Versions Compared

Old Version 5

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version Current

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to:

...

Image Modified

...

Kyvos

...

Enterprise Image Modified

...

Kyvos Cloud (

...

SaaS on AWS)

...

Image Added Kyvos AWS Marketplace

Image Modified

...

Kyvos Azure Marketplace

...

Image Modified  Kyvos AWS Marketplace  GCP Marketplace Image Modified  Kyvos Single Node Installation (Kyvos SNI)  Image Removed Kyvos Free (Limited offering for AWS)

...

Create EC2 Key Pairs

  1. From the AWS console, create two EC2 key pairs and upload them to S3 Bucket (Bucket name should be as per the Cluster name, and it should contain KM & Bastion host PEM keys)

  2. Use Keys in pem file format.

  3. One Key pair will be used to access the bastion host, and the other will be used to access all Kyvos nodes from the Kyvos Manager host.

  4. Used stack name and region in Keys name.

  5. If the stack name is demo, then the key names should be demo_bashtion.pem for the bastion host and demo_km.pem for Kyvos hosts.

Create EMR Keys

Manually create the KMS certificate by enabling In-Transit encryption and upload it on the S3 bucket.

  1. For this, execute the following commands on any Linux/Dev Box (172.26.41.26: root/impetus) to create the certificate to be used by the EMR service.

    $

...

  1. openssl

...

  1. req

...

  1. -x509

...

  1. -newkey

...

  1. rsa:1024

...

  1. -keyout

...

  1. privateKey.pem

...

  1. -out

...

  1. certificateChain.pem

...

  1. -days

...

  1. 365

...

  1. -nodes

...

  1. -subj
    '/C=US/ST=Washington/L=Seattle/O=MyOrg/OU=MyDept/CN=*.<AWS

...

  1. Region>.compute.internal'

    Use the region name for a certificate where the cluster will be deployed. In the below example, the cluster will be deployed in the us-east2 region.

    Example for us-east-2 region

    $

...

  1. openssl

...

  1. req

...

  1. -x509

...

  1. -newkey

...

  1. rsa:1024

...

  1. -keyout

...

  1. privateKey.pem

...

  1. -out

...

  1. certificateChain.pem

...

  1. -days

...

  1. 365

...

  1. -nodes

...

  1. -subj
    '/C=US/ST=Washington/L=Seattle/O=MyOrg/OU=MyDept/CN=*.us-east-2.compute.internal'
    $

...

  1. cp

...

  1. certificateChain.pem

...

  1. trustedCertificates.pem
    $

...

  1. zip

...

  1. -r

...

  1. -X

...

  1. <stack-name>-us-east2_emr_cert.zip

...

  1. certificateChain.pem

...

  1. privateKey.pem

...

  1. trustedCertificates.pem

    Example for intellicus-dryrun2 cluster

    $

...

  1. zip

...

  1. -r

...

  1. -X

...

  1. intellicus-dryrun2-us-east2_emr_cert.zip

...

  1. certificateChain.pem

...

  1. privateKey.pem

...

  1. trustedCertificates.pem

  2. Upload the generated keys to the S3 bucket and delete the certificate zip file from the Linux node.

Kyvos installation bundle access information

...