Requirements for Deployment (Single Tenant)

To install the Tetra Data Platform, ensure that the following requirements are met.

General AWS Account and Networking Requirements

You will need:

  1. One Dedicated AWS Account
  2. A list of all required services that should be allowed/enabled in the account. The list of Required AWS services that the Tetra Data Platform (TDP) requires provides this information.
  3. The production environment should have at least two /23 or larger private subnets that are in each of the different availability zones.
  4. The development and test environments should have at least two /24 or larger private subnets that are in each of the different availability zones.
  5. VPC DHCP option set must allow Route53 domains to resolve. The only resolvers should be AWS provided DNS servers. All internal domains should be resolved via forwards, not by adding the internal resolvers in the DHCP option set.



TetraScience recommends that you have one dedicated AWS account per environment. To learn more, see Amazon AWS's whitepaper: Benefits of using multiple AWS accounts.

However, to streamline administration, you can have multiple environments under the same AWS account in different regions. To review a list of regions that TetraScience supports, see this topic. If a region is not on this list, then please contact your Customer Success Manager (CSM).

AWS Account Permission Requirements

The following lists AWS Account requirements.

  1. The person doing the installation and upgrades must have admin or equivalent access for all of the services that we use.
  2. Read Security and AWS IAM to learn more about this topic prior to deployment.

Network Connectivity Requirements

The following network connectivity requirements are needed.

If direct routing to the internet is allowed, you will need:

  • Outbound 443 access from within the VPC to all AWS endpoints in the VPC Endpoints list, IAM, and STS.

If direct routing to the internet is not allowed, you will need:

  1. VPC Endpoints
  2. One HTTPS proxy must be available in the VPC (IAM and STS do not have VPC endpoints)
  3. Enable S3 VPC Gateway Endpoint for s3 to reduce the data transfer cost between VPC and S3. Instructions.

Web Certificate, SES, and Cloudtrail Requirements

The following requirements should also be met.

Web Certificate

One web certificate that covers both the platform_name and api.platform_name and that is registered with the AWS ACM.

Configure AWS SES (Simple Email Service)

The platform uses AWS SES to send out notification emails like pipeline result status. The sender email address must be a valid email address that is validated with SES using this procedure. Also, a support ticket needs to be raised with AWS to take SES out of Sandbox mode, as documented here.

AWS Cloudtrail

AWS CloudTrail service is enabled.



If you will be using agents and datahub to extract data from your systems, they have other requirements as well. You don't need to meet those requirements to deploy the TDP, but they are needed to install the agent and to set up the datahub. To learn more see: Datahub Documenation and Basic Agent Documentation.

Did this page help you?