forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws.html.md.erb
342 lines (294 loc) · 13.1 KB
/
aws.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
---
title: Installing Pivotal Platform on AWS
owner: Ops Manager
---
<% current_page.data.title = "Installing " + vars.platform_name + " on AWS" %>
This guide describes how to install [<%= vars.platform_name %>](https://network.pivotal.io/products/pivotal-cf) on Amazon Web Services (AWS).
## <a id='overview'></a> Overview
You can install <%= vars.platform_name %> on AWS with either the Pivotal Application Service (PAS) or Pivotal Container Service (PKS) runtime. There are resource requirements specific to each runtime. Ensure you meet the requirements for your runtime and the requirements specific to AWS before installing <%= vars.platform_name %> on AWS.
## <a id="requirements"></a> Requirements
This section lists the following resource requirements for installing <%= vars.platform_name %> on AWS:
* General <%= vars.platform_name %> resource requirements. See [<%= vars.platform_name %> Resource Requirements](#general-requirements).
* AWS-specific resource requirements. See [AWS Resource Requirements](#aws-requirements).
### <a id="general-requirements"></a> <%= vars.platform_name %> Resource Requirements
This section lists <%= vars.platform_name %> resource requirements for installing <%= vars.platform_name %> on AWS. It includes general <%= vars.platform_name %> resource requirements for both the PAS and PKS runtimes.
View one of the following, depending on your <%= vars.platform_name %> runtime:
* PAS-specific <%= vars.platform_name %> resource requirements. See [PAS Resource Requirements](#pas).
* PKS-specific <%= vars.platform_name %> resource requirements. See [PKS Resource Requirements](#pks).
#### <a id="pas"></a> PAS Resource Requirements
The following are general resource requirements for deploying and managing a <%= vars.platform_name %> deployment with Ops Manager and PAS:
* PAS requires sufficient IP allocation. The following lists the minimum required IP allocations:
* One static IP address for either HAProxy or one of your Gorouters
* One static IP address for each job in the Ops Manager tile. See the Ops Manager **Resource Config** pane for each tile for a full list.
* One static IP address for each job listed below:
* Consul
* NATS
* File Storage
* MySQL Proxy
* MySQL Server
* Backup Restore Node
* HAProxy
* Router
* MySQL Monitor
* Diego Brain
* TCP Router
* One IP for each VM instance created by the service.
* An additional IP address for each compilation worker. Use the following formula to determine the total IPs required: `IPs needed = static IPs + VM instances + compilation workers`.
* Pivotal recommends that you allocate at least 36 dynamic IP addresses when deploying Ops Manager and PAS. BOSH requires additional dynamic IP addresses during installation to compile and deploy VMs, install PAS, and connect to services.
* Pivotal recommends using a network without DHCP for deploying PAS VMs.
<p class="note"><strong>Note:</strong> If you have DHCP, refer to the <a href="./troubleshooting.html">Troubleshooting Guide</a> to avoid issues with your installation.</p>
#### <a id='pks'></a> PKS Resource Requirements
For PKS-specific resource requirements, see [AWS Prerequisites and Resource Requirements](https://docs.pivotal.io/pks/aws-requirements.html).
### <a id="aws-requirements"></a> AWS Resource Requirements
The following are AWS-specific resource requirements for installing <%= vars.platform_name %> on AWS with an external database and external file storage:
* Installing <%= vars.platform_name %> on AWS requires a minimum of the following VM instance limits in your AWS account. The number of VMs required depends on the number of tiles and availability zones you plan to deploy. The following VM guidelines apply to the PAS, Small Footprint PAS, and PKS runtimes:
- **PAS**: At a minimum, a new AWS deployment requires the following VMs for PAS:
<table border="1" class="nice">
<tr>
<th>AWS Requirements</th>
<th>VM Name</th>
<th>VM Type</th>
<th>Default VM Count</th>
<th>Required or Optional VM</th>
</tr><tr>
<th rowspan=24>PAS</th>
<td>NATS</td>
<td>t3.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>File Storage</td>
<td>m5.large</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Proxy</td>
<td>t3.micro</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Server</td>
<td>r5.large</td>
<td>3</td>
<td>Optional</td>
</tr><tr>
<td>Backup Restore Node</td>
<td>t3.micro</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Diego BBS</td>
<td>t3.micro</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>UAA</td>
<td>m5.large</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Cloud Controller</td>
<td>m5.large</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>HAProxy</td>
<td>t3.micro</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>Router</td>
<td>t3.micro</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>MySQL Monitor</td>
<td>t3.micro</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Clock Global</td>
<td>t3.medium</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Cloud Controller Worker</td>
<td>t3.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Diego Brain</td>
<td>t3.small</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Diego Cell</td>
<td>r5.xlarge</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Loggregator Traffic Controller</td>
<td>t3.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Doppler Server</td>
<td>m5.large</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>TCP Router</td>
<td>t3.micro</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>CredHub</td>
<td>r5.large</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>Istio Router</td>
<td>r5.large</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>Istio Control</td>
<td>r5.large</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>Route Syncer</td>
<td>r5.large</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<th rowspan=2>Ops Manager</th>
<td>BOSH Director</td>
<td>m5.large</td>
<td>1</td>
<td>Required</td>
</tr>
</table>
<p class="note"><strong>Note:</strong> If you are deploying a test or sandbox <%= vars.platform_name %> that does not require high availability, then you can scale down the number of VM instances in your deployment. For more information, see <a href="../opsguide/scaling-ert-components.html">Scaling PAS</a>.</p>
