forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws.html.md.erb
261 lines (238 loc) · 8.58 KB
/
aws.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
---
title: Installing Pivotal Cloud Foundry on AWS
owner: Ops Manager
---
<strong><%= modified_date %></strong>
This guide describes how to install [Pivotal Cloud Foundry](https://network.pivotal.io/products/pivotal-cf) (PCF) on Amazon Web Services (AWS).
## <a id='general'></a> General Requirements
<%= partial "requirements" %>
## <a id="aws"></a> AWS Requirements
The following are the minimum resource requirements for maintaining a high-availability (HA) [Pivotal Cloud Foundry](https://network.pivotal.io/products/pivotal-cf) (PCF) deployment with Ops Manager and Pivotal Application Service (PAS) on Amazon Web Services infrastructure:
<p class="note"><strong>Note:</strong> These requirements assume you are using an external database and external file storage.</p>
* 3 Elastic Load Balancers
* 1 Relational Database Service. As a minimum, Pivotal recommends using a db.m3.xlarge instance with at least 100 GB of allocated storage.
* 5 S3 Buckets
* EC2 instances (VMs):
- **PAS**: At a minimum, a new AWS deployment requires the following VMs for PAS:
<table border="1" class="nice">
<tr>
<th>AWS Requirements</th>
<th>VM Name</th>
<th>VM Type</th>
<th>Default VM Count</th>
<th>Required or Optional VM</th>
</tr><tr>
<th rowspan=21>PAS</th>
<td>NATS</td>
<td>t2.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>File Storage</td>
<td>m4.large</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Proxy</td>
<td>t2.micro</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Server</td>
<td>r4.large</td>
<td>3</td>
<td>Optional</td>
</tr><tr>
<td>Backup Restore Node</td>
<td>t2.micro</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Diego BBS</td>
<td>t2.micro</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>UAA</td>
<td>m4.large</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Cloud Controller</td>
<td>m4.large</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>HAProxy</td>
<td>t2.micro</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>Router</td>
<td>t2.micro</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>MySQL Monitor</td>
<td>t2.micro</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>Clock Global</td>
<td>t2.medium</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Cloud Controller Worker</td>
<td>t2.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Diego Brain</td>
<td>t2.small</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Diego Cell</td>
<td>r4.xlarge</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Loggregator Traffic Controller</td>
<td>t2.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Syslog Adapter</td>
<td>t2.micro</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Syslog Scheduler</td>
<td>t2.micro</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Doppler Server</td>
<td>m4.large</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>TCP Router</td>
<td>t2.micro</td>
<td>0</td>
<td>Optional</td>
</tr><tr>
<td>CredHub</td>
<td>r4.large</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<th rowspan=2>Ops Manager</th>
<td>BOSH Director</td>
<td>m4.large</td>
<td>1</td>
<td>Required</td>
</tr>
</table>
By default, PAS deploys the number of VM instances required to run a highly available configuration of PCF. If you are deploying a test or sandbox PCF that does not require HA, you can scale down the number of instances in your deployment. For information about the number of instances required to run a minimal, non-HA PCF deployment, see [Scaling PAS](../opsguide/scaling-ert-components.html).
- **Small Footprint PAS**: To run Small Footprint PAS, a new AWS deployment requires:
<table id='aws-requirements' border="1" class="nice">
<tr>
<th>AWS Requirements</th>
<th>VM Name</th>
<th>VM Type</th>
<th>Default VM Count</th>
<th>Minimum HA VM Count</th>
<th>Required or Optional VM</th>
</tr><tr>
<th rowspan=9>Small Footprint PAS</th>
<td>Compute</td>
<td>r4.xlarge</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Control</td>
<td>r4.xlarge</td>
<td>1</td>
<td>2</td>
<td>Required</td>
</tr><tr>
<td>Database</td>
<td>r4.large</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>Router</td>
<td>t2.micro</td>
<td>1</td>
<td>3</td>
<td>Required</td>
</tr><tr>
<td>File Storage</td>
<td>m4.large</td>
<td>1</td>
<td>N/A</td>
<td>Optional</td>
</tr><tr>
<td>Backup Restore Node</td>
<td>t2.micro</td>
<td>1</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>MySQL Monitor</td>
<td>t2.micro</td>
<td>1</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<td>HAProxy</td>
<td>t2.micro</td>
<td>0</td>
<td>2</td>
<td>Optional</td>
</tr><tr>
<td>TCP Router</td>
<td>t2.micro</td>
<td>0</td>
<td>1</td>
<td>Optional</td>
</tr><tr>
<th rowspan=2>Ops Manager</th>
<td>BOSH Director</td>
<td>m4.large</td>
<td>1</td>
<td>N/A</td>
<td>Required</td>
</tr>
</table>
In addition to the resources above, you must have the following to install PCF on AWS:
* An AWS account that can accommodate the minimum resource requirements for a PCF installation.
* The appropriate region selected within your AWS account.
For help selecting the correct region for your deployment, see the [AWS documentation about regions and availability zones](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions-availability-zones).
* The [AWS CLI](https://aws.amazon.com/cli/) installed on your machine and configured with user credentials that have admin access to your AWS account.
* Sufficiently high instance limits, or no instance limits, on your AWS account. Installing PCF requires more than the default 20 concurrent instances.
* A key pair to use with your PCF deployment. For more information, see the [AWS documentation about creating a key pair](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-console-create-keypair.html).
* A registered wildcard domain for your PCF installation. You need this registered domain when configuring your SSL certificate and Cloud Controller.
For more information, see the [AWS documentation about Creating a Server Certificate](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html#create-cert).
* An SSL certificate for your PCF domain. This can be a self-signed certificate, but Pivotal recommends using a self-signed certificate for testing and development.
You should obtain a certificate from your Certificate Authority for use in production.
For more information, see the [AWS documentation about SSL certificates](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/ssl-server-cert.html).
### <a id="aws_certs"></a> Certificate Requirements on AWS
If you are deploying PCF on AWS, then the certificate that you configure in PAS must match the certificate that you upload to AWS as a prerequisite to PCF deployment.
See [Certificate Requirements](../adminguide/securing-traffic.html#certtypes) for general certificate requirements for deploying PCF.
## <a id="security"></a> AWS Security Documents
* [AWS Identity and Access Management guide](http://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html)<br />
This guide is a reference for AWS' Identity and Access Management (IAM) features. If you are new to AWS, start here.<br />
<br />
* [AWS identity documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html)<br />
* [AWS credential documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)<br />
This documentation provides a general definition of IAM terms and provide best practices to help you manage IaaS users and permissions.
## <a id="permissions"></a> AWS Permissions Guidelines
Pivotal recommends following the principle of least privilege by scoping privileges to the most restrictive permissions possible for a given role. See [AWS Permissions Guidelines](./aws-iaas-user-roles.html) for recommendations on how to create and scope AWS accounts for PCF.
## <a id='delete-pcf'></a> Delete PCF on AWS
You can use the AWS console to remove an installation of all components, but retain the objects in your bucket for a future deployment:
* [Deleting an AWS Installation from the Console](./deleting-aws-install.html)