Remote Subscriber Database (RSD) AWS hosting setup guide: Difference between revisions

From Discovery Data Service
Jump to navigation Jump to search
No edit summary
No edit summary
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:


This deployment guide covers some suggested initial installation steps if you want to run the Discovery remote subscriber database in a new Amazon Web Services account.
This deployment guide covers some suggested initial installation steps if you want to run a Discovery remote subscriber database in a new Amazon Web Services account.


The installation is simplified using cloudformation (cfn) scripts that create the AWS resources on your behalf.
The installation is simplified using cloudformation (cfn) scripts that create the AWS resources on your behalf.


The following manual steps are required before and after the scripts are run:
The following manual steps are required before and after the scripts are run:
= <span class="mw-headline" id="Prerequisites.5Bedit.5D"><span class="mw-headline" id="Prerequisites">Prerequisites</span></span>=


= Prerequisites =
== <span class="mw-headline" id="Amazon_Web_Services.5Bedit.5D"><span class="mw-headline" id="Amazon_Web_Services">Amazon Web Services</span></span>==
 
== Amazon Web Services ==


You will require an Amazon Web Services account to run the infrastructure, If you do not already have an AWS account then you can [https://portal.aws.amazon.com/billing/signup <u>Sign up for an AWS account here</u>].
You will require an Amazon Web Services account to run the infrastructure, If you do not already have an AWS account then you can [https://portal.aws.amazon.com/billing/signup <u>Sign up for an AWS account here</u>].
Line 14: Line 13:
Please supply your AWS account number to the Discovery team prior to running the installation. The account number can be found in the AWS console [https://console.aws.amazon.com/billing/home?#/account <u>here</u>].
Please supply your AWS account number to the Discovery team prior to running the installation. The account number can be found in the AWS console [https://console.aws.amazon.com/billing/home?#/account <u>here</u>].


== Create a Key Pair ==
== <span class="mw-headline" id="Create_a_Key_Pair.5Bedit.5D"><span class="mw-headline" id="Create_a_Key_Pair">Create a Key Pair</span></span>==


#Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/ https://console.aws.amazon.com/ec2/].  
#Open the Amazon EC2 console at [https://console.aws.amazon.com/ec2/ https://console.aws.amazon.com/ec2/].  
Line 23: Line 22:
#Select '''Create key pair'''.<br/> '''Note:'''&nbsp;The private key is downloaded in your browser and must be kept safe;&nbsp;this is required to connect to the EC2 instances. Alternatively an existing key pair can be used.  
#Select '''Create key pair'''.<br/> '''Note:'''&nbsp;The private key is downloaded in your browser and must be kept safe;&nbsp;this is required to connect to the EC2 instances. Alternatively an existing key pair can be used.  


= AWS Cloudformation Installation - Network Stack =
= <span class="mw-headline" id="AWS_Cloudformation_Installation_-_Network_Stack.5Bedit.5D"><span class="mw-headline" id="AWS_Cloudformation_Installation_-_Network_Stack">AWS Cloudformation Installation - Network Stack</span></span>=


'''Note:''' The following subnets are hardcoded into the cfn script by default. You might need to change these according to your hosting requirements;&nbsp;the ACLs within the cfn script will also need updating.<br/> VPC:
'''Note:''' The following subnets are hardcoded into the cfn script by default. You might need to change these according to your hosting requirements;&nbsp;the ACLs within the cfn script will also need updating.<br/> VPC:
Line 45: Line 44:
CIDR: "192.168.135.0/24"
CIDR: "192.168.135.0/24"


== Instructions ==
== <span class="mw-headline" id="Instructions.5Bedit.5D"><span class="mw-headline" id="Instructions">Instructions</span></span>==


