Off the Shelf Deployment Parameters

Before You Begin

Before you begin the off the shelf deployment, ensure that you have met these AWS deployment requirements.

👍

TetraScience Recommendation

These tables describe the list of parameters you will use when you perform an off the shelf deployment. TetraScience recommends that you review and become familiar with these parameters prior to deployment.

CloudFormation Parameters

These tables list the parameters you must enter when you perform an off the shelf deployment.

Data Layer Table

Parameter

Default Value

Details

CFTemplateBucket

ts-platform-artifacts

Prefix of the S3 bucket where artifacts are stored.
Do not change the default.

CFTemplateVersion

Must match the version of the ServiceCatalog product being installed.

InfrastructureName

Customer-specific. All encompassing name for the created infrastructure. Used as a root for naming.
Validate with TetraScience.

Environment

production

Used internally by TetraScience.
Do not change default.

IAMRolePrefix

Optional string for prefixing all created IAM roles.
If not used, then leave empty.

IAMBoundaryPolicy

ARN for a boundary policy that will be attached to all created roles.
If not used, then leave empty.

EnableDR

false

If Disaster Recovery should be implemented, then set to true.

DRAWSAccountId

ID of the AWS account used for Disaster Recovery.
If EnableDR is false, then leave empty.

DRDatalakeKMSKey

ARN of KMS key used to encrypt data in DR.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.

DRDatalakeBucket

Name of Data Lake bucket for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.

DRStreamBucket

Name of Stream bucket for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.

DRBackupBucket

Name of Backup bucket for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.

DRLocalArtifactsBucket

Name of artifacts bucket used for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.

EnableElasticsearch

true

Do not change default.

EsMasterInstanceType

t3.medium.elasticsearch

EC2 instance type for Master Elasticsearch.
Validate value with TetraScience.

EsDatanodeInstanceType

m4.large.elasticsearch

EC2 instance type for DataStore Elasticsearch.
Validate value with TetraScience.

EsDatanodeInstanceCount

2

Number of EC2 instances in the cluster.
Validate value with TetraScience.

EsDatanodeVolumeSize

100

EBS Volume size in GB for Elasticsearch.
Validate value with TetraScience.

EsBackupInterval

6

How often (in hours) to backup Elasticsearch to S3.

InstanceTypeRDS

db.t2.medium

EC2 instance type for the Postgres database. Use the default value for most cases.

RDSBackupInterval

24

How often (in hours) to backup the database.

RDSBackupSchedule

0 1 * ?

Backup schedule in Cloudwatch Event cron format.
Default value is 1 AM UTC everyday
RDSBackupRetentionDays
30

RDSBackupRetentionDays

30

Number of days to retain DB snapshots before deleting them. There is a limit of 100 snapshots per database.

RDSSnapShot

Leave empty for a standard install. Use only when recovering from an actual disaster.

CreateVPC

true

If true, it will create a new VPC for the application with: subnets, security groups, and NAT gateways.

VpcCIDR

Network block to use for VPC. If CreateVPC is false, then it should match the exiting VPC to be used. For example: 10.200.0.0/16.

VPCID

ID of the existing VPC.
If CreateVPC is true, then leave empty.

PublicSubnetIds

Comma delimited list of subnet IDs. Leave empty if CreateVPC is true.

PrivateSubnetIds

Comma delimited list of subnet IDs. If CreateVPC is true, then leave empty.

IsolatedSubnetIds

Comma delimited list of subnet IDs used for Windows workers.
If CreateVPC is true, then leave unchanged.

LogsEndpoint

FQDN of endpoint used for Windows workers.
If using isolated subnets for them, then use a VPC endpoint.

MonitoringEndpoint

FQDN of endpoint used for Windows workers.
If using isolated subnets for them, then use a VPC endpoint.

SqsEndpoint

FQDN of endpoint used for Windows workers.
If using isolated subnets for them, then use a VPC endpoint.

