Customer Hosted Deployment Process

📘

Before You Deploy

• Verify that you meet the deployment requirement prerequisites.

• TetraScience recommends that you review these parameters.

To perform the Customer Hosted deployment:

1. You must send the OpenSearch application logs to CloudWatch. To enable sending of the logs, run this AWS CLI command as an Administrator using your deployment AWS account and region:

aws logs put-resource-policy --policy-name es2cloudwatch --policy-document '{ "Version": "2012-10-17", "Statement": [{ "Sid": "eslogs", "Effect": "Allow", "Principal": { "Service": "es.amazonaws.com"}, "Action":[ "logs:PutLogEvents"," logs:PutLogEventsBatch","logs:CreateLogStream"],"Resource": "arn:aws:logs:*:*:*:*"}]}'  --region <Region>

2. If service-linked IAM roles are not already included in the destination AWS account, then you must create them. Run these CLI commands to create the service-linked IAM roles:

• For the ECS Service, enter:

aws iam create-service-linked-role --aws-service-name ecs.amazonaws.com

• For the OpenSearch Service, enter:

aws iam create-service-linked-role --aws-service-name es.amazonaws.com

3. To install the Data Layer:
   a. From the AWS Service Catalog web interface, select the Data Layer product from the Products list.
   b. Select Launch Product and the latest version from the list of available products.
   c. Select a name and click Next.
   d. On the Deployment Parameters page, enter the parameters listed in the Data Layer Table.
   e. Continue to click Next until you access the Review page.
   f. Review the parameter values, and if satisfied, click Launch to start the deployment. It may take from two to three hours depending on the parameters and AWS backend load.

After the Data Layer has been installed successfully, you can install the Service Layer.

4. To install the Service Layer:
   a. From the AWS Service Catalog web interface, select the Service Layer product from the Products list.
   b. Select Launch Product and the latest version from the list of available products.
   c. Select a name and click Next.
   d. On the Deployment Parameters page, enter the parameters listed in the Service Layer Table.
   e. Continue to click Next until you access the Review page.
   f. Review the parameter values, and if satisfied, Launch.

Common Issues that May Occur

These are common issues that may occur during an Customer Hosted deployment:

• Custom DNS resolvers:
  Some customers configure custom DNS resolvers (through DHCP) for EC2 instances in their VPCs. For the TDP to function properly, it is critical that the DNS resolver delegate to AWS's Route53 resolver for domain names (such as *.internal) that are outside the customer's private cloud and on-premises network.

  • Rollback: Some customers install the TDP using an IAM user who has permissions to create certain resources, but not destroy them. This may cause a problem during rollback scenarios because it becomes impossible to undo the upgrade, and leaves the system in an intermediate state that will require manual maintenance. Customers should provide a user with full permissions, or plan ahead for manual workarounds.