Step 1: Launch the product
Follow the step-by-step instructions in this section to configure and deploy the product into your account.
Time to deploy: Approximately 60 minutes
You can
download the CloudFormation template
If you are deploying in AWS GovCloud (US-West), use this
template
res-stack - Use this template to launch the product and all associated components. The default configuration deploys the RES main stack and authentication, frontend, and backend resources.
Note
AWS CloudFormation resources are created from AWS Cloud Development Kit (AWS CDK) (AWS CDK) constructs.
The AWS CloudFormation template deploys Research and Engineering Studio on AWS in the AWS Cloud. You must meet the prerequisites before launching the stack.
Sign in to the AWS Management Console and open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation
. -
Launch the template
. To deploy in AWS GovCloud (US-West), launch this template
. -
The template launches in the US East (N. Virginia) Region by default. To launch the solution in a different AWS Region, use the Region selector in the console navigation bar.
Note
This product uses the Amazon Cognito service, which is not currently available