AWS Deployment Requirements

Before you install the Tetra Data Platform (TDP), you must meet the following AWS deployment requirements:

  • AWS Account and Networking
  • AWS Account Permissions
  • Network Connectivity
  • Web Certificate
  • AWS SES (Simple Email Service)
  • AWS CloudTrail

AWS Account and Networking Requirements

These are the AWS account and networking requirements:

  • You must have one dedicated AWS Account.
  • You must allow or enable all of the required services in the AWS account. Click here for the list of required AWS services for the Tetra Data Platform (TDP).
  • The production environment must have at least two /23 or larger private subnets that are in each of the different availability zones.
  • The development and test environments must have at least two /24 or larger private subnets that are in each of the different availability zones.
  • The VPC DHCP option set must allow Route53 domains to resolve (the only resolvers should be AWS provided DNS servers). All internal domains should be resolved through forwards (not by adding the internal resolvers in the DHCP option set).

๐Ÿ‘

Recommendation

TetraScience recommends that you have one dedicated AWS account per environment. To learn more, see Amazon AWS's whitepaper: Benefits of using multiple AWS accounts.

However, to streamline administration, you can have multiple environments under the same AWS account in different regions. For a list of supported regions, click here. If a region is not on this list, please contact your Customer Success Manager (CSM).

AWS Account Permission Requirements

These are the AWS account permission requirements:

  • The person performing the installation and upgrades must have Admin or equivalent access for all of the services used by TetraScience.
  • Before you deploy the TDP, please review Security and AWS IAM for security information.

Network Connectivity Requirements

These are the network connectivity requirements:

  • If direct routing to the Internet is allowed, you need:
    Outbound 443 access from within the VPC to all AWS endpoints in the VPC Endpoints list, IAM, and STS.

  • If direct routing to the Internet is not allowed, you need:

    • VPC endpoints
    • One HTTPS proxy must be available in the VPC (IAM and STS do not have VPC endpoints)
    • Enable the S3 VPC Gateway Endpoint for S3 to reduce the data transfer cost between VPC and S3. For details, click these instructions.

Web Certificate

You must have one web certificate that includes both of these domain names:

  • platform-domain-name
  • api.platform-domain-name

You must register the certificate with the AWS certificate manager.

Configure AWS SES (Simple Email Service)

These are the AWS SES requirements:

  • TDP uses AWS SES to send out notification emails, such as pipeline result status. The sender email address must be a valid email address that is validated with SES using this procedure.
  • You must submit a support ticket with AWS to remove SES from Sandbox mode (as documented here).

AWS CloudTrail

You must enable the AWS CloudTrail service.

๐Ÿ“˜

Tetra Agents and Data Hub

If you will be using a Tetra Agent and the Data Hub to extract data from your systems, then you should be aware of their particular requirements. However, it is not necessary to meet those requirements to deploy the TDP, but they are required to install the Tetra Agent and set up the Datahub. For more details, see: Datahub Documentation and Basic Agent Documentation.


Did this page help you?