Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to:Image RemovedKyvos Enterprise  Image RemovedKyvos Cloud (Managed Services on AWS)  Image RemovedKyvos Azure Marketplace

Image RemovedKyvos AWS Marketplace  Image RemovedKyvos Single Node Installation (Kyvos SNI)  Image RemovedKyvos Free (Limited offering for AWSApplies to: Image Added Kyvos Enterprise Image Added Kyvos Cloud (SaaS on AWS) Image Added Kyvos AWS Marketplace

Image Added Kyvos Azure Marketplace Image Added Kyvos GCP Marketplace Image Added Kyvos Single Node Installation (Kyvos SNI)

...

Create EC2 Key Pairs

  1. From the AWS console, create two EC2 key pairs and upload them to S3 Bucket (Bucket name should be as per the Cluster name, and it should contain KM & Bastion host PEM keys)

  2. Use Keys in pem file format.

  3. One Key pair will be used to access the bastion host, and the other will be used to access all Kyvos nodes from the Kyvos Manager host.

  4. Used stack name and region in Keys name.

  5. If the stack name is demo, then the key names should be demo_bashtion.pem for the bastion host and demo_km.pem for Kyvos hosts.

Create EMR Keys

Manually create the KMS certificate by enabling In-Transit encryption and upload it on the S3 bucket.

  1. For this, execute the following commands on any Linux/Dev Box (172.26.41.26: root/impetus) to create the certificate to be used by the EMR service.

    $

...

  1. openssl

...

  1. req

...

  1. -x509

...

  1. -newkey

...

  1. rsa:1024

...

  1. -keyout

...

  1. privateKey.pem

...

  1. -out

...

  1. certificateChain.pem

...

  1. -days

...

  1. 365

...

  1. -nodes

...

  1. -subj
    '/C=US/ST=Washington/L=Seattle/O=MyOrg/OU=MyDept/CN=*.<AWS

...

  1. Region>.compute.internal'

    Use the region name for a certificate where the cluster will be deployed. In the below example, the cluster will be deployed in the us-east2 region.

    Example for us-east-2 region

    $

...

  1. openssl

...

  1. req

...

  1. -x509

...

  1. -newkey

...

  1. rsa:1024

...

  1. -keyout

...

  1. privateKey.pem

...

  1. -out

...

  1. certificateChain.pem

...

  1. -days

...

  1. 365

...

  1. -nodes

...

  1. -subj
    '/C=US/ST=Washington/L=Seattle/O=MyOrg/OU=MyDept/CN=*.us-east-2.compute.internal'
    $

...

  1. cp

...

  1. certificateChain.pem

...

  1. trustedCertificates.pem
    $

...

  1. zip

...

  1. -r

...

  1. -X

...

  1. <stack-name>-us-east2_emr_cert.zip

...

  1. certificateChain.pem

...

  1. privateKey.pem

...

  1. trustedCertificates.pem

    Example for intellicus-dryrun2 cluster

    $

...

  1. zip

...

  1. -r

...

  1. -X

...

  1. intellicus-dryrun2-us-east2_emr_cert.zip

...

  1. certificateChain.pem

...

  1. privateKey.pem

...

  1. trustedCertificates.pem

  2. Upload the generated keys to the S3 bucket and delete the certificate zip file from the Linux node.

Kyvos installation bundle access information

...