Customer Hosted Deployment Parameters

Before You Begin

Before you begin the Customer Hosted deployment, ensure that you have met these AWS deployment requirements.

👍

TetraScience Recommendation

These tables describe the list of parameters you will use when you perform an Customer Hosted deployment. TetraScience recommends that you review and become familiar with these parameters prior to deployment.

CloudFormation Parameters

These tables list the parameters you must enter when you perform a Customer Hosted deployment.

Data Layer Table

ParameterDefault ValueDetails
CFTemplateBucketts-platform-artifactsPrefix of the S3 bucket where artifacts are stored.
Do not change the default.
CFTemplateVersionMust match the version of the ServiceCatalog product being installed.
InfrastructureNameCustomer-specific. All encompassing name for the created infrastructure. Used as a root for naming.
Validate with TetraScience.
EnvironmentproductionUsed internally by TetraScience.
Do not change default.
IAMRolePrefixOptional string for prefixing all created IAM roles.
If not used, then leave empty.
IAMBoundaryPolicyARN for a boundary policy that will be attached to all created roles.
If not used, then leave empty.
EnableDRfalseIf Disaster Recovery should be implemented, then set to true.
DRAWSAccountIdID of the AWS account used for Disaster Recovery.
If EnableDR is false, then leave empty.
DRDatalakeKMSKeyARN of KMS key used to encrypt data in DR.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.
DRDatalakeBucketName of Data Lake bucket for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.
DRStreamBucketName of Stream bucket for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.
DRBackupBucketName of Backup bucket for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.
DRLocalArtifactsBucketName of artifacts bucket used for Disaster Recovery.
If EnableDR is false, then leave empty.
If EnableDR is true, then review the Disaster Recovery section.
EnableElasticsearchtrueDo not change default.
EsMasterInstanceTypet3.medium.elasticsearchEC2 instance type for Master Elasticsearch.
Validate value with TetraScience.
EsDatanodeInstanceTypem4.large.elasticsearchEC2 instance type for DataStore Elasticsearch.
Validate value with TetraScience.
EsDatanodeInstanceCount2Number of EC2 instances in the cluster.
Validate value with TetraScience.
EsDatanodeVolumeSize100EBS Volume size in GB for Elasticsearch.
Validate value with TetraScience.
EsBackupInterval6How often (in hours) to backup Elasticsearch to S3.
InstanceTypeRDSdb.t2.mediumEC2 instance type for the Postgres database. Use the default value for most cases.
RDSBackupInterval24How often (in hours) to backup the database.
RDSBackupSchedule0 1 * ? Backup schedule in Cloudwatch Event cron format.
Default value is 1 AM UTC everyday
RDSBackupRetentionDays
30
RDSBackupRetentionDays30Number of days to retain DB snapshots before deleting them. There is a limit of 100 snapshots per database.
RDSSnapShotLeave empty for a standard install. Use only when recovering from an actual disaster.
CreateVPCtrueIf true, it will create a new VPC for the application with: subnets, security groups, and NAT gateways.
VpcCIDRNetwork block to use for VPC. If CreateVPC is false, then it should match the exiting VPC to be used. For example: 10.200.0.0/16.
VPCIDID of the existing VPC.
If CreateVPC is true, then leave empty.
PublicSubnetIdsComma delimited list of subnet IDs. Leave empty if CreateVPC is true.
PrivateSubnetIdsComma delimited list of subnet IDs. If CreateVPC is true, then leave empty.
IsolatedSubnetIdsComma delimited list of subnet IDs used for Windows workers.
If CreateVPC is true, then leave unchanged.
LogsEndpointFQDN of endpoint used for Windows workers.
If using isolated subnets for them, then use a VPC endpoint.
MonitoringEndpointFQDN of endpoint used for Windows workers.
If using isolated subnets for them, then use a VPC endpoint.
SqsEndpointFQDN of endpoint used for Windows workers.
If using isolated subnets for them, then use a VPC endpoint.
CloudformationEndpointFQDN of endpoint used for windows workers.
If using isolated subnets for them, then use a VPC endpoint.
NotificationEmailEmail address that will be subscribed to alerts through SNS. Should be a group email, and able to easily add or remove participants.
SourceNotificationEmailWill be used in the "From" field of pipeline notification emails sent. Need to verify it with SES.
LogRetentionDays90Days for log retention in CloudWatch
LambdaPrefixLeave Empty.
Used internally by Tetrascience.
STBucketLeave empty in a normal installation. Used only for DR recovery.
DLBucketLeave empty in a normal installation. Used only for DR recovery.

Service Layer Table

ParameterDefault ValueDetails
CFTemplateVersionv1.0.0Must match the version of the ServiceCatalog product being installed.
BranchmasterECR repo suffix.
Do not change default.
DataStackName of the Data Layer main stack . Can obtain it from the CloudFormation interface.
EnableLoggingfalseIf the ES Logging cluster in DataLayer was created, then set to true.
ClusterTypeFargateDo not change default.
MinCapacityMinimum number of ECS containers for .
Set to 0 if is not used.
MaxCapacityMaximum number of ECS containers that can scale to in case of load.
Set to 0 if is not used.
ConnectorMaxMemory2048Memory limit for Docker containers running on the Datahub machines.
TaskThroughput20Number of files that can be processed in parallel.
EnableWinTaskScriptServicetrueEnable Windows EC2 based workers
WindowsInstanceTypet3.mediumInstance type for Windows workers.
PublicDomainDomain name used by the web UI. It does not have to be exposed on the Internet and may be a company internal name.
ExposedOnInternetfalseSet to true if the application should be accessed from Internet.
NoDNSWebfalseSet to true to prevent public DNS records from being created.
PublicDomainZoneIdPublic Domain Route53 Zone Id. If left empty, then a public DNS hosted zone is created, otherwise set NoDNSWeb to true.
CertificateARN of TLS/SSL Certificate registered with ACM.
If left empty, it will try to automatically create a certificate through ACM and the deployment will wait for DNS certificate validation
If NoDNSWeb is set to true, then it will disable HTTPS and deploy using unencrypted HTTP.
Certificate validation requires a value for PublicDomainZoneId with the zone containing NS entries for the domain.
PrivateDomaints-dip.internalUsed for ECS inter-service communication. You can change it to any name, or leave the default.
MinCapacity2Minimum number of ECS containers for .
Set to 0 if is not used.
MaxCapacity4In case of heavy load, set the Max number of ECS containers to scale out to.
LambdaPrefixLeave empty.
Used internally by TetraScience.
AthenaCreateIamUserfalseEnables IAM user creation for Athena access at organization creation.

Leave false to restrict service permissions so that IAM users cannot be created from the platform at runtime.
UserAuditLogGroupSuffixuser-action-audit-logLegacy.
Do not change the default value.

Service Parameters and Secrets in SSM

Containers running in ECS need runtime parameters. These parameters may contain sensitive data, such as OAuth tokens, so they are stored encrypted, using a specialized AWS service for secrets management, SSM Parameter Store. The parameters are not shared with TetraScience, so self-hosted customers using a Customer Hosted deployment will have to create them using this procedure.

ParameterDetailsNeeded only if
/tetrascience/production/ECS/ts-service-link-file/BOX_CLIENT_IDBOX Oauth 2.0 custom app Client ID.BOX Integration is enabled
/tetrascience/production/ECS/ts-service-web/INT_BOX_CLIENT_IDSame value as above.BOX Integration is enabled
/tetrascience/uat/ECS/ts-service-link-file/BOX_CLIENT_SECRETBOX Oauth 2.0 custom app secret.BOX Integration is enabled
/tetrascience/uat/ECS/ts-service-web/INT_EGNYTE_CLIENT_IDEgnyte Client iDEgnyte Integration is enabled