# AWS Infrastructure

## Prerequisite Tools

It is helpful to have prior knowledge of Kubernetes (and kubectl), AWS Command Line Interface (CLI), Amazon EKS, AWS IAM, HELM, HELM, and YAML.

Throughout this documentation `123456789012` has been used as an example of an AWS Account Id. Please replace it with your AWS Account Id.

### Kubernetes and kubectl

To use XOOM Cloud you will need to install some tools. The following provides the most common options.

This is the installation guide for `kubectl`:

* [https://kubernetes.io/docs/tasks/tools](https://kubernetes.io/docs/tasks/tools/)

As an alternative, Docker Desktop (free for small businesses) can be used as well. It provides a Kubernetes development environment and comes together with `kubectl` command. Here are the installation instructions for Docker Desktop:

* <https://www.docker.com/products/docker-desktop>

### AWS Command Line Interface (CLI)

This is the installation guide for `aws` command line tool:

* [https://aws.amazon.com/cli](https://aws.amazon.com/cli/)

It is recommended that you install **v2** of the AWS CLI. Configure this tool by running:

```
$ aws configure
```

### Amazon EKS

You will use EKS, the Amazon Elastic Kubernetes Service. See the documentation for EKS:

* &#x20;[https://aws.amazon.com/eks](https://aws.amazon.com/eks/)

See also the Installation guide for the `eksctl` command line tool:

* <https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html>

### AWS IAM

There will be some use of the AWS IAM, the Identity and Access Management components. You will find the documentation here:

* <https://aws.amazon.com/iam/>

### HELM

HELM is a package manager for Kubernetes. To installation the tool, see the quite-start guide for the `helm` command line tool:

* [https://helm.sh/docs/intro/quickstart](https://helm.sh/docs/intro/quickstart/)

## Kubernetes Cluster

You will create a Kubernetes Cluster to deploy an application built with [XOOM Platform SDK](https://github.com/vlingo) and XOOM Cloud product. The following ins an example using the [XOOM Cloud Demo](/xoom-cloud/xoom-cloud-demo.md):

```
eksctl create cluster \
  --name xoom-cloud-demo \
  --version 1.23 \
  --region us-east-1 \
  --nodegroup-name xoom-cloud-demo-nodes \
  --node-type t2.large \
  --nodes 2 \
  --nodes-min 1 \
  --nodes-max 2 \
  --with-oidc \
  --managed
```

Please replace `xoom-cloud-demo` and `us-east-1` values with the ones most appropriate for your service or application. Note that the creation of a Kubernetes Cluster requires approximately *30 minutes.*

To decommission the cluster, use the following command, which is also parameterized with the `xoom-cloud-demo` that must be replaced with your service or application name:

```
eksctl delete cluster --name xoom-cloud-demo --region us-east-1
```

## AWS IAM

The XOOM Cloud Operator requires a Kubernetes Service Account with IAM roles in order to access Amazon Marketplace Metering API.

### IAM Policy

Create an AWS IAM policy:

```
aws iam create-policy \
  --policy-name XoomCloudPodPolicy \
  --policy-document file://xoom-cloud-pod-policy.json
```

Content for `xoom-cloud-pod-policy.json`:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:RegisterUsage"
            ],
            "Resource": "*"
        }
    ]
}
```

The command will output policy information including policy ARN. Please save this ARN. You will need it at the next step.

Alternatively, you can check the policies by running the following command and save `XoomCloudPodPolicy` policy ARN for later usage:

```
aws iam list-policies --scope Local
```

The policy's ARN looks like this:

```
arn:aws:iam::123456789012:policy/XoomCloudPodPolicy
```

Policy decommission command:

```
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy
```

### Service Account for Kubernetes

Create a Kubernetes IAM Service Account:

```
eksctl create iamserviceaccount \
  --name xoom-cloud-service-account \
  --namespace xoom \
  --cluster xoom-cloud-demo \
  --attach-policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy \
  --approve \
  --override-existing-serviceaccounts \
  --region us-east-1
```

The following is a service account decommission command:

```
eksctl delete iamserviceaccount  \
  --name xoom-cloud-service-account \
  --namespace xoom \
  --cluster xoom-cloud-demo \
  --region us-east-1
```

{% hint style="info" %}
The name `xoom-cloud-service-account` must not be changed because it is used by XOOM Cloud HELM Chart.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vlingo.io/xoom-cloud/aws-infrastructure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.