AWS Infrastructure

Prerequisite Tools

It is helpful to have prior knowledge of Kubernetes (and kubectl), AWS Command Line Interface (CLI), Amazon EKS, AWS IAM, HELM, HELM, and YAML.

Throughout this documentation 123456789012 has been used as an example of an AWS Account Id. Please replace it with your AWS Account Id.

Kubernetes and kubectl

To use XOOM Cloud you will need to install some tools. The following provides the most common options.

This is the installation guide for kubectl:

As an alternative, Docker Desktop (free for small businesses) can be used as well. It provides a Kubernetes development environment and comes together with kubectl command. Here are the installation instructions for Docker Desktop:

AWS Command Line Interface (CLI)

This is the installation guide for aws command line tool:

It is recommended that you install v2 of the AWS CLI. Configure this tool by running:

$ aws configure

Amazon EKS

You will use EKS, the Amazon Elastic Kubernetes Service. See the documentation for EKS:

See also the Installation guide for the eksctl command line tool:

AWS IAM

There will be some use of the AWS IAM, the Identity and Access Management components. You will find the documentation here:

HELM

HELM is a package manager for Kubernetes. To installation the tool, see the quite-start guide for the helm command line tool:

Kubernetes Cluster

eksctl create cluster \
  --name xoom-cloud-demo \
  --version 1.23 \
  --region us-east-1 \
  --nodegroup-name xoom-cloud-demo-nodes \
  --node-type t2.large \
  --nodes 2 \
  --nodes-min 1 \
  --nodes-max 2 \
  --with-oidc \
  --managed

Please replace xoom-cloud-demo and us-east-1 values with the ones most appropriate for your service or application. Note that the creation of a Kubernetes Cluster requires approximately 30 minutes.

To decommission the cluster, use the following command, which is also parameterized with the xoom-cloud-demo that must be replaced with your service or application name:

eksctl delete cluster --name xoom-cloud-demo --region us-east-1

AWS IAM

The XOOM Cloud Operator requires a Kubernetes Service Account with IAM roles in order to access Amazon Marketplace Metering API.

IAM Policy

Create an AWS IAM policy:

aws iam create-policy \
  --policy-name XoomCloudPodPolicy \
  --policy-document file://xoom-cloud-pod-policy.json

Content for xoom-cloud-pod-policy.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "aws-marketplace:RegisterUsage"
            ],
            "Resource": "*"
        }
    ]
}

The command will output policy information including policy ARN. Please save this ARN. You will need it at the next step.

Alternatively, you can check the policies by running the following command and save XoomCloudPodPolicy policy ARN for later usage:

aws iam list-policies --scope Local

The policy's ARN looks like this:

arn:aws:iam::123456789012:policy/XoomCloudPodPolicy

Policy decommission command:

aws iam delete-policy --policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy

Service Account for Kubernetes

Create a Kubernetes IAM Service Account:

eksctl create iamserviceaccount \
  --name xoom-cloud-service-account \
  --namespace xoom \
  --cluster xoom-cloud-demo \
  --attach-policy-arn arn:aws:iam::123456789012:policy/XoomCloudPodPolicy \
  --approve \
  --override-existing-serviceaccounts \
  --region us-east-1

The following is a service account decommission command:

eksctl delete iamserviceaccount  \
  --name xoom-cloud-service-account \
  --namespace xoom \
  --cluster xoom-cloud-demo \
  --region us-east-1