Installation

Install Unity Virtual Private Cloud in Amazon Web Services for the first time
Read time 1 minuteLast updated 6 days ago

Overview

Resources

The solution is designed to be highly available and requires at least two subnets. These subnets serve to ensure the high availability of the following Amazon resources:
  • The Relational Database Service (RDS) Postgres instance
  • The ElastiCache replication group
  • The Elastic Kubernetes Service (EKS) cluster
AWS enables multi-AZ deployments by default. To reduce cloud-related costs, you might want to disable this functionality for test environments. To do so, use the Terraform variable enable_multi_az. After deployment, the following AWS resources are created:
  • The Secrets Manager secret that is used for configuration
  • The RDS Postgres instance
  • The ElastiCache replication group
The following Amazon resources are created by default, but you can disable them in the configuration:
  • The Elastic Compute Cloud (EC2) autoscaling group for MongoDB
  • The EC2 launch template for MongoDB
  • The Elastic Block Storage (EBS) volume for MongoDB
  • The network load balancer for MongoDB
  • The CloudWatch log groups for EKS and MongoDB
  • The Data Lifecyle Management (DLM) lifecycle policy for EBS volumes
  • The Elastic File System (EFS) file system
  • The EKS cluster
  • The EKS node group
  • These EKS add-ons:
    • Amazon CloudWatch Observability
    • EBS Container Storage Interface (CSI) Driver
    • EFS CSI Driver
    • Pod Identity Agent
  • The EC2 instance for a FlexLM license server

External load balancer

To expose the private resources to the public internet while limiting access, the default deployment process provisions these resources:
  • An external load balancer, to be used as ingress. To disable the loader balancer functionality, change the Terraform variable traefik_service_type from
    LoadBalancer
    to
    NodePort
    .
  • A list of allowed IP address ranges in Classless Inter-Domain Routing ranges (CIDR) notation, to limit access. To manage this list, use the Terraform variable allowed_ingress_cidrs.

Phases

The first installation consists of these phases: