# Set up the Deadline Cloud monitor
To get started, you'll need to create your Deadline Cloud farm infrastructure, including a monitor, queue, and fleet. You can also perform additional, optional steps including adding groups and users, choosing a service role, and adding tags to your resources.
## Step 1: Create your monitor
The Deadline Cloud monitor uses AWS IAM Identity Center to authorize users. By default, the IAM Identity Center instance that you use for Deadline Cloud must be in the same AWS Region as the monitor. However, if you have Multi-Region support enabled in IAM Identity Center, you can create a monitor in a different Region. For more information, see [What is AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html). If your console is using a different Region when you create the monitor, you'll get a reminder to change to the IAM Identity Center Region.
Your monitor's infrastructure consists of the following components:
+ **Monitor name**: The **Monitor name** is how you can identify your monitor — for example *AnyCompany monitor*. Your monitor's name also determines your **monitor URL**.
+ **Monitor URL**: You can access your monitor by using the **Monitor URL**. The URL is based on the **Monitor name** — for example *https://anycompanymonitor.awsapps.com*.
+ **AWS Region**: The **AWS Region** is the physical location for a collection of AWS data centers. When you set up your monitor, the Region defaults to the closest location to you. We recommend changing the Region so it is located closest to your users. This reduces lag and improves data transfer speeds. By default, AWS IAM Identity Center must be enabled in the same AWS Region as Deadline Cloud, unless you have Multi-Region support enabled in IAM Identity Center. For more information, see [What is AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
**Important**
You can't change your Region after you finish setting up Deadline Cloud.
Complete the tasks in this section to configure your monitor's infrastructure.
**To configure your monitor's infrastructure**
1. Sign in to the **AWS Management Console** to start the Welcome to Deadline Cloud setup, then choose **Next**.
1. Enter the **Monitor name** — for example **AnyCompany Monitor**.
1. (Optional) To change the **Monitor URL**, choose **Edit URL**.
1. (Optional) To change the **AWS Region** so it's closest to your users, choose **Change Region**.
1. Select the Region closest to your users.
1. Choose **Apply Region**.
1. (Optional) To further customize your monitor setup, select **[Additional settings](#additional-monitor-settings)**.
1. If you are ready for [Step 2: Define farm details](define-the-farm.md), choose **Next**.
### Additional settings
Deadline Cloud setup includes additional settings. With these settings, you can view all the changes Deadline Cloud setup makes to your AWS account, configure your monitor user role, and change your encryption key type.
#### AWS IAM Identity Center
AWS IAM Identity Center is a cloud-based single sign-on service for managing users and groups. IAM Identity Center can also be integrated with your enterprise single sign-on (SSO) provider so that users can sign in with their company account.
Deadline Cloud enables IAM Identity Center by default, and it is required to set up and use Deadline Cloud. By default, the IAM Identity Center instance that you use for Deadline Cloud must be in the same AWS Region as the monitor. However, if you have Multi-Region support enabled in IAM Identity Center, you can create a monitor in a different Region. For more information, see [What is AWS IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html).
#### Configure service access role
An AWS service can assume a service role to perform actions on your behalf. Deadline Cloud requires a monitor user role for it to give users access to resources in your monitor.
You can attach AWS Identity and Access Management (IAM) managed policies to the monitor user role. The policies give users permissions to perform certain actions, such as creating jobs in a specific Deadline Cloud application. Because applications depend on specific conditions in the managed policy, if you don’t use the managed policies, the application might not perform as expected.
You can change the monitor user role after you complete setup, at any time. For more information about user roles, see [IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html#id_iam-roles).
The following tabs contain instructions for two different use cases. To create and use a new service role, choose the **New service role** tab. To use an existing service role, choose the **Existing service role** tab.
------
#### [ New service role ]
**To create and use a new service role**
1. Select **Create and use a new service role**.
1. (Optional) Enter a **Service user role** name.
1. Choose **View permission details** for more information about the role.
------
#### [ Existing service role ]
**To use an existing service role**
1. Select **Use an existing service role**.
1. Open the dropdown list to choose an existing service role.
1. (Optional) Choose **View in IAM console** for more information about the role.
------
# Step 2: Define farm details
Back on the Deadline Cloud console, complete the following steps to define the farm details.
1. In **Farm details**, add a **Name** for the farm.
1. For **Description**, enter the farm description. A description can help you identify your farm's purpose.
1. Create a group and add uses for your farm. After you set up your farm, you can use the Deadline Cloud management console to add or change groups and users.
1. (Optional) Choose **Additional farm settings**.
1. (Optional) By default, your data is encrypted with a key that AWS owns and manages for your security. You can choose **Customize encryption settings (advanced)** to use an existing key or to create a new one that you manage.
If you choose to customize encryption settings using the checkbox, enter a AWS KMS ARN, or create a new AWS KMS by choosing **Create new KMS key**.
1. (Optional) Choose **Add new tag** to add one or more tags to your farm.
1. Choose one of the following options:
+ Select **Skip to Review and Create** to [ review and create your farm](review-and-create.md).
+ Select **Next** to proceed to additional, optional steps.
# (Optional) Step 3: Define queue details
The queue is responsible for tracking progress and scheduling work for your jobs.
1. Starting in **Queue details, **provide a **Name** for the queue.
1. For **Description**, enter the queue description. A clear description can help you quickly identify your queue's purpose.
1. For **Job attachments**, you can either create a new Amazon S3 bucket or choose an existing Amazon S3 bucket. If you don't have an existing Amazon S3 bucket, you'll need to create one.
1. To create a new Amazon S3 bucket, select **Create new job bucket**. You can define the name of the job bucket in the **Root prefix** field. We recommend calling the bucket **deadlinecloud-job-attachments-[QUEUENAME]**.
You can only use lowercase letters and dashes. No spaces or special characters.
1. To search for and select an existing Amazon S3 bucket, select **Choose from existing Amazon S3 bucket**. Then, search for an existing bucket by choosing **Browse S3**. When the list of your available Amazon S3 buckets display, select the Amazon S3 bucket you want to use for your queue.
1. (Optional) Choose **Additional farm settings**.
1. If you are using customer-managed fleets, select **Enable association with customer-managed fleets**.
1. For customer-managed fleets, add a **Queue-configured user**, and then set the POSIX and/or Windows credentials. Alternatively, you can bypass the run-as functionality by selecting the checkbox.
1. If you want to set a budget for a queue, choose **Require a budget for this queue**. If you require a budget, you must create the budget using the Deadline Cloud console to schedule jobs in the queue.
1. Your queue requires permission to access Amazon S3 on your behalf. We recommend you create a new service role for every queue.
1. For a new role, complete the following steps.
1. Select **Create and use a new service role**.
1. Enter a **Role name** for your queue role or use the provided role name.
1. (Optional) Add a queue role **Description**.
1. You can view the IAM permissions for the queue role by choosing **View permission details**.
1. Alternatively, you can select an existing service role.
1. (Optional) Add environment variables for the queue environment using name and value pairs.
1. (Optional) Add tags for the queue using key and value pairs.
Choose one of the following options:
+ Select **Skip to Review and Create** to [ review and create your farm](review-and-create.md).
+ Select **Next** to proceed to additional, optional steps.
# (Optional) Step 4: Define fleet details
A fleet allocates workers to execute your rendering tasks. If you need a fleet for your rendering tasks, check the box for **Create fleet**.
1. **Fleet details**
1. Provide both a **Name** and optional **Description** for your fleet.
1. Review the fleet type and operating system for awareness.
1. In the **Instance market type** section, choose either **Spot**, **On-demand**, or **Wait and Save Instance**. Amazon EC2 On-demand instances provide faster availability and Amazon EC2 Spot and Wait and Save instances are better for cost saving efforts.
1. For **Auto scaling** the number of instances in your fleet, choose both a **Minimum** number of instances and a **Maximum** number of instances.
We strongly recommend to always set the minimum number of instances to **0** to avoid incurring extra costs.
1. Review the worker capabilities for awareness.
1. (optional) Choose **Additional fleet settings**
1. Your fleet requires permission to write to CloudWatch on your behalf. We recommend you create a new service role for every fleet.
1. For a new role, complete the following steps.
1. Select **Create and use a new service role**.
1. Enter a **Role name** for your fleet role or use the provided role name.
1. (Optional) Add a fleet role **Description**.
1. To view the IAM permissions for the fleet role, choose **View permission details**.
1. Alternatively, you can use an existing service role.
1. (Optional) Add tags for the fleet using key and value pairs.
After you enter all the fleet details, choose **Next**.
# Step 5: Review and create
Review the information entered to create your farm. When you're ready, choose **Create farm**.
The progress of your farm's creation is displayed on the **Farms** page. A success message displays when your farm is ready for use.