...
Configuration | Parameter | Description/Remarks | ||
---|---|---|---|---|
Security Configurations | Select the name of the Key Pair to be used with EC2 instances | A key pair consisting of a public key (stored by AWS), and a private key file (stored by the user). Together, they allow you to connect to your instance securely. | ||
Enter the SSH Private Key text | Provide the text of your SSH key. To get this, open your .pem file in edit mode, and copy the complete text. | |||
Enable SSH for EMR/Databricks cluster | Set the value as true to enable SSH for the EMR cluster. NOTE: Currently, the only value for Databricks is false, as SSH is not supported on it. | |||
S3 Configurations | Enter name of the S3 bucket for storing Kyvos semantic model | Enter the name of your existing bucket, if you selected False above. If you select True, Kyvos will create a bucket with this name. Ensure that the bucket is not already in use. NOTE: See the AWS rules for naming buckets. Additionally, Kyvos does not allow . (dot) to be used for Bucket Name. The cluster may fail to deploy if you do not meet these requirements. | ||
Network Configurations | Select the name of the Key Pair to be used with Bastion Host | A key pair consisting of a public key (stored by AWS), and a private key file (stored by user). Together, they allow you to connect to your instance securely. For example, select AWS::EC2::KeyPair::KeyName | ||
VPC Configurations | Specify an IPv4 CIDR block of existing VPC. | Please enter the IP range (CIDR notation) for this VPC | ||
Select the VPC in which EC2 instances will be launched. NOTE: If you have created your VPC using the NAT Gateway template or the Internet Gateway template, select that VPC here. | Subnet | Select the Subnet | Select the VPC from the list. | |
Load Balancer Configuration | PublicSubnets | Select the Private Subnets to be attached to EC2 instances. NOTE: In the case of Kyvos Web Portal HA (High Availability) or an RDS repository, you must select at least two subnets from different Availability Zones. Otherwise, you have to select only one subnet. | ||
Availability Zone | Select the Availability Zone for the selected Subnet. | |||
IAM Roles Configurations | Enter the name of the IAM Role that will be attached to all the Kyvos EC2 instances | Provide the name of the IAM Role that you want to attach to the EC2 instance. Refer to the section /wiki/spaces/KD20233/pages/18448740 to create new roles. | ||
Enter the name of the IAM Role that will be attached to all the Lambda functions | Provide the name of the IAM Role that you want to attach to the Lambda function. Refer to the section /wiki/spaces/KD20233/pages/18448740 to create new roles. | |||
Custom Prefix Configurations | Custom Prefix Ec2 Instances | Enter the prefix you want to append to the names of EC2 instances used with Kyvos. NOTE: The prefix can be up to 20 characters long and must begin and end with a word character. | ||
Custom Prefix Volumes | Enter the prefix you want to append to the names of Volumes used with Kyvos. NOTE: The prefix can be up to 20 characters long and must begin and end with a word character. | |||
Custom Prefix Other Services | Enter the prefix to be append before the services. These services include Security Groups, EMR , Load balancer, and RDS . NOTE: The prefix can be up to 20 characters long and must begin and end with a word character. | |||
Custom Prefix Secret Manager | Enter the prefix you want to append to the Secrets Manager used with Kyvos. NOTE: The prefix can be up to 20 characters long and must begin and end with a word character. The parameter is displayed only when you select the Deploy with Enhanced Security checkbox while creating the CFT template. | |||
Select 2 private subnets, each from a different availability zone. | ||||
Select the Public Subnets to be attached to EC2 instances | Select 2 public subnets, each from a different availability zone. Make sure that public subnet's availability zone matches the availability zone of the private subnets in which Kyvos instances are launched. | |||
RDS Configurations | Create a new subnet group for RDS? | Select True to create a new subnet group for RDS. | ||
Enter the name of existing Subnet group | If creating a new subnet group for RDS is false, enter the name of the existing subnet group. | |||
Specify whether the database instance is a multiple Availability Zone deployment | Select True to specify the database instance is a multiple availability zone deployment. | Choose the version of RDS which needs to be launched | Enter the RDS version to be launched. NOTE: From Kyvos 2023.2 onwards, RDS Postgres version 13.11 is supported for both new deployments and upgrades. Support for version 13.6 is discontinued. | |
EMR Configurations | Enter the number of Core EC2 Instances to be launched with EMR | The number of Core EC2 Instances to be launched with EMR. Recommended value: 2 | ||
Enter the minimum number of Core EC2 instances that should be kept running | The minimum number of core nodes that will keep running during scale-in operation. Recommended value: 2 | |||
Enter the maximum number of Core EC2 instances that should be kept running | The maximum number of core nodes that can be used by the EMR during scale-out operation. Recommended value: 10 | Enter the version of EMR which needs to be launched | Select the EMR version to be used for the Kyvos cluster. The allowed value is EMR- 6 . 10 .0.NOTE: EMR-6. 10.0 is supported only if you enable Livy on the cluster. You will see the EMR version followed by CERTIFIED indicating if the EMR version is supported by Kyvos. | |
Enable In-transit encryption for EMR cluster | Set the value of this parameter to true if you need in-transit encryption with TLS for the EMR cluster. | |||
Enter the S3Object ARN where PEM based certificate is located | Enter the S3Object Amazon Resource Name (ARN) of the KMS certificate. NOTE: This is required only if you have enabled in-transit encryption for the EMR cluster. | |||
Kyvos Configurations | Enter the Access key | Access key to access the Kyvos bundle. Contact us if you haven't received it yet. | ||
Enter the Secret key | Secret key to access the Kyvos bundle. Contact us if you haven't received it yet. | |||
Kyvos Work Directory | Enter the work directory path to be used by Kyvos. | |||
