AWS Infrastructure
Describes the steps necessary to provision and decommission AWS Infrastructure for XOOM Cloud
It is helpful to have prior knowledge of Kubernetes (and kubectl), AWS Command Line Interface (CLI), Amazon EKS, AWS IAM, HELM, HELM, and YAML.
Throughout this documentation
123456789012 has been used as an example of an AWS Account Id. Please replace it with your AWS Account Id.To use XOOM Cloud you will need to install some tools. The following provides the most common options.
This is the installation guide for
kubectl:As an alternative, Docker Desktop (free for small businesses) can be used as well. It provides a Kubernetes development environment and comes together with
kubectl command. Here are the installation instructions for Docker Desktop:This is the installation guide for
aws command line tool:It is recommended that you install v2 of the AWS CLI. Configure this tool by running:
$ aws configure
You will use EKS, the Amazon Elastic Kubernetes Service. See the documentation for EKS:
See also the Installation guide for the
eksctl command line tool:There will be some use of the AWS IAM, the Identity and Access Management components. You will find the documentation here:
HELM is a package manager for Kubernetes. To installation the tool, see the quite-start guide for the
helm command line tool:You will create a Kubernetes Cluster to deploy an application built with XOOM Platform SDK and XOOM Cloud product. The following ins an example using the XOOM Cloud Demo:
eksctl create cluster \
--name xoom-cloud-demo \
--version 1.23 \
--region us-east-1 \
--nodegroup-name xoom-cloud-demo-nodes \
--node-type t2.large \
--nodes 2 \
--nodes-min 1 \
--nodes-max 2 \
--with-oidc \
--managed
Please replace
xoom-cloud-demo and us-east-1 values with the ones most appropriate for your service or application. Note that the creation of a Kubernetes Cluster requires approximately 30 minutes.To decommission the cluster, use the following command, which is also parameterized with the
xoom-cloud-demo that must be replaced with your service or application name:eksctl delete cluster --name xoom-cloud-demo --region us-east-1
The XOOM Cloud Operator requires a Kubernetes Service Account with IAM roles in order to access Amazon Marketplace Metering API.
Create an AWS IAM policy:
aws iam create-policy \
--policy-name XoomCloudPodPolicy \
--policy-document file://xoom-cloud-pod-policy.json
Content for
xoom-cloud-pod-policy.json:{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-marketplace:RegisterUsage"
],
"Resource": "*"
}
]
}
The command will output policy information including policy ARN. Please save this ARN. You will need it at the next step.
Alternatively, you can check the policies by running the following command and save
XoomCloudPodPolicy policy ARN for later usage:aws iam list-policies --scope Local
The policy's ARN looks like this:
arn:aws:iam::123456789012:policy/XoomCloudPodPolicy
Policy decommission command:
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy
Create a Kubernetes IAM Service Account:
eksctl create iamserviceaccount \
--name xoom-cloud-service-account \
--namespace xoom \
--cluster xoom-cloud-demo \
--attach-policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy \
--approve \
--override-existing-serviceaccounts \
--region us-east-1
The following is a service account decommission command:
eksctl delete iamserviceaccount \
--name xoom-cloud-service-account \
--namespace xoom \
--cluster xoom-cloud-demo \
--region us-east-1
The name
xoom-cloud-service-account must not be changed because it is used by XOOM Cloud HELM Chart.Last modified 1yr ago