Deployment Parameters (Single Tenant)

📘

NOTE

Before applying these instructions, ensure that the deployment requirement prerequisites have been met.

The following is a list of parameters used during deployment. It is recommended that you become familiar with these parameters prior to deployment.

Cloudformation Parameters

Below is the full list of parameters that have to be entered at deployment time:

Data Layer Table

Parameter

Default Value

Details

CFTemplateBucket

ts-platform-artifacts

Prefix of the S3 bucket where artifacts are stored. Do not change default.

CFTemplateVersion

Must match the version of the ServiceCatalog product being installed

InfrastructureName

Customer specific. All encompassing name for the created infrastructure. Used as a root for naming. Validate with TetraScience.

Environment

production

Used internally by TetraScience. Do not change default.

IAMRolePrefix

Optional string for prefixing all created IAM roles. Leave empty if not used.

IAMBoundaryPolicy

ARN for a boundary policy that will be attached to all created roles.
Leave empty if not used.

EnableDR

false

Set to true if Disaster Recovery should be implemented

DRAWSAccountId

ID of the AWS account used for Disaster Recovery. Leave empty if EnableDR is false.

DRDatalakeKMSKey

ARN of KMS key used to encrypt data in DR. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true.

DRDatalakeBucket

Name of Datalake bucket for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true

DRStreamBucket

Name of Stream bucket for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true

DRBackupBucket

Name of Backup bucket for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true

DRLocalArtifactsBucket

Name of artifacts bucket used for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true

EnableElasticsearch

true

Do not change default.

EnableLogging

false

Set to false. The parameter is deprecated and will be removed in the next release.

EsMasterInstanceType

t3.medium.elasticsearch

EC2 instance type for Master ElasticSearch. Validate value with TetraScience.

EsDatanodeInstanceType

m4.large.elasticsearch

EC2 instance type for DataStore ElasticSearch. Validate value with TetraScience.

EsDatanodeInstanceCount

2

Number of EC2 instances in the cluster. Validate value with TetraScience.

EsDatanodeVolumeSize

100

EBS Volume size in GB for Elasticsearch. Validate value with TetraScience.

EsBackupInterval

6

How frequently (hours) to backup ElasticSearch to S3.

InstanceTypeRDS

db.t2.medium

EC2 instance type for the Postgres database. Default value should be enough in most cases.

RDSBackupInterval

24

How often to backup the database (in hours).

RDSBackupSchedule

0 1 * ?

Backup schedule in Cloudwatch Event cron format. Default at 1 AM UTC everyday
RDSBackupRetentionDays
30

RDSBackupRetentionDays

30

Number of days to keep DB snapshots before deleting them. There is a limit of 100 snapshots per database.

RDSSnapShot

Leave empty for a standard install. To be used only when recovering from an actual disaster.

CreateVPC

true

If true, it will create a new VPC for the application, together with subnets, security groups, NAT gateways.

VpcCIDR

Network block to use for VPC. If CreateVPC is false, it should match the exiting VPC to be used. For example 10.200.0.0/16.

VPCID

ID of the existing VPC. Leave empty if CreateVPC is true.

PublicSubnetIds

Comma delimited list of subnet IDs. Leave empty if CreateVPC is true.

PrivateSubnetIds

Comma delimited list of subnet IDs. Leave empty if CreateVPC is true.

IsolatedSubnetIds

Comma delimited list of subnet IDs that will be used for Windows workers. Leave unchanged if CreateVPC is true

LogsEndpoint

FQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.

MonitoringEndpoint

FQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.

SqsEndpoint

FQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.

CloudformationEndpoint

FQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.

NotificationEmail

Email address that will be subscribed to alerts via SNS. Should be a group email, to be able to easily add/remove participants.

SourceNotificationEmail

Will be used in the "From" field of pipeline notification emails sent. Needs to be verified with SES.

LogRetentionDays

90

Days for log retention in Cloudwatch

LambdaPrefix

Leave Empty. Used internally by Tetrascience.

STBucket

Leave empty in a normal installation. Used only for DR recovery

DLBucket

Leave empty in a normal installation. Used only for DR recovery

Service Layer Table

Parameter

Default Value

Details

CFTemplateVersion

v1.0.0

Must match the version of the ServiceCatalog product being installed

Branch

master

ECR repo suffix. Do not change default.

DataStack

Name of the Data Layer main stack . Can be obtained from the CloudFormation interface.

EnableLogging

false

Set to true if the ES Logging cluster in DataLayer was created.

ClusterType

Fargate

Do not change default.

InstanceTypeECS

t2.large

Legacy. No longer used.

Domain name used by the web UI.

MinCapacity

Minimum number of ECS containers for . Set to 0 if is not used.

MaxCapacity

Maximum number of ECS containers that can scale to, in case of load. Set to 0 if is not used.

ConnectorMaxMemory

2048

Memory limit for docker containers running on the datahub machines.

TaskThroughput

20

Number of files that can be processed in parallel.

EnableWinTaskScriptService

true

Enable Windows EC2 based workers

WindowsInstanceType

t3.medium

Instance type for Windows workers.

PublicDomain

Domain name used by the web UI. It does not have to be exposed on the internet, can be company internal.

ExposedOnInternet

false

Set to true if the application should be accessible from Internet

NoDNSWeb

false

Set to true if public DNS records are NOT to be created.

PublicDomainZoneId

Public Domain Route53 Zone Id. If left empty, a public DNS hosted zone will be created, unless NoDNSWeb is set to true.

Certificate

ARN of TLS/SSL Certificate registered with ACM. See details in the Pre Deployment Tasks section. If empty, it will try to automatically create a certificate via ACM and the deployment will wait for DNS certificate validation, unless NoDNSWeb is set to true, in which case will disable HTTPS and deploy using unencrypted HTTP.
Certificate validation requires a value for PublicDomainZoneId with the zone containing NS entries for the domain.

PrivateDomain

ts-dip.internal

Used for ECS inter-service communication. It can be changed to any name, but the default should work just fine.

MinCapacity

2

Minimum number of ECS containers for . Set to 0 if is not used.

MaxCapacity

4

Max number of ECS containers to scale out to, in case of heavy load.

LambdaPrefix

Leave empty. Used internally by Tetrascience.

AthenaCreateIamUser

false

Enables IAM user creation for Athena access at org creation.

Leaving false will restrict service permissions so that IAM users cannot be created from the platform at runtime.

UserAuditLogGroupSuffix

user-action-audit-log

Legacy. Do not change the default value.

Service Parameters and Secrets in SSM

Containers running in ECS need runtime parameters. These parameters may contain sensitive data, such as OAuth tokens, so they are stored encrypted, using a specialized AWS service for secrets management, SSM Parameter Store. The parameters are not shared with TetraScience, so single-tenant customers will have to create them following this procedure.

Parameter

Details

Needed only if

/tetrascience/production/ECS/ts-service-link-file/BOX_CLIENT_ID

BOX Oauth 2.0 custom app Client ID. See below for details

BOX Integration is enabled

/tetrascience/production/ECS/ts-service-web/INT_BOX_CLIENT_ID

Same value as above

BOX Integration is enabled

/tetrascience/uat/ECS/ts-service-link-file/BOX_CLIENT_SECRET

BOX Oauth 2.0 custom app secret.

BOX Integration is enabled

/tetrascience/uat/ECS/ts-service-web/INT_EGNYTE_CLIENT_ID

Egnyte Client iD

Egnyte Integration is enabled


Did this page help you?