# AWS Infrastructure

## Prerequisite Tools

It is helpful to have prior knowledge of Kubernetes (and kubectl), AWS Command Line Interface (CLI), Amazon EKS, AWS IAM, HELM, HELM, and YAML.

Throughout this documentation `123456789012` has been used as an example of an AWS Account Id. Please replace it with your AWS Account Id.

### Kubernetes and kubectl

To use XOOM Cloud you will need to install some tools. The following provides the most common options.

This is the installation guide for `kubectl`:

* [https://kubernetes.io/docs/tasks/tools](https://kubernetes.io/docs/tasks/tools/)

As an alternative, Docker Desktop (free for small businesses) can be used as well. It provides a Kubernetes development environment and comes together with `kubectl` command. Here are the installation instructions for Docker Desktop:

* <https://www.docker.com/products/docker-desktop>

### AWS Command Line Interface (CLI)

This is the installation guide for `aws` command line tool:

* [https://aws.amazon.com/cli](https://aws.amazon.com/cli/)

It is recommended that you install **v2** of the AWS CLI. Configure this tool by running:

```
$ aws configure
```

### Amazon EKS

You will use EKS, the Amazon Elastic Kubernetes Service. See the documentation for EKS:

* &#x20;[https://aws.amazon.com/eks](https://aws.amazon.com/eks/)

See also the Installation guide for the `eksctl` command line tool:

* <https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html>

### AWS IAM

There will be some use of the AWS IAM, the Identity and Access Management components. You will find the documentation here:

* <https://aws.amazon.com/iam/>

### HELM

HELM is a package manager for Kubernetes. To installation the tool, see the quite-start guide for the `helm` command line tool:

* [https://helm.sh/docs/intro/quickstart](https://helm.sh/docs/intro/quickstart/)

## Kubernetes Cluster

You will create a Kubernetes Cluster to deploy an application built with [XOOM Platform SDK](https://github.com/vlingo) and XOOM Cloud product. The following ins an example using the [XOOM Cloud Demo](https://docs.vlingo.io/xoom-cloud/xoom-cloud-demo):

```
eksctl create cluster \
  --name xoom-cloud-demo \
  --version 1.23 \
  --region us-east-1 \
  --nodegroup-name xoom-cloud-demo-nodes \
  --node-type t2.large \
  --nodes 2 \
  --nodes-min 1 \
  --nodes-max 2 \
  --with-oidc \
  --managed
```

Please replace `xoom-cloud-demo` and `us-east-1` values with the ones most appropriate for your service or application. Note that the creation of a Kubernetes Cluster requires approximately *30 minutes.*

To decommission the cluster, use the following command, which is also parameterized with the `xoom-cloud-demo` that must be replaced with your service or application name:

```
eksctl delete cluster --name xoom-cloud-demo --region us-east-1
```

## AWS IAM

The XOOM Cloud Operator requires a Kubernetes Service Account with IAM roles in order to access Amazon Marketplace Metering API.

### IAM Policy

Create an AWS IAM policy:

```
aws iam create-policy \
  --policy-name XoomCloudPodPolicy \
  --policy-document file://xoom-cloud-pod-policy.json
```

Content for `xoom-cloud-pod-policy.json`:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:RegisterUsage"
            ],
            "Resource": "*"
        }
    ]
}
```

The command will output policy information including policy ARN. Please save this ARN. You will need it at the next step.

Alternatively, you can check the policies by running the following command and save `XoomCloudPodPolicy` policy ARN for later usage:

```
aws iam list-policies --scope Local
```

The policy's ARN looks like this:

```
arn:aws:iam::123456789012:policy/XoomCloudPodPolicy
```

Policy decommission command:

```
aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy
```

### Service Account for Kubernetes

Create a Kubernetes IAM Service Account:

```
eksctl create iamserviceaccount \
  --name xoom-cloud-service-account \
  --namespace xoom \
  --cluster xoom-cloud-demo \
  --attach-policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy \
  --approve \
  --override-existing-serviceaccounts \
  --region us-east-1
```

The following is a service account decommission command:

```
eksctl delete iamserviceaccount  \
  --name xoom-cloud-service-account \
  --namespace xoom \
  --cluster xoom-cloud-demo \
  --region us-east-1
```

{% hint style="info" %}
The name `xoom-cloud-service-account` must not be changed because it is used by XOOM Cloud HELM Chart.
{% endhint %}