Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Applies to:Image ModifiedKyvos Enterprise  Image ModifiedKyvos Cloud (Managed Services on AWS)  Image ModifiedKyvos Azure Marketplace

Image ModifiedKyvos AWS Marketplace  Image ModifiedKyvos Single Node Installation (Kyvos SNI)  Image ModifiedKyvos Free (Limited offering for AWS)

...

To deploy the Kyvos using the default CloudFormation template, perform the following steps.

...

  1. Enter a Stack name. Stack name can contain letters (A-Z and a-z), numbers (0-9), and dashes (-). The Kyvos cluster will be deployed in this name, and you cannot edit the name after deployment.

  2. The Parameters area displays the configurations defined in your template. It also allows you to enter custom values to create or update a stack.

  3. Enter details as:

    Configuration

    Parameter

    Description/Remarks

    Security Configurations Select the name of the Key Pair to be used with EC2 instances

    A key pair consisting of a public key (stored by AWS), and a private key file (stored by the user). Together, they allow you to connect to your instance securely.

    Enter the SSH Private Key text Provide the text of your SSH key. To get this, open your .pem file in edit mode, and copy the complete text.
    Enable SSH for EMR/Databricks cluster 

    This is not applicable to Databricks, as SSH is not supported on it. Hence, false is selected by default and cannot be changed.

    S3 Configurations Enter name of the S3 bucket for storing Kyvos semantic models

    Enter the name of your existing bucket, if you selected False above. If you select True, Kyvos will create a bucket with this name. Ensure that the bucket is not already in use.

    NOTE: See the AWS rules for naming buckets. Additionally, Kyvos does not allow . (dot) to be used for Bucket Name. The cluster may fail to deploy if you do not meet these requirements.

    Network Configurations VPC Select the VPC in which EC2 instances will be launched.
    NOTE: If you have created your VPC using the NAT Gateway template or the Internet Gateway template, select that VPC here.
    Subnet Select the Subnet to be attached to EC2 instances.
    NOTE: In the case of Kyvos Web Portal HA (High Availability) or an RDS repository, you must select at least two subnets from different Availability Zones. Otherwise, you have to select only one subnet.
    Availability Zone

    Select the Availability Zone for the selected Subnet.

    IAM Roles Configurations


    Enter the name of the IAM Role that will be attached to all the Kyvos EC2 instances  

    Provide the name of the IAM Role that you want to attach to the EC2 instance.

    Refer to the section Creating IAM Roles for EC2 and Lambda to create new roles. 

    Enter the name of the IAM Role that will be attached to all the Lambda functions  

    Provide the name of the IAM Role that you want to attach to the Lambda functions.

    Refer to the section Creating IAM Roles for EC2 and Lambda to create new roles. 

    Custom Prefix Configurations




    Custom Prefix EC2 Instances 

    Enter the prefix to be append before Virtual Machines.

    NOTE: The prefix can be up to 20 characters long and must begin and end with a word character.

    Custom Prefix Volumes

    Enter the prefix to be append before Disks of Virtual Machines.

    NOTE: The prefix can be up to 20 characters long and must begin and end with a word character.

    Custom Prefix Other Services 

    Enter the prefix to be append before the services: security groups, EMR, load balancer, and RDS (if included).

    NOTE: The prefix can be up to 20 characters long and must begin and end with a word character.

    Custom Prefix Secret Manager 

    Enter the prefix to be append before Secret Manager.

    NOTE:

    • The prefix can be up to 20 characters long and must begin and end with a word character.
    • The parameter is displayed only when you select the Deploy with Enhanced Security checkbox while creating the CFT template. 
    RDS Configurations 


    Create a new subnet group for RDS? Select True to create a new subnet group for RDS.
    Enter the name of existing Subnet group If creating a new subnet group for RDS is false, enter the name of the existing subnet group.
    Specify whether the database instance is a multiple Availability Zone deploymentSelect True to specify the database instance is a multiple availability zone deployment.  
    Choose the version of RDS which needs to be launched

    Enter the RDS version to be launched. 

    NOTE: From Kyvos 2023.2 onwards, RDS Postgres version 13.11 is supported for both new deployments and upgrades. Support for version 13.6 is discontinued.