Kyvos License Information | Enter the temporary Kyvos license key provided in your onboarding email. Copy the content of the license file here. | |||
Enable Environment validation | Select true to validate the environment information that you provided for where the Kyvos cluster needs to be deployed. If you select false, the deployment will continue without validation. | |||
Show hostname for cluster deployment | Select true to use the hostname for cluster deployment. | |||
DatabaseKmRepo | Enter the name of database to be used for Kyvos Manager Repository. NOTE: This parameter is displayed only when you select the Create New RDS option during the Kyvos template creation. | |||
KyvosManagerRepoDBInstanceIdentifierName | Instance Name of shared RDS NOTE: This parameter is displayed only when you select the Existing RDS option during the Kyvos template creation. | |||
RDSPasswordKmRepo | RDS Configurations | Postgres Password Kyvos | RDSPasswordKmRepo | Specifies the value of the password used for Kyvos Manager Postgres NOTE: This parameter is displayed only when you specify the KyvosManagerRepoDBInstanceIdentifierName parameter. |
PostgresPassword | Provide the password used for Postgres. | |||
Specifies the value of the password used for KyvosManager Repository. Repository. NOTE The password can include any printable ASCII character except "/", """, "@" and single quote. NOTE: This parameter is displayed only when you select the Create New RDS option during the Kyvos template creation. | ||||
Kyvos Credit Load Information | Enter a valid Kyvos credit load key. | |||
Kyvos Shared Credit Information Existing Repository | Enter the endpoint and port of the Shared Credit Information Repository. NOTE: You MUST add a semicolon after providing the endpoint and specify the port. For example, endpoint: port. | |||
Kyvos Credit Information Existing Secret | Enter the secret name used for Shared Credit Information Repository. | |||
SecretName | Enter the name of your existing Secret Manager. If blank, a new Secret Manager will be created automatically. | |||
Allowed IP Range | ||||
Advanced Configurations | Select Instance Type which will be used for Query Engines. | Select the required instance type that will be used for Query Engines. | ||
Select Instance Type which will be used for BI Server. | Select the required instance type that will be used for BI Server. | |||
Name of IAM User to give permissions on KMS key | Specify the name of IAM User to give permissions on KMS key. | |||
Enable Environment validation | By default, the False value is selected to enable the environment validation. | |||
Allowed IP Range | Provide the range of IP addresses allowed to access Kyvos Instances. Use 0.0.0.0/0 to allow all users access. | |||
UsernameKmRepo | Enter the username to be used for connecting to the Kyvos Manager Repository. NOTE: This parameter is displayed only when you select the Create New RDS option during the Kyvos template creation. | |||
Enable Livy Server for EMR cluster | If you have selected the EMR version as 6. 10 .0, you MUST enable Livy . | |||
PublicSubnets | For deployments with Web portal high availability, if you selected a public subnet while creating the template, please select two public subnets. | |||
AMI Configurations
(Displayed only if you selected the Custom Image option at the time of creating the template) | Enter the AMI default logged in Linux user | Each Linux instance launches with a default Linux system user account. For more details, refer to AWS documentation. | ||
Enter the AMI ID to be used for launching Kyvos Instances | Provide the AMI ID.. | |||
Email ID | You will receive Kyvos Application URLs and Cloudwatch Alarm Notifications on this email address. | |||
Cloudwatch Alarms | Select true to receive Cloudwatch Alarm Notifications on the above email address if provided. | |||
Password for Kyvos and Kyvos Manager. | Enter the Admin password for Kyvos and Kyvos Manager Web portal. Keep this admin username and password safe for future reference. |
Click NEXT.
Step 3: Configure stack options
Tags: You can specify tags (key-value pairs) to apply to resources in your stack. You can add up to 50 unique tags for each stack.
Permissions: Choose an IAM role to explicitly define how CloudFormation can create, modify, or delete resources in the stack. If you don't choose a role, CloudFormation uses permissions based on your user credentials.
Stack failure options: You can specify roll back behavior for a stack failure. For more information, see AWS documentation.
Advanced options: Optionally, you can set additional options for your stack, like notification options and a stack policy.
Enter details as:
Parameter | Description/Remarks |
---|---|
Stack policy | Defines the resources that you want to protect from unintentional updates during a stack update. Kyvos does not allow any updates in the stack, so you can leave this blank. |
Rollback configuration | Specify alarms for CloudFormation to monitor when creating and updating the stack. If the operation breaches an alarm threshold, CloudFormation rolls it back. |
Monitoring time (optional): The number of minutes after the operation completes that CloudFormation should continue monitoring the specified alarms. | |
CloudWatch alarm (optional): Amazon Resource Name (ARN) of the alarm to monitor. | |
Notification options | Specify SNS topic ARN (optional). |
Stack creation options | Rollback on failure: Specifies whether the stack should be rolled back if stack creation fails. |
Timeout: The number of minutes before a stack creation times out. | |
Termination protection: Prevents the stack from being accidentally deleted. Once created, you can update this through stack actions. |
Click NEXT.
Step 4: Review
Review the settings selected so far. Click Previous if you need to change any configurations.
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Warning Please review the settings and information thoroughly. Once the stack is created, you CANNOT update any information. You will have to delete the stack and start over again. |
Step 5: Create Stack
To proceed, select the I acknowledge checkbox and click Submit to create and deploy the Kyvos cluster on your AWS environment.
Stack creation starts and takes around 20-25 minutes. Once the cluster is deployed, you will receive an email with URL to access Kyvos Manager and Kyvos through which deployed Kyvos on AWS can be accessed.