Prerequisites

Before you deploy Unity Virtual Private Cloud to Amazon Web Services
Read time 2 minutesLast updated 6 days ago

Access to Amazon Web Services

Ensure that you have the following access to Amazon Web Services (AWS):
  • An AWS account
  • A role with sufficient permissions to create and manage resources

Tooling

Ensure that you have this tooling:
  • Access to a terminal, and basic knowledge of the command line
  • One of these tools if you use Microsoft Windows:
    • Windows Subsystem for Linux (WSL)
    • Git for Windows
  • AWS Command Line Interface (CLI), to set up a Terraform backend
  • Helm, to install helm charts
  • GNU Make, to run various convenience targets
  • ORAS CLI, to download the required scripts and packaging
  • Terraform, to provision cloud resources
  • yq, to generate helm values
  • jq, to read .json configuration

Networking

You must have Amazon Virtual Private Cloud (Amazon VPC). These practices are recommended:
  • To ensure that public exposure is restricted, provide a VPC with private subnets to the deployment configuration.
  • Avoid using the default VPC, because you run the risk of exposing services to the internet through misconfigured security groups.
To modify your configuration before deployment, refer to the deployment overview.

System requirements

Ensure that you have these elements:
  • A UVCS server with which the Kubernetes cluster can communicate, to store all asset data
  • A valid hostname that can be updated to point to the IP of the Load Balancer
  • A valid PixyzSDK license to run transformations on assets

Kubernetes

The deployment requires a Kubernetes cluster. We recommend that you use Kubernetes version 1.30. Newer versions are likely compatible but we haven't extensively tested them. Choose whether to deploy Virtual Private Cloud to a new cluster or to an existing cluster:
  • For a new cluster, the installation process can also deploy all the required dependencies.
  • For an existing cluster, ensure that you already have all the required dependencies.

Dependencies

These third-party dependencies are required: You can install each dependency with its respective Helm charts.

Namespaces

Services come preconfigured for use within a single Kubernetes namespace. You configure the target namespace when configuring deployment.

Network policies

During deployment to an existing cluster, you may need to control the flow of network traffic by using network policies. You can deploy most Kubernetes resources in a single namespace, which you can you use to scope network isolation from other services that run in your cluster.

Service meshes

We recommend that you don't use service meshes, such as Istio, because they can cause network issues and performance issues. If you are running a cluster-wide service mesh, we recommend that you disable it on the namespace where you have deployed the system.

Regions

Virtual Private Cloud supports these regions:
  • ap-south-1
  • ap-south-2
  • ap-southeast-1
  • ap-southeast-2
  • ca-central-1
  • eu-central-1
  • eu-northeast-1
  • eu-south-1
  • eu-west-1
  • eu-west-2
  • eu-west-3
  • sa-east-1
  • us-east-1
  • us-east-2
  • us-west-1
  • us-west-2
To add support for additional regions, modify the instance types in the Terraform configuration. Modify these variables:
  • aws_db_instance_postgres_instance_type
  • aws_eks_node_group_instance_types
  • aws_ec2_mongo_instance_type
  • aws_ec2_flexlm_instance_type

Security

Before deployment, read about security enforcement.

Next steps

Deploy Virtual Private Cloud