    Databricks ConfigurationsDatabricks token  Enter the Databricks token to be used by  Kyvos .  
    Databricks URL  URL of Databricks Workspace.  
    Databricks Cluster Id  Cluster id of Databricks Cluster.  
    Databricks  Organization  id   Organization id of Databricks Workspace.  
    Databricks Role ARN  Enter the Role ARN to be used with the S3 bucket.  
    Kyvos Configurations
    Access key to access the Kyvos bundle. Contact us if you haven't received it yet.
    The secret key to access the Kyvos bundle. Contact us if you haven't received it yet.
    Enter the work directory path to be used by Kyvos.
    Enable Public IP for Kyvos Web Portal Select true to enable Public IP for the Kyvos Web portal, else select the  false option.
    NOTE: If you created your VPC using the Internet Gateway template, select true here. This will ensure that the Kyvos Web Server machine is accessible from your computer network. In this case, you will not need to configure Bastion host or load balancer for the Kyvos Web portal.
    Enter the temporary Kyvos license key provided in your onboarding email. Copy the content of the license file here.
    Enable Environment validation Select true to validate the environment information that you provided for where the Kyvos cluster needs to be deployed. 
    If you select false, the deployment will continue without validation.
    Show hostname for cluster deployment  Select true to use the hostname for cluster deployment.
    DatabaseKmRepo

    Enter the name of database to be used for Kyvos Manager Repository.

    NOTE: This parameter is displayed only when you select the Create New RDS option during the Kyvos template creation. 

    KyvosManagerRepoDBInstanceIdentifierName

    Instance Name of shared RDS

    NOTE: This parameter is displayed only when you select the Existing RDS option during the Kyvos template creation. 

    PostgresPasswordProvide the password used for Postgres.
    RDSPasswordKmRepo

    Specifies the value of the password used for KyvosManager Repository. The password can include any printable ASCII character except "/", """, "@" and single quote. 

    NOTE: This parameter is displayed only when you select the Create New RDS option during the Kyvos template creation. 

    Kyvos Credit Load InformationEnter a valid Kyvos credit load key.
    Kyvos Shared Credit Information Existing RepositoryEnter the endpoint and port of the Shared Credit Information Repository.  
    NOTE: You MUST add a semicolon after providing the endpoint and specify the port. For example, endpoint: port
    Kyvos Credit Information Existing Secret Enter the secret name used for Shared Credit Information Repository. 
    SecretName  Enter the name of your existing Secret Manager. If blank, a new Secret Manager will be created automatically.
    Allowed IP Range  Provide the range of IP addresses allowed to access Kyvos Instances. Use 0.0.0.0/0 to allow all users access.  
    UsernameKmRepo

    Enter the username to be used for connecting to the Kyvos Manager Repository.

    NOTE: This parameter is displayed only when you select the Create New RDS option during the Kyvos template creation. 

    PublicSubnets For deployments with Web portal high availability, if you selected a public subnet while creating the template, please select two public subnets.

    AMI Configurations 

    (Displayed only if you selected the Custom Image option at the time of creating the template)

    Enter the AMI default logged in Linux user  Each Linux instance launches with a default Linux system user account. For more details, refer to AWS documentation.
    Enter the AMI ID to be used for launching Kyvos Instances   Provide the AMI ID.


  4. Click NEXT.

Step 3: Configure stack options

  1. Tags: You can specify tags (key-value pairs) to apply to resources in your stack. You can add up to 50 unique tags for each stack. 

    Info

    If deploying in a secure environment with Ranger deployed on AWS, then you MUST provide the tag as UsedBy=Kyvos

    DO NOT use the UsedBy tag for any other deployments.


  2. Permissions: Choose an IAM role to explicitly define how CloudFormation can create, modify, or delete resources in the stack. If you don't choose a role, CloudFormation uses permissions based on your user credentials.

  3. Advanced options: Optionally, you can set additional options for your stack, like notification options and a stack policy. 
    Enter details as:

    Parameter

    Description/Remarks

    Stack policy

    Defines the resources that you want to protect from unintentional updates during a stack update. Kyvos does not allow any updates in the stack, so you can leave this blank.

    Rollback configuration

    Specify alarms for CloudFormation to monitor when creating and updating the stack. If the operation breaches an alarm threshold, CloudFormation rolls it back.

    • Monitoring time (optional): The number of minutes after the operation completes that CloudFormation should continue monitoring the specified alarms.
    • CloudWatch alarm (optional): Amazon Resource Name (ARN) of the alarm to monitor.

    Notification options

    Specify SNS topic ARN (optional).

    Stack creation options

    • Rollback on failure: Specifies whether the stack should be rolled back if stack creation fails.
    • Timeout: The number of minutes before a stack creation times out.
    • Termination protection: Prevents the stack from being accidentally deleted. Once created, you can update this through stack actions.

    Click the image to see a full-size view.

Step 4: Review

Review the settings selected so far. Click Previous if you need to change any configurations.

...

  • For using Secrets Manager: 
    1. Navigate to AWS Secrets Manager.
    2. Add KYVOS-CONNECTION-DATABRICKS-TOKEN secret.
    3. Navigate to the Kyvos Manager.
    4. Click the Databricks option on the Navigation pane. On the Databricks page, click the Fetch Parameter button.
    5. Click the Apply button from the top-right of the screen.
    6. Restart the BI Server.
  • For Cross-Account Glue: Add the ARN of EC2 IAM role and Databricks (instance profile) IAM role and add the table name in the Glue settings.

...