Versions Compared

Old Version 1

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version Current

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. To increase or decrease BI Server or Query Engine nodes, following permissions need to be added in IAM roles:

    Code Block
    {
"Sid": "LaunchTemplateAndTerminateInstances",
"Effect": "Allow",
"Action": [
"ec2:GetLaunchTemplateData",
"ec2:TerminateInstances" ],
"Resource": "*",
"Condition": {
"StringEqualsIgnoreCase": {
"ec2:ResourceTag/UsedBy": "Kyvos"
}
}
},
{
"Sid": "CreateLaunchTemplate",
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:CreateLaunchTemplate",
"ec2:DeleteLaunchTemplate"
],
"Resource": "*"
}

  2. The ‘CreateTags’ permission needs to be removed. Hence, to create a separate policy for creating tags. Replace the following existing policy.

    Code Block
    {
"Condition":
{ "StringEqualsIgnoreCase":
{ "ec2:ResourceTag/UsedBy": "Kyvos" } },
 "Action": [ "ec2:DeleteTags", "ec2:CreateTags",
"ec2:DescribeInstanceStatus" ],
"Resource": "*",
"Effect": "Allow",
"Sid": "Ec2tagsPermissionKM" },

  3. After replacing the policy mentioned in Step-2, update the following policy.

    Code Block
    {
"Sid": "Ec2tagsPermissionKM",
"Effect": "Allow",
"Action": [
"ec2:DeleteTags",
"ec2:DescribeInstanceStatus"
],
"Resource": "*",
"Condition": {
"StringEqualsIgnoreCase": {
"ec2:ResourceTag/UsedBy": "Kyvos"
}
}
},
{
"Sid": "Ec2tagsPermissionKM2",
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": "*"
}

  4. Add a tag on all Query Engine and BI Server as cloudformation:stack-name and its value must be the stack name you provide.

  5. Remove the following existing policy for a condition.

    Code Block
     {
                  "Sid": "Ec2StartStopKyvos",
                  "Effect": "Allow",
                  "Action": [
                    "ec2:StopInstances",
                    "ec2:StartInstances",
                    "ec2:DescribeInstanceStatus"
                  ],
                  "Resource": "*",
                "Condition": {
                    "StringEqualsIgnoreCase": {
                      "ec2:ResourceTag/aws:cloudformation:stack-name": {
                        "Fn::Sub": "${AWS::StackName}"
                      }
                    }
                  }
                },

  6. After removing the policy mentioned in step-5 (as mentioned above) for a condition, update the following policy.

    Code Block
    {
                  "Sid": "Ec2StartStopKyvos",
                  "Effect": "Allow",
                  "Action": [
                    "ec2:StopInstances",
                    "ec2:StartInstances",
                    "ec2:DescribeInstanceStatus"
                  ],
                  "Resource": "*",
                  "Condition": {
                    "StringEqualsIgnoreCase": {
                      "ec2:ResourceTag/cloudformation:stack-name": {
                        "Fn::Sub": "${AWS::StackName}"
                      }
                    }
                  }
                },

Post-upgrade steps to manually configure Heap memory