Installation

Install Unity Virtual Private Cloud in Amazon Web Services for the first time

Read time 1 minute

Last updated a month ago

Overview

Resources

The solution is designed to be highly available and requires at least two subnets. These subnets serve to ensure the high availability of the following Amazon resources:

The Relational Database Service (RDS) Postgres instance
The ElastiCache replication group
The Elastic Kubernetes Service (EKS) cluster

AWS enables multi-AZ deployments by default. To reduce cloud-related costs, you might want to disable this functionality for test environments. To do so, use the Terraform variable enable_multi_az. After deployment, the following AWS resources are created:

The Secrets Manager secret that is used for configuration
The RDS Postgres instance
The ElastiCache replication group

The following Amazon resources are created by default, but you can disable them in the configuration:

The Elastic Compute Cloud (EC2) autoscaling group for MongoDB
The EC2 launch template for MongoDB
The Elastic Block Storage (EBS) volume for MongoDB
The network load balancer for MongoDB
The CloudWatch log groups for EKS and MongoDB
The Data Lifecyle Management (DLM) lifecycle policy for EBS volumes
The Elastic File System (EFS) file system
The EKS cluster
The EKS node group
These EKS add-ons:
- Amazon CloudWatch Observability
- EBS Container Storage Interface (CSI) Driver
- EFS CSI Driver
- Pod Identity Agent
The EC2 instance for a FlexLM license server

External load balancer

To expose the private resources to the public internet while limiting access, the default deployment process provisions these resources:

An external load balancer, to be used as ingress.
To disable the loader balancer functionality, change the Terraform variable traefik_service_type from
```
LoadBalancer
```
to
```
NodePort
```
.
A list of allowed IP address ranges in Classless Inter-Domain Routing ranges (CIDR) notation, to limit access. To manage this list, use the Terraform variable allowed_ingress_cidrs.