Istio Router</td>
<td>r5.large</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>Istio Control</td>
<td>r5.large</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>Route Syncer</td>
<td>r5.large</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<th rowspan=2><%= vars.ops_manager %></th>
<td>BOSH Director</td>
<td>m5.large</td>
<td>1</td>
<td>Required</td>
</tr>
</table>
<p class="note"><strong>Note:</strong> If you are deploying a test or sandbox deployment that does not require high availability, then you can scale down the number of VM instances in your deployment. For more information, see <a href="../opsguide/scaling-ert-components.html">Scaling <%= vars.app_runtime_abbr %></a>.</p>
* **Small Footprint <%= vars.app_runtime_abbr %>:** To run Small Footprint <%= vars.app_runtime_abbr %>, a new AWS deployment requires:
<table id='aws-requirements' border="1" class="nice">
<tr>
<th>AWS Requirements</th>
<th>VM Name</th>
<th>VM Type</th>
<th>Default VM Count</th>
<th>Minimum HA VM Count</th>
<th>Required or Optional VM</th>
</tr><tr>
<th rowspan=12>Small Footprint <%= vars.app_runtime_abbr %></th>
<td>Compute</td>
<td>r5.xlarge</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Control</td>
<td>r5.xlarge</td>
<td>1</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Database</td>
<td>r5.large</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Router</td>
<td>t3.micro</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>File Storage</td>
<td>m5.large</td>
<td>1</td>
<td>N/A</td>
<td>Optional</td>
</tr><tr>
<td>Backup Restore Node</td>
<td>t3.micro</td>
<td>1</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Monitor</td>
<td>t3.micro</td>
<td>1</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>HAProxy</td>
<td>t3.micro</td>
<td>0</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>TCP Router</td>
<td>t3.micro</td>
<td>0</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Istio Router</td>
<td>r5.large</td>
<td>0</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Istio Control</td>
<td>r5.large</td>
<td>0</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>Route Syncer</td>
<td>r5.large</td>
<td>0</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<th rowspan=2><%= vars.ops_manager %></th>
<td>BOSH Director</td>
<td>m5.large</td>
<td>1</td>
<td>N/A</td>
<td>Required</td>
</tr>
</table>
<br />
* **<%= vars.k8s_runtime_abbr %>:** See [AWS Prerequisites and Resource Requirements](https://docs.pivotal.io/tkgi/aws-requirements.html).
* The following AWS resources are required for installing <%= vars.platform_name %> on AWS with <%= vars.app_runtime_abbr %>:
* Three Elastic Load Balancers (ELBs)
* One Relational Database Service. As a minimum, <%= vars.company_name %> recommends using a db.m5.xlarge instance with at least 100 GB of allocated storage.
* Five S3 buckets
## <a id="prerequisites"></a> Prerequisites
To install <%= vars.platform_name %> on AWS, you must:
* Increase or remove the VM instance limits in your AWS account. Installing <%= vars.platform_name %> requires more than the default 20 concurrent instances. For more information about VM resource requirements, see [Requirements](#requirements).
* Configure your AWS account with the appropriate AWS region. For more information about selecting the correct region for your deployment, see [Region and Availability Zone Concepts](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones) in the AWS documentation.
* Install the AWS CLI. Configure the AWS CLI with the user credentials that have admin access to your AWS account. To download the AWS CLI, see [AWS CLI](https://aws.amazon.com/cli/).
* Configure an AWS EC2 key pair to use with your <%= vars.platform_name %> deployment. For more information, see [Creating an EC2 Key Pair](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-keypair.html) in the AWS documentation.
* Register a wildcard domain for your <%= vars.platform_name %> installation. For more information, see [SSL/TLS Certificates for Classic Load Balancers](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html#create-cert) in the AWS documentation.
* Create an SSL certificate for your <%= vars.platform_name %> domain. For more information, see the [AWS documentation about SSL certificates](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html).
<p class="note"><strong>Note:</strong> To deploy <%= vars.platform_name %> to a production environment, you must obtain a certificate from a certificate authority. <%= vars.company_name %> recommends using a self-signed certificate generated by <%= vars.ops_manager %> for development and testing purposes only.</p>
* **(<%= vars.app_runtime_abbr %> only)** Configure sufficient IP allocation. For more information about IP allocation requirements, see [<%= vars.app_runtime_abbr %> Resource Requirements](#pas) above.
* (Optional) **(<%= vars.app_runtime_abbr %> only)** Configure external storage. <%= vars.company_name %> recommends using external storage if possible. For more information about how file storage location affects platform performance and stability during upgrades, see [Configure File Storage](https://docs.pivotal.io/application-service/<%= vars.current_major_version %>/operating/configuring.html#file-storage) in _Configuring <%= vars.app_runtime_abbr %> for Upgrades_.
* (Optional) **(<%= vars.app_runtime_abbr %> and <%= vars.ops_manager %> only)** Configure external databases. <%= vars.company_name %> recommends using external databases in production deployments for BOSH Director and <%= vars.app_runtime_abbr %>. An external database must be configured to use the UTC timezone.
* (Optional) **(<%= vars.app_runtime_abbr %> and <%= vars.ops_manager %> only)** Configure external user stores. When you deploy <%= vars.platform_name %>, you can select a SAML user store for <%= vars.ops_manager %> or a SAML or LDAP user store for <%= vars.app_runtime_abbr %>, to integrate existing user accounts.
## <a id="install"></a> Install <%= vars.platform_name %> on AWS
You can install <%= vars.platform_name %> on AWS either manually or using Terraform.
To install <%= vars.platform_name %> on AWS, see one of the following topics:
* [Installing <%= vars.platform_name %> on AWS Manually](aws-manual.html)
* [Install <%= vars.platform_name %> on AWS Using Terraform](aws-terraform.html)
## <a id="resources"></a> Additional Resources
The following are additional resources related to installing <%= vars.platform_name %> on AWS:
* For information about AWS identity and access management, see [What is IAM?](http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) in the AWS documentation.
* For information about users, groups, and roles in AWS, see [Identities (Users, Groups, and Roles)](http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html) in the AWS documentation.
* For best practices for managing IaaS users and permissions, see [Temporary Security Credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) in the AWS documentation.
* For recommendations on how to create and scope AWS accounts for <%= vars.platform_name %>, see [AWS Permissions Guidelines](aws-iaas-user-roles.html).
* For more information about certificate requirements for installing <%= vars.platform_name %>, see [Certificate Requirements](../adminguide/securing-traffic.html#certtypes).