Customer Hosted Deployment Parameters
Before You Begin
Before you begin the Customer Hosted deployment, ensure that you have met these AWS deployment requirements.
TetraScience Recommendation
These tables describe the list of parameters you will use when you perform an Customer Hosted deployment. TetraScience recommends that you review and become familiar with these parameters prior to deployment.
CloudFormation Parameters
These tables list the parameters you must enter when you perform a Customer Hosted deployment.
Data Layer Table
| Parameter | Default Value | Details |
|---|---|---|
| CFTemplateBucket | ts-platform-artifacts | Prefix of the S3 bucket where artifacts are stored. Do not change the default. |
| CFTemplateVersion | Must match the version of the ServiceCatalog product being installed. | |
| InfrastructureName | Customer-specific. All encompassing name for the created infrastructure. Used as a root for naming. Validate with TetraScience. | |
| Environment | production | Used internally by TetraScience. Do not change default. |
| IAMRolePrefix | Optional string for prefixing all created IAM roles. If not used, then leave empty. | |
| IAMBoundaryPolicy | ARN for a boundary policy that will be attached to all created roles. If not used, then leave empty. | |
| EnableDR | false | If Disaster Recovery should be implemented, then set to true. |
| DRAWSAccountId | ID of the AWS account used for Disaster Recovery. If EnableDR is false, then leave empty. | |
| DRDatalakeKMSKey | ARN of KMS key used to encrypt data in DR. If EnableDR is false, then leave empty. If EnableDR is true, then review the Disaster Recovery section. | |
| DRDatalakeBucket | Name of Data Lake bucket for Disaster Recovery. If EnableDR is false, then leave empty. If EnableDR is true, then review the Disaster Recovery section. | |
| DRStreamBucket | Name of Stream bucket for Disaster Recovery. If EnableDR is false, then leave empty. If EnableDR is true, then review the Disaster Recovery section. | |
| DRBackupBucket | Name of Backup bucket for Disaster Recovery. If EnableDR is false, then leave empty. If EnableDR is true, then review the Disaster Recovery section. | |
| DRLocalArtifactsBucket | Name of artifacts bucket used for Disaster Recovery. If EnableDR is false, then leave empty. If EnableDR is true, then review the Disaster Recovery section. | |
| EnableElasticsearch | true | Do not change default. |
| EsMasterInstanceType | t3.medium.elasticsearch | EC2 instance type for Master Elasticsearch. Validate value with TetraScience. |
| EsDatanodeInstanceType | m4.large.elasticsearch | EC2 instance type for DataStore Elasticsearch. Validate value with TetraScience. |
| EsDatanodeInstanceCount | 2 | Number of EC2 instances in the cluster. Validate value with TetraScience. |
| EsDatanodeVolumeSize | 100 | EBS Volume size in GB for Elasticsearch. Validate value with TetraScience. |
| EsBackupInterval | 6 | How often (in hours) to backup Elasticsearch to S3. |
| InstanceTypeRDS | db.t2.medium | EC2 instance type for the Postgres database. Use the default value for most cases. |
| RDSBackupInterval | 24 | How often (in hours) to backup the database. |
| RDSBackupSchedule | 0 1 * ? | Backup schedule in Cloudwatch Event cron format. Default value is 1 AM UTC everyday RDSBackupRetentionDays 30 |
| RDSBackupRetentionDays | 30 | Number of days to retain DB snapshots before deleting them. There is a limit of 100 snapshots per database. |
| RDSSnapShot | Leave empty for a standard install. Use only when recovering from an actual disaster. | |
| CreateVPC | true | If true, it will create a new VPC for the application with: subnets, security groups, and NAT gateways. |
| VpcCIDR | Network block to use for VPC. If CreateVPC is false, then it should match the exiting VPC to be used. For example: 10.200.0.0/16. | |
| VPCID | ID of the existing VPC. If CreateVPC is true, then leave empty. | |
| PublicSubnetIds | Comma delimited list of subnet IDs. Leave empty if CreateVPC is true. | |
| PrivateSubnetIds | Comma delimited list of subnet IDs. If CreateVPC is true, then leave empty. | |
| IsolatedSubnetIds | Comma delimited list of subnet IDs used for Windows workers. If CreateVPC is true, then leave unchanged. | |
| LogsEndpoint | FQDN of endpoint used for Windows workers. If using isolated subnets for them, then use a VPC endpoint. | |
| MonitoringEndpoint | FQDN of endpoint used for Windows workers. If using isolated subnets for them, then use a VPC endpoint. | |