#In the AWS console, select&nbsp;'''Europe (London) eu-west-2''' region.  
#In the AWS console, select the&nbsp;'''Europe (London) eu-west-2''' region.  
#:[[File:AWS select region.png|AWS select region]]   
#:[[File:AWS select region.png|AWS select region]]   
#Navigate to '''CloudFormation''' by searching in the services drop-down menu.  
#Navigate to '''CloudFormation''' by searching in the services drop-down menu.  
#Click '''Create stack''' and then select '''With new resources (standard)'''.  
#Click '''Create stack''' and then select '''With new resources (standard)'''.<br/> [[File:Create stack.png|RTENOTITLE]]  
#:[[File:Create stack.png|RTENOTITLE]]  
#Specify the template:  
#Specify the template:  
##Select '''Upload a template file'''.  
##Select '''Upload a template file'''.  
##Click '''Choose file'''.  
##Click '''Choose file'''.  
##Browse to the location of the saved '''network-stack.yaml''' file.  
##Browse to the location of the saved '''network-stack.yaml''' file.  
##Click '''Next'''.  
##Click '''Next'''.  
#Specify stack details  
#Specify stack details: type a stack name and VPC name.<br/> [[File:Specify stack details.png|Specify stack details]]  
##Specify the template:
#Configure stack options: leave the default option and then click '''Next'''.
##Leave the defaults '''Template is ready''' and select '''Upload a template file'''<br/> <br/> Click on Choose file<br/> [[Image:]]<br/> Browse to the location of the '''network-stack.yaml''' file which has been supplied.<br/> <br/> Click Next<br/> <br/> Step 2 - Specify stack details<br/> enter a Stack Name and a VPC Name<br/> <br/> example<br/> [[Image:]]<br/> <br/> Step 3 - Configure Stack Options<br/> <br/> Leave default and click next<br/> <br/> Step 4 - Review<br/> <br/> Review and click '''Create stack'''<br/> <br/> Once the network stack is created (2-3 mins) you can see the resource CloudFormation has created in the Resources tab.<br/> <br/> <br/> <br/> Navigate the'''Services''' - '''VPC''' to see the resources such as subnets, route tables and ACLs [[Image:]] &nbsp; === '''AWS Cloudformation Installation - VPC Endpoint (PrivateLink)''' === '''Prerequisites''' Note before running this cfn script you will need to create a security group that will be applied to the filer instance. You then select the security group from a drop-down list when running this cfn script. This will allow the filer instance to access the sftp server via the PrivateLink.<br/> <br/> Your AWS account number will need to be whitelisted by Discovery before running the cfn script.<br/> <br/> '''Instructions'''<br/> In the AWS console please make sure you have the '''Europe (London) eu-west-2''' region selected.<br/> <br/> [[Image:]] &nbsp; [[Image:]] &nbsp; Navigate to '''CloudFormation''' by searching in the services drop-down menu<br/> <br/> Click on '''Create stack''' and select '''With new resources (standard)'''[[Image:]] &nbsp; Step 1 - Specify the template<br/> Leave the defaults '''Template is ready''' and select '''Upload a template file'''<br/> <br/> Click on Choose file<br/> [[Image:]]<br/> Browse to the location of the '''endpoint-stack.yaml''' file which has been supplied.<br/> <br/> Click Next<br/> <br/> Step 2 - Specify stack details<br/> <br/> Select the security group (see prerequisite) and private subnets & VPC that were created from the network stack<br/> <br/> [[Image:]] &nbsp; &nbsp; Step 3 - Configure Stack Options<br/> <br/> Leave default and click next<br/> <br/> Step 4 - Review<br/> <br/> Review and click '''Create stack'''<br/> <br/> Once the PrivateLink stack is created (2-3 mins) you can see the resource CloudFormation has created in the Resources tab.<br/> <br/> [[Image:]]<br/> <br/> Click on the links to review the resources<br/> <br/> '''Security Group'''[[Image:]] '''PrivateLink''' Note the status ‘pending acceptance’ will remain until the request has been approved in the discovery AWS account.[[Image:]]
#Review the selected options and then click '''Create stack'''.<br/> Once the network stack is created (2-3 mins) you can see the resource CloudFormation has created in the '''Resources''' tab.  
#Navigate the'''Services''' - '''VPC''' to see the resources such as subnets, route tables and ACLs.<br/> [[File:Services - VPC.png|Services - VPC]]  
 
= <span class="mw-headline" id="AWS_Cloudformation_Installation_-_VPC_Endpoint_.28PrivateLink.29.5Bedit.5D"><span class="mw-headline" id="AWS_Cloudformation_Installation_-_VPC_Endpoint_.28PrivateLink.29">AWS Cloudformation Installation - VPC Endpoint (PrivateLink)</span></span>=
 
== <span class="mw-headline" id="Prerequisites.5Bedit.5D_2"><span class="mw-headline" id="Prerequisites_2">Prerequisites</span></span>==
 
'''Note:''' Before you run this cfn script, you need to create a security group that will be applied to the filer instance. You then select the security group from a drop-down list when running this cfn script. This will allow the filer instance to access the sftp server via the PrivateLink.<br/> Your AWS account number will need to be whitelisted by Discovery before running the cfn script.
 
