Versions Compared

Old Version 2

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version 3

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: (tick)Kyvos Enterprise  (error) Kyvos Cloud (SaaS on AWS) (error) Kyvos AWS Marketplace

...

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#FFFAE6

Important

Download the AWS Installation Files folder and keep all the requisite files handy during installation and deployment. 

Common prerequisites

Regardless of the type of installation, the following prerequisites should be available.

  1. EC2 key pair, consisting of a private key and a public key. You can create the key pair if needed.

Networking requirements

  1. Use the Network CloudFormation template to automatically create network resources (VPC, Subnet, and Security Group). 

    1. If you want to deploy your network with NAT Gateway, use the NATGateway Template (vpc_nat.json file in the installation folder).

    2. If you want to deploy your network with Endpoints, use the Endpoints Template ( vpc_internet_gateway.json file in the installation folder).
      OR

    3. If you want to use existing network resources, perform the following steps in your VPC. 

      1. You must create VPC Endpoints within your VPC to connect with the AWS services. Else, you must have the internet and NAT Gateway in the subnet.

        List of VPC Endpoints for AWS services required by Kyvos:

...

AWS Service Name

Description/Purpose

VPC Endpoint Name

CloudWatch logs

Used to send bootstrap logs of the EC2 machines to CloudWatch Logs.

com.amazonaws.{AWS-REGION}.logs

CloudFormation

Used by Kyvos Manager at the time of deployment to validate and get details from the AWS stack in CloudFormation.

com.amazonaws.{AWS-REGION}.cloudformation

CloudWatch Event

Used to schedule events on CloudWatch Event for scheduled starting of the Kyvos BI Server.

com.amazonaws.{AWS-REGION}.events

S3

Used to connect to S3 bucket for reading raw data and writing metadata.

com.amazonaws.{AWS-REGION}.s3

RDS

Used for scheduled start/stop of the Kyvos cluster along with RDS.

com.amazonaws.{AWS-REGION}.rds

EC2

Used by Kyvos Manager to describe EC2 and Kyvos BI Server for scheduled start/stop of Query Engines.

com.amazonaws.{AWS-REGION}.ec2

Secrets Manager

Used by the Kyvos BI Server to get the passwords stored in AWS Secrets Manager.

com.amazonaws.${AWS-REGION}.secretsmanager

Permission requirements

  1. You can create IAM roles using the CloudFormation template (wizard_based_deployment_iam_role.json file).
    OR

  2. Create IAM Role for:

    1. Lambda that will be attached to the Kyvos-created Lambda functions. This role contains all the permissions required by lambda functions to run.
      Download the ec2_iam_policy.json and lambda_iam_policy.json files in the installation folder.

  3. S3 Bucket permissions for using existing bucket

    If you want to use an existing S3 bucket and IAM role, or if you want to read data from an S3 bucket other than where Kyvos is deployed, then the IAM role must have the following permissions on the S3 bucket.

...