| SqsEndpoint | FQDN of endpoint used for Windows workers. If using isolated subnets for them, then use a VPC endpoint. | |
| CloudformationEndpoint | FQDN of endpoint used for windows workers. If using isolated subnets for them, then use a VPC endpoint. | |
| NotificationEmail | Email address that will be subscribed to alerts through SNS. Should be a group email, and able to easily add or remove participants. | |
| SourceNotificationEmail | Will be used in the "From" field of pipeline notification emails sent. Need to verify it with SES. | |
| LogRetentionDays | 90 | Days for log retention in CloudWatch |
| LambdaPrefix | Leave Empty. Used internally by Tetrascience. | |
| STBucket | Leave empty in a normal installation. Used only for DR recovery. | |
| DLBucket | Leave empty in a normal installation. Used only for DR recovery. |
Service Layer Table
| Parameter | Default Value | Details |
|---|---|---|
| CFTemplateVersion | v1.0.0 | Must match the version of the ServiceCatalog product being installed. |
| Branch | master | ECR repo suffix. Do not change default. |
| DataStack | Name of the Data Layer main stack . Can obtain it from the CloudFormation interface. | |
| EnableLogging | false | If the ES Logging cluster in DataLayer was created, then set to true. |
| ClusterType | Fargate | Do not change default. |
| MinCapacity | Minimum number of ECS containers for . Set to 0 if is not used. | |
| MaxCapacity | Maximum number of ECS containers that can scale to in case of load. Set to 0 if is not used. | |
| ConnectorMaxMemory | 2048 | Memory limit for Docker containers running on the Datahub machines. |
| TaskThroughput | 20 | Number of files that can be processed in parallel. |
| EnableWinTaskScriptService | true | Enable Windows EC2 based workers |
| WindowsInstanceType | t3.medium | Instance type for Windows workers. |
| PublicDomain | Domain name used by the web UI. It does not have to be exposed on the Internet and may be a company internal name. | |
| ExposedOnInternet | false | Set to true if the application should be accessed from Internet. |
| NoDNSWeb | false | Set to true to prevent public DNS records from being created. |
| PublicDomainZoneId | Public Domain Route53 Zone Id. If left empty, then a public DNS hosted zone is created, otherwise set NoDNSWeb to true. | |
| Certificate | ARN of TLS/SSL Certificate registered with ACM. If left empty, it will try to automatically create a certificate through ACM and the deployment will wait for DNS certificate validation If NoDNSWeb is set to true, then it will disable HTTPS and deploy using unencrypted HTTP. Certificate validation requires a value for PublicDomainZoneId with the zone containing NS entries for the domain. | |
| PrivateDomain | ts-dip.internal | Used for ECS inter-service communication. You can change it to any name, or leave the default. |
| MinCapacity | 2 | Minimum number of ECS containers for . Set to 0 if is not used. |
| MaxCapacity | 4 | In case of heavy load, set the Max number of ECS containers to scale out to. |
| LambdaPrefix | Leave empty. Used internally by TetraScience. | |
| AthenaCreateIamUser | false | Enables IAM user creation for Athena access at organization creation. Leave false to restrict service permissions so that IAM users cannot be created from the platform at runtime. |
| UserAuditLogGroupSuffix | user-action-audit-log | Legacy. Do not change the default value. |
Service Parameters and Secrets in SSM
Containers running in ECS need runtime parameters. These parameters may contain sensitive data, such as OAuth tokens, so they are stored encrypted, using a specialized AWS service for secrets management, SSM Parameter Store. The parameters are not shared with TetraScience, so self-hosted customers using a Customer Hosted deployment will have to create them using this procedure.
| Parameter | Details | Needed only if |
|---|---|---|
| /tetrascience/production/ECS/ts-service-link-file/BOX_CLIENT_ID | BOX Oauth 2.0 custom app Client ID. | BOX Integration is enabled |
| /tetrascience/production/ECS/ts-service-web/INT_BOX_CLIENT_ID | Same value as above. | BOX Integration is enabled |
| /tetrascience/uat/ECS/ts-service-link-file/BOX_CLIENT_SECRET | BOX Oauth 2.0 custom app secret. | BOX Integration is enabled |
| /tetrascience/uat/ECS/ts-service-web/INT_EGNYTE_CLIENT_ID | Egnyte Client iD | Egnyte Integration is enabled |
Updated about 1 year ago