CloudformationEndpoint

FQDN of endpoint used for windows workers.
If using isolated subnets for them, then use a VPC endpoint.

NotificationEmail

Email address that will be subscribed to alerts through SNS. Should be a group email, and able to easily add or remove participants.

SourceNotificationEmail

Will be used in the "From" field of pipeline notification emails sent. Need to verify it with SES.

LogRetentionDays

90

Days for log retention in CloudWatch

LambdaPrefix

Leave Empty.
Used internally by Tetrascience.

STBucket

Leave empty in a normal installation. Used only for DR recovery.

DLBucket

Leave empty in a normal installation. Used only for DR recovery.

Service Layer Table

Parameter

Default Value

Details

CFTemplateVersion

v1.0.0

Must match the version of the ServiceCatalog product being installed.

Branch

master

ECR repo suffix.
Do not change default.

DataStack

Name of the Data Layer main stack . Can obtain it from the CloudFormation interface.

EnableLogging

false

If the ES Logging cluster in DataLayer was created, then set to true.

ClusterType

Fargate

Do not change default.

MinCapacity

Minimum number of ECS containers for .
Set to 0 if is not used.

MaxCapacity

Maximum number of ECS containers that can scale to in case of load.
Set to 0 if is not used.

ConnectorMaxMemory

2048

Memory limit for Docker containers running on the Datahub machines.

TaskThroughput

20

Number of files that can be processed in parallel.

EnableWinTaskScriptService

true

Enable Windows EC2 based workers

WindowsInstanceType

t3.medium

Instance type for Windows workers.

PublicDomain

Domain name used by the web UI. It does not have to be exposed on the Internet and may be a company internal name.

ExposedOnInternet

false

Set to true if the application should be accessed from Internet.

NoDNSWeb

false

Set to true to prevent public DNS records from being created.

PublicDomainZoneId

Public Domain Route53 Zone Id. If left empty, then a public DNS hosted zone is created, otherwise set NoDNSWeb to true.

Certificate

ARN of TLS/SSL Certificate registered with ACM.
If left empty, it will try to automatically create a certificate through ACM and the deployment will wait for DNS certificate validation
If NoDNSWeb is set to true, then it will disable HTTPS and deploy using unencrypted HTTP.
Certificate validation requires a value for PublicDomainZoneId with the zone containing NS entries for the domain.

PrivateDomain

ts-dip.internal

Used for ECS inter-service communication. You can change it to any name, or leave the default.

MinCapacity

2

Minimum number of ECS containers for .
Set to 0 if is not used.

MaxCapacity

4

In case of heavy load, set the Max number of ECS containers to scale out to.

LambdaPrefix

Leave empty.
Used internally by TetraScience.

AthenaCreateIamUser

false

Enables IAM user creation for Athena access at organization creation.

Leave false to restrict service permissions so that IAM users cannot be created from the platform at runtime.

UserAuditLogGroupSuffix

user-action-audit-log

Legacy.
Do not change the default value.

Service Parameters and Secrets in SSM

Containers running in ECS need runtime parameters. These parameters may contain sensitive data, such as OAuth tokens, so they are stored encrypted, using a specialized AWS service for secrets management, SSM Parameter Store. The parameters are not shared with TetraScience, so self-hosted customers using an off the shelf deployment will have to create them using this procedure.

Parameter

Details

Needed only if

/tetrascience/production/ECS/ts-service-link-file/BOX_CLIENT_ID

BOX Oauth 2.0 custom app Client ID.

BOX Integration is enabled

/tetrascience/production/ECS/ts-service-web/INT_BOX_CLIENT_ID

Same value as above.

BOX Integration is enabled

/tetrascience/uat/ECS/ts-service-link-file/BOX_CLIENT_SECRET

BOX Oauth 2.0 custom app secret.

BOX Integration is enabled

/tetrascience/uat/ECS/ts-service-web/INT_EGNYTE_CLIENT_ID

Egnyte Client iD

Egnyte Integration is enabled


Did this page help you?