- **Small Footprint PAS**: To run Small Footprint PAS, a new AWS deployment requires:
<table id='aws-requirements' border="1" class="nice">
<tr>
<th>AWS Requirements</th>
<th>VM Name</th>
<th>VM Type</th>
<th>Default VM Count</th>
<th>Minimum HA VM Count</th>
<th>Required or Optional VM</th>
</tr><tr>
<th rowspan=12>Small Footprint PAS</th>
<td>Compute</td>
<td>r5.xlarge</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Control</td>
<td>r5.xlarge</td>
<td>1</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Database</td>
<td>r5.large</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Router</td>
<td>t3.micro</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>File Storage</td>
<td>m5.large</td>
<td>1</td>
<td>N/A</td>
<td>Optional</td>
</tr><tr>
<td>Backup Restore Node</td>
<td>t3.micro</td>
<td>1</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Monitor</td>
<td>t3.micro</td>
<td>1</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>HAProxy</td>
<td>t3.micro</td>
<td>0</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>TCP Router</td>
<td>t3.micro</td>
<td>0</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Istio Router</td>
<td>r5.large</td>
<td>0</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Istio Control</td>
<td>r5.large</td>
<td>0</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>Route Syncer</td>
<td>r5.large</td>
<td>0</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<th rowspan=2>Ops Manager</th>
<td>BOSH Director</td>
<td>m5.large</td>
<td>1</td>
<td>N/A</td>
<td>Required</td>
</tr>
</table>
<br />
- **PKS**: See [AWS Prerequisites and Resource Requirements](https://docs.pivotal.io/pks/aws-requirements.html).
* The following AWS resources are required for installing <%= vars.platform_name %> on AWS with PAS:
* 3 Elastic Load Balancers (ELBs)
* 1 Relational Database Service. As a minimum, Pivotal recommends using a db.m5.xlarge instance with at least 100 GB of allocated storage.
* 5 S3 Buckets
## <a id="prerequisites"></a> Prerequisites
To install <%= vars.platform_name %> on AWS, you must:
* Increase or remove the VM instance limits in your AWS account. Installing <%= vars.platform_name %> requires more than the default 20 concurrent instances. For more information about VM resource requirements, see [Requirements](#requirements).
* Configure your AWS account with the appropriate AWS region. For more information about selecting the correct region for your deployment, see [Region and Availability Zone Concepts](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones) in the AWS documentation.
* Install the AWS CLI. Configure the AWS CLI with the user credentials that have admin access to your AWS account. To download the AWS CLI, see [AWS CLI](https://aws.amazon.com/cli/).
* Configure an AWS EC2 key pair to use with your <%= vars.platform_name %> deployment. For more information, see [Creating an EC2 Key Pair](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-keypair.html) in the AWS documentation.
* Register a wildcard domain for your <%= vars.platform_name %> installation. For more information, see [SSL/TLS Certificates for Classic Load Balancers](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html#create-cert) in the AWS documentation.
* Create an SSL certificate for your <%= vars.platform_name %> domain. For more information, see the [AWS documentation about SSL certificates](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html).
<p class="note"><strong>Note:</strong> To deploy <%= vars.platform_name %> to a production environment, you must obtain a certificate from a certificate authority. Pivotal recommends using a self-signed certificate generated by Ops Manager for development and testing purposes only.</p>
* **(PAS-only)** Configure sufficient IP allocation. For more information about IP allocation requirements, see [PAS Resource Requirements](#pas).
* **(Optional)** **(PAS-only)** Configure external storage. Pivotal recommends using external storage if possible. For more information about how file storage location affects platform performance and stability during upgrades, see [Configure File Storage](../upgrading/configuring.html#file-storage).
* **(Optional)** **(PAS and Ops Manager-only)** Configure external databases. Pivotal recommends using external databases in production deployments for BOSH Director and PAS. An external database must be configured to use the UTC timezone.
* **(Optional)** **(PAS and Ops Manager-only)** Configure external user stores. When you deploy <%= vars.platform_name %>, you can select a SAML user store for Ops Manager or a SAML or LDAP user store for PAS, to integrate existing user accounts.
## <a id="install"></a> Install <%= vars.platform_name %> on AWS
You can install <%= vars.platform_name %> on AWS either manually or using Terraform.
To install <%= vars.platform_name %> on AWS, do one of the following:
* Install <%= vars.platform_name %> on AWS manually. See [Installing <%= vars.platform_name %> on AWS Manually](./aws-manual.html).
* Install <%= vars.platform_name %> on AWS using Terraform. See [Install <%= vars.platform_name %> on AWS Using Terraform](./aws-terraform.html).
## <a id="resources"></a> Additional Resources
The following are additional resources related to installing <%= vars.platform_name %> on AWS:
* For information about AWS identity and access management, see [What is IAM?](http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) in the AWS documentation.
* For information about users, groups, and roles in AWS, see [Identities (Users, Groups, and Roles)](http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html) in the AWS documentation.
* For best practices for managing IaaS users and permissions, see [Temporary Security Credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) in the AWS documentation.
* For recommendations on how to create and scope AWS accounts for <%= vars.platform_name %>, see [AWS Permissions Guidelines](./aws-iaas-user-roles.html).
* For more information about certificate requirements for installing <%= vars.platform_name %>, see [Certificate Requirements](../adminguide/securing-traffic.html#certtypes).