Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#FFFAE6

Important

  • Download the AWS Installation Files folder and keep all the requisite files handy during installation and deployment. 

  • The load balancer will be added by default when creating resources in automated deployment.

  • The CloudFormation deployment templates for both primary and disaster recovery now include automated key pair creation for AWS Managed Services and AWS Marketplace. The key pairs are required for several nodes, such as the bastion host, Kyvos Manager (KM), Query Engine (QE), EMR, and Business Intelligence (BI). For more information, see Step 3, as explained below.

...

  1. AWS CloudFormation template. Contact  Kyvos support to get your custom template. Alternatively, you can download thedefault templatefile from the AWS Installation Files folder or create a template as per your requirements.

  2. The CloudFormation template can be deployed through the logged-in user or a role. The logged-in user must have the required policies given in the aws-console-user-iam-policy.json file in the AWS Installation Files folder.

  3. Both primary and disaster recovery CloudFormation deployment templates now have automated key pairs creation . deployments (applicable for managed service and marketplace)

    Anchor
    step3
    step3

    1. Storage Location: The generated key pairs are stored in the designated Amazon S3 buckets.

    2. The key pairs are stored in the following locations:

      • For Primary Deployment: OutputBucketName/user/engine_work/keys/

      • For DR Deployment: CrossRegionDrBucketName/user/engine_work/keys/

    3. Key Names: The naming convention for key pairs has been standardized to improve clarity and usability.
      NOTE: The key pair for the bastion host is named bastionhost.pem, while the key pair for other nodes is named kyvos.pem.

  4. Networking requirements:

    1. Use the Network CloudFormation template to automatically create network resources (VPC, Subnet, and Security Group). 

      1. If you want to deploy your network with NAT Gateway, use the NATGateway Template (vpc_nat.json file) provided in the AWS Installation Files folder . 
        OR

    2. If you want to use existing network resources, perform the following steps in your VPC. 

      1. You must create VPC Endpoints within your VPC to connect with the AWS services. Else, you must have the internet and NAT Gateway in the subnet.

        List of VPC Endpoints for AWS services required by Kyvos:

        AWS Service Name

        Description/Purpose

        VPC Endpoint Name

        CloudWatch logs

        Used to send bootstrap logs of the EC2 machines to CloudWatch Logs.

        com.amazonaws.{AWS-REGION}.logs

        EMR

        Used to connect to EMR from the Kyvos BI Server for creating on-demand EMR and other EMR related activities

        com.amazonaws.{AWS-REGION}.elasticmapreduce

        Glue

        Used to connect to Glue from the Kyvos BI Server and fetch metadata of the tables stored.

        com.amazonaws.{AWS-REGION}.glue

        Cloudformation

        Used by Kyvos Manager at the time of deployment to validate and get details from the AWS stack in Cloudformation.

        com.amazonaws.{AWS-REGION}.cloudformation

        CloudWatch Event

        Used to schedule events on CloudWatch Event for scheduled starting of the Kyvos BI Server.

        com.amazonaws.{AWS-REGION}.events

        S3

        Used to connect to an S3 bucket for reading raw data and writing metadata.

        com.amazonaws.{AWS-REGION}.s3

        RDS

        Used for scheduled start/stop of the Kyvos cluster along with RDS.

        com.amazonaws.{AWS-REGION}.rds

        EC2

        Used by Kyvos Manager to describe EC2 and Kyvos BI Server for scheduled start/stop of Query Engines.

        com.amazonaws.{AWS-REGION}.ec2

        Secrets Manager

        Used by the Kyvos BI Server to get the passwords stored in AWS Secrets Manager.

        com.amazonaws.${AWS-REGION}.secretsmanager

...