Tetra IoT Layer Prerequisites and Pre-Deployment Tasks
The Tetra IoT Layer for Multi-Tenant and Single Tenant configurations are deployed using the Service Catalog in the respective AWS accounts. Deployment, you'll need to do the things addressed in this topic.
NOTE:
The Tetra Data Platform should have already been deployed before you complete this procedure. For more information, see this topic.
Prerequisites
Ensure the following items are available to install the stack.
- If the IoT agent is connecting to the portal through the internet, make sure there is at least one public subnet.
- There should be at least two private subnets.
- You'll also need a valid SSL certificate imported into the AWS certificate manager.
- Note that VPC and Subnets can be used where TDP is installed.
Pre-Deployment Tasks
Before launching the stack, complete the following tasks.
IoT Layer and Service Catalog Portfolio
TetraScience creates the Tetra IoT Layer product and adds it to the service catalog portfolio. Contact TetraScience for details.
MKS (Kafka)
Complete the following steps.
- In the AWS console, go to Amazon MSK --> Cluster configurations
- Click Create cluster configuration and fill in the following fields:
- Configuration name: iot-
<environment>
-config - Configuration properties for revision 1:
auto.create.topics.enable=true default.replication.factor=1 min.insync.replicas=2 num.io.threads=8 num.network.threads=5 num.partitions=1 num.replica.fetchers=2 replica.lag.time.max.ms=30000 socket.receive.buffer.bytes=102400 socket.request.max.bytes=104857600 socket.send.buffer.bytes=102400 unclean.leader.election.enable=true zookeeper.session.timeout.ms=18000
- Once created, copy the Configuration ARN needed to add in MSKConfigurationArn parameter.
(For example: i.e. arn:aws:kafka:us-east-{x:xxxxxxxxxxxx}:configuration/iot-dev-config/{account number})
EIP
If Tetra IoT Layer is allowed in public and devices connect through the internet, an EIP needs to be created.
- In AWS console, go to EC2 --> Elastic IPs.
- Click Allocate Elastic IP address and click Allocate.
- Note the allocation ID (eipalloc-xxxxxx).
Obtain SSL Certificate
Obtain an SSL certificate as iot.<platform URL>
and install it into the Amazon Certificate Manager.
SSL Certificate and SSM Parameters
We need to add SSM parameters for the three cloudformation parameters. A certificate should match the subdomain iot.<platform URL>
.
- WebCert1SSMName (certificate)
- WebCert2SSMName (intermediate certificate)
- WebPrivateKeySSMName
Cert 1
- In AWS console, go to Systems Manager > Parameter Store.
- Click Create parameter and enter the following:
Name: /iot-<environment>
/web_cert1
Value:
1. -----BEGIN CERTIFICATE-----
2. xxxxxxxxxxx
3. -----END CERTIFICATE-----
4.
NOTE:
Make sure to add a new line at the end of the certificate context.
Cert 2
- In AWS console, go to Systems Manager > Parameter Store.
- Click Create parameter and enter the following:
Name: /iot-<environment>
/web_cert2
Value:
1. -----BEGIN CERTIFICATE-----
2. xxxxxxxxxxx
3. -----END CERTIFICATE-----
4.
NOTE:
Make sure to add a new line at the end of the certificate context. Also, if it's a self-signed certificate, use the same value from web_cert1.
Cert private key
- In the AWS console, go to Systems Manager > Parameter Store.
- Click Create parameter and enter the following:
Name: /iot-<environment>
/web_cert_key
Value:
1. -----BEGIN RSA PRIVATE KEY-----
2. xxxxxxxxxxx
3. -----END RSA PRIVATE KEY-----
License
- In the AWS console, go to Systems Manager > Parameter Store.
- Click Create parameter and enter the following:
Name: /iot-<environment>
/license
Value:
Get the value from TetraScience.
Private key
- In the AWS console, go to Systems Manager > Parameter Store
- Click Create parameter and enter the following:
Name: /iot-<environment>
/rsa_key
Value:
Get the value from TetraScience.
Updated 8 months ago