== <span class="mw-headline" id="Instructions.5Bedit.5D_2"><span class="mw-headline" id="Instructions_2">Instructions</span></span>==
 
#In the AWS console select the&nbsp;'''Europe (London) eu-west-2''' region.  
#In the drop down menu, navigate to '''CloudFormation'''.
#Click '''Create stack''' and then select '''With new resources (standard)'''<br/> [[File:Create stack.png|RTENOTITLE]]  
#Specify the template:
##Select '''Upload a template file'''.
##Click '''Choose file'''.
##Browse to the location of the saved '''endpoint-stack.yaml''' file.  
##Click '''Next'''. 
#Specify stack details: type a stack name and VPC name.<br/> [[File:Specify private stack details.png|Specify private stack details]]  
#Configure stack options: leave the default option and then click '''Next'''.
#Review the selected options and then click '''Create stack'''.<br/> Once the PrivateLink stack is created (2-3 mins) you can see the resource CloudFormation has created in the '''Resources''' tab.<br/> [[File:Private link stack.png|Private link stack]]  
#Click the links to view the resources:
<ul style="margin-left: 40px;">
<li>Security groups<br/> [[File:Security group.png|Security group]]</li>
<li>PrivateLink<br/> '''Note:''' The '''pending acceptance''' status will remain until the request has been approved in the Discovery AWS account.<br/> [[File:Private link.png|PrivateLink]]<br/> &nbsp;</li>
</ul>

Latest revision as of 15:23, 8 June 2020

This deployment guide covers some suggested initial installation steps if you want to run a Discovery remote subscriber database in a new Amazon Web Services account.

The installation is simplified using cloudformation (cfn) scripts that create the AWS resources on your behalf.

The following manual steps are required before and after the scripts are run:

Prerequisites

Amazon Web Services

You will require an Amazon Web Services account to run the infrastructure, If you do not already have an AWS account then you can Sign up for an AWS account here.

Please supply your AWS account number to the Discovery team prior to running the installation. The account number can be found in the AWS console here.

Create a Key Pair

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the navigation pane, select Key Pairs.
  3. Select Create key pair.
  4. In Name, type a descriptive name for the key pair.
  5. In File format, select the required save format for the private key. Tip: To save the private key in a format that can be used with OpenSSH, select pem; to save the private key in a format that can be used with PuTTY, select ppk.
  6. Select Create key pair.
    Note: The private key is downloaded in your browser and must be kept safe; this is required to connect to the EC2 instances. Alternatively an existing key pair can be used.

AWS Cloudformation Installation - Network Stack

Note: The following subnets are hardcoded into the cfn script by default. You might need to change these according to your hosting requirements; the ACLs within the cfn script will also need updating.
VPC:

CIDR: "192.168.132.0/22"

Public0:

CIDR: "192.168.132.0/24"

Public1:

CIDR: "192.168.133.0/24"

Private0:

CIDR: "192.168.134.0/24"

Private1:

CIDR: "192.168.135.0/24"

Instructions

  1. In the AWS console, select the Europe (London) eu-west-2 region.
    AWS select region
  2. Navigate to CloudFormation by searching in the services drop-down menu.
  3. Click Create stack and then select With new resources (standard).
    RTENOTITLE
  4. Specify the template:
    1. Select Upload a template file.
    2. Click Choose file.
    3. Browse to the location of the saved network-stack.yaml file.
    4. Click Next.
  5. Specify stack details: type a stack name and VPC name.
    Specify stack details
  6. Configure stack options: leave the default option and then click Next.
  7. Review the selected options and then click Create stack.
    Once the network stack is created (2-3 mins) you can see the resource CloudFormation has created in the Resources tab.
  8. Navigate theServices - VPC to see the resources such as subnets, route tables and ACLs.
    Services - VPC

AWS Cloudformation Installation - VPC Endpoint (PrivateLink)

Prerequisites

Note: Before you run this cfn script, you need to create a security group that will be applied to the filer instance. You then select the security group from a drop-down list when running this cfn script. This will allow the filer instance to access the sftp server via the PrivateLink.
Your AWS account number will need to be whitelisted by Discovery before running the cfn script.

Instructions

  1. In the AWS console select the Europe (London) eu-west-2 region.
  2. In the drop down menu, navigate to CloudFormation.
  3. Click Create stack and then select With new resources (standard)
    RTENOTITLE
  4. Specify the template:
    1. Select Upload a template file.
    2. Click Choose file.
    3. Browse to the location of the saved endpoint-stack.yaml file.
    4. Click Next.
  5. Specify stack details: type a stack name and VPC name.
    Specify private stack details
  6. Configure stack options: leave the default option and then click Next.
  7. Review the selected options and then click Create stack.
    Once the PrivateLink stack is created (2-3 mins) you can see the resource CloudFormation has created in the Resources tab.
    Private link stack
  8. Click the links to view the resources:
  • Security groups
    Security group
  • PrivateLink
    Note: The pending acceptance status will remain until the request has been approved in the Discovery AWS account.
    PrivateLink