Deployment Parameters (Single Tenant)

📘

NOTE

Before applying these instructions, ensure that the deployment requirement prerequisites have been met.

The following is a list of parameters used during deployment. It is recommended that you become familiar with these parameters prior to deployment.

Cloudformation Parameters

Below is the full list of parameters that have to be entered at deployment time:

Data Layer Table

ParameterDefault ValueDetails
CFTemplateBucketts-platform-artifactsPrefix of the S3 bucket where artifacts are stored. Do not change default.
CFTemplateVersionMust match the version of the ServiceCatalog product being installed
InfrastructureNameCustomer specific. All encompassing name for the created infrastructure. Used as a root for naming. Validate with TetraScience.
EnvironmentproductionUsed internally by TetraScience. Do not change default.
IAMRolePrefixOptional string for prefixing all created IAM roles. Leave empty if not used.
IAMBoundaryPolicyARN for a boundary policy that will be attached to all created roles.
Leave empty if not used.
EnableDRfalseSet to true if Disaster Recovery should be implemented
DRAWSAccountIdID of the AWS account used for Disaster Recovery. Leave empty if EnableDR is false.
DRDatalakeKMSKeyARN of KMS key used to encrypt data in DR. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true.
DRDatalakeBucketName of Datalake bucket for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true
DRStreamBucketName of Stream bucket for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true
DRBackupBucketName of Backup bucket for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true
DRLocalArtifactsBucketName of artifacts bucket used for Disaster Recovery. Leave empty if EnableDR is false. See below Disaster Recovery section if EnableDR is true
EnableElasticsearchtrueDo not change default.
EnableLoggingfalseSet to false. The parameter is deprecated and will be removed in the next release.
EsMasterInstanceTypet3.medium.elasticsearchEC2 instance type for Master ElasticSearch. Validate value with TetraScience.
EsDatanodeInstanceTypem4.large.elasticsearchEC2 instance type for DataStore ElasticSearch. Validate value with TetraScience.
EsDatanodeInstanceCount2Number of EC2 instances in the cluster. Validate value with TetraScience.
EsDatanodeVolumeSize100EBS Volume size in GB for Elasticsearch. Validate value with TetraScience.
EsBackupInterval6How frequently (hours) to backup ElasticSearch to S3.
InstanceTypeRDSdb.t2.mediumEC2 instance type for the Postgres database. Default value should be enough in most cases.
RDSBackupInterval24How often to backup the database (in hours).
RDSBackupSchedule0 1 * ? Backup schedule in Cloudwatch Event cron format. Default at 1 AM UTC everyday
RDSBackupRetentionDays
30
RDSBackupRetentionDays30Number of days to keep DB snapshots before deleting them. There is a limit of 100 snapshots per database.
RDSSnapShotLeave empty for a standard install. To be used only when recovering from an actual disaster.
CreateVPCtrueIf true, it will create a new VPC for the application, together with subnets, security groups, NAT gateways.
VpcCIDRNetwork block to use for VPC. If CreateVPC is false, it should match the exiting VPC to be used. For example 10.200.0.0/16.
VPCIDID of the existing VPC. Leave empty if CreateVPC is true.
PublicSubnetIdsComma delimited list of subnet IDs. Leave empty if CreateVPC is true.
PrivateSubnetIdsComma delimited list of subnet IDs. Leave empty if CreateVPC is true.
IsolatedSubnetIdsComma delimited list of subnet IDs that will be used for Windows workers. Leave unchanged if CreateVPC is true
LogsEndpointFQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.
MonitoringEndpointFQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.
SqsEndpointFQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.
CloudformationEndpointFQDN of endpoint used for windows workers. Use a VPC endpoint if using isolated subnets for them.
NotificationEmailEmail address that will be subscribed to alerts via SNS. Should be a group email, to be able to easily add/remove participants.
SourceNotificationEmailWill be used in the "From" field of pipeline notification emails sent. Needs to be verified with SES.
LogRetentionDays90Days for log retention in Cloudwatch
LambdaPrefixLeave Empty. Used internally by Tetrascience.
STBucketLeave empty in a normal installation. Used only for DR recovery
DLBucketLeave empty in a normal installation. Used only for DR recovery

Service Layer Table

ParameterDefault ValueDetails
CFTemplateVersionv1.0.0Must match the version of the ServiceCatalog product being installed
BranchmasterECR repo suffix. Do not change default.
DataStackName of the Data Layer main stack . Can be obtained from the CloudFormation interface.
EnableLoggingfalseSet to true if the ES Logging cluster in DataLayer was created.
ClusterTypeFargateDo not change default.
InstanceTypeECSt2.largeLegacy. No longer used.
Domain name used by the web UI.
MinCapacityMinimum number of ECS containers for . Set to 0 if is not used.
MaxCapacityMaximum number of ECS containers that can scale to, in case of load. Set to 0 if is not used.
ConnectorMaxMemory2048Memory limit for docker containers running on the datahub machines.
TaskThroughput20Number of files that can be processed in parallel.
EnableWinTaskScriptServicetrueEnable Windows EC2 based workers
WindowsInstanceTypet3.mediumInstance type for Windows workers.
PublicDomainDomain name used by the web UI. It does not have to be exposed on the internet, can be company internal.
ExposedOnInternetfalseSet to true if the application should be accessible from Internet
NoDNSWebfalseSet to true if public DNS records are NOT to be created.
PublicDomainZoneIdPublic Domain Route53 Zone Id. If left empty, a public DNS hosted zone will be created, unless NoDNSWeb is set to true.
CertificateARN of TLS/SSL Certificate registered with ACM. See details in the Pre Deployment Tasks section. If empty, it will try to automatically create a certificate via ACM and the deployment will wait for DNS certificate validation, unless NoDNSWeb is set to true, in which case will disable HTTPS and deploy using unencrypted HTTP.
Certificate validation requires a value for PublicDomainZoneId with the zone containing NS entries for the domain.
PrivateDomaints-dip.internalUsed for ECS inter-service communication. It can be changed to any name, but the default should work just fine.
MinCapacity2Minimum number of ECS containers for . Set to 0 if is not used.
MaxCapacity4Max number of ECS containers to scale out to, in case of heavy load.
LambdaPrefixLeave empty. Used internally by Tetrascience.
AthenaCreateIamUserfalseEnables IAM user creation for Athena access at org creation.

Leaving false will restrict service permissions so that IAM users cannot be created from the platform at runtime.
UserAuditLogGroupSuffixuser-action-audit-logLegacy. Do not change the default value.

Service Parameters and Secrets in SSM

Containers running in ECS need runtime parameters. These parameters may contain sensitive data, such as OAuth tokens, so they are stored encrypted, using a specialized AWS service for secrets management, SSM Parameter Store. The parameters are not shared with TetraScience, so single-tenant customers will have to create them following this procedure.

ParameterDetailsNeeded only if
/tetrascience/production/ECS/ts-service-link-file/BOX_CLIENT_IDBOX Oauth 2.0 custom app Client ID. See below for detailsBOX Integration is enabled
/tetrascience/production/ECS/ts-service-web/INT_BOX_CLIENT_IDSame value as aboveBOX Integration is enabled
/tetrascience/uat/ECS/ts-service-link-file/BOX_CLIENT_SECRETBOX Oauth 2.0 custom app secret.BOX Integration is enabled
/tetrascience/uat/ECS/ts-service-web/INT_EGNYTE_CLIENT_IDEgnyte Client iDEgnyte Integration is enabled

What’s Next