Tetra IoT Layer Prerequisites and Pre-Deployment Tasks
For both multi- and single-tenant configurations, the Tetra IoT Layer is deployed by using the AWS Service Catalog in each respective AWS account. Before deploying the Tetra IoT Layer, you must complete the following prerequisites and pre-deployment tasks.
NOTE:
Before completing the following procedure, you must first deploy the Tetra Data Platform (TDP). For more information, see Customer Hosted Deployment Overview.
Prerequisites
Make sure that the following resources are available to install the Tetra IoT Layer stack:
- For IoT agents connecting to the portal through the internet, make sure there is at least one public subnet
- At least two private subnets
- A valid Secure Sockets Layer (SSL) certificate imported into AWS Certificate Manager
NOTE
You can use Virtual Private Clouds (VPCs) and subnets where TDP is installed.
Pre-Deployment Tasks
Before deploying the Tetra IoT Layer stack, you must do the following.
Create the Tetra IoT Layer and Service Catalog Portfolio
TetraScience creates the Tetra IoT Layer product and adds it to the service catalog portfolio. Contact your customer success manager (ACM) or account executive for details.
Configure Amazon Managed Streaming for Apache Kafka (Amazon MSK)
- Sign in to the AWS Management Console. Then, open the Amazon MSK console and choose Cluster configurations.
- Choose Create cluster configuration. Then, fill in the following fields:
- For Configuration name, enter iot-
<environment>
-config - For Configuration properties for revision 1, enter the following:
auto.create.topics.enable=true
default.replication.factor=1
min.insync.replicas=2
num.io.threads=8
num.network.threads=5
num.partitions=1
num.replica.fetchers=2
replica.lag.time.max.ms=30000
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
socket.send.buffer.bytes=102400
unclean.leader.election.enable=true
zookeeper.session.timeout.ms=18000
- Once created, copy and save the Configuration Amazon Resource Name (ARN). The Configuration ARN is needed to add the
MSKConfigurationArn
parameter.
Configuration ARN Example
arn:aws:kafka:us-east-{x:xxxxxxxxxxxx}:configuration/iot-dev-config/{account number})
Get an SSL Certificate
Get an SSL certificate asiot.<platform URL>
and import it into Amazon Certificate Manager, or request a certificate from AWS Certificate Manager (ACM).
Create a Self-Signed SSL Certificate and SSM Parameters
Create a self-signed SSL certificate to put in the AWS Systems Manager (SSM) parameter with the iot.<platform URL>
domain.
For Certificate 1
- Sign in to the AWS Management Console. Then, open the AWS Systems Manager console and choose Parameter Store.
- Choose Create parameter. Then, enter the following:
- For Name, enter
/iot-<environment>/web_cert1
- For Value, enter the following:
-----BEGIN CERTIFICATE-----
xxxxxxxxxxx
-----END CERTIFICATE-----
<blank line>
NOTE:
Make sure that you add a new line at the end of the certificate context.
For Certificate 2
- Sign in to the AWS Management Console. Then, open the AWS Systems Manager console and choose Parameter Store.
- Choose Create parameter. Then, enter the following:
- For Name, enter
/iot-<environment>/web_cert2
- For Value, enter the same value that you used for Certificate 1:
-----BEGIN CERTIFICATE-----
xxxxxxxxxxx
-----END CERTIFICATE-----
<blank line>
NOTE:
Make sure that you add a new line at the end of the certificate context.
Certificate Private Key
- Sign in to the AWS Management Console. Then, open the AWS Systems Manager console and choose Parameter Store.
- Choose Create parameter. Then, enter the following:
- For Name, enter
/iot-<environment>/web_cert_key
- For Value, enter the following:
-----BEGIN RSA PRIVATE KEY-----
xxxxxxxxxxx
-----END RSA PRIVATE KEY-----
License
- Sign in to the AWS Management Console. Then, open the AWS Systems Manager console and choose Parameter Store.
- Choose Create parameter. Then, enter the following:
- For Name, enter
/iot-<environment>/license
- For Value, enter the license value provided to you by your customer success manager (CSM) or account executive.
Private key
- Sign in to the AWS Management Console. Then, open the AWS Systems Manager console and choose Parameter Store.
- Choose Create parameter. Then, enter the following:
- For Name, enter
/iot-<environment>/rsa_key
- For Value, enter the private key value provided to you by your customer success manager (CSM) or account executive.
Updated about 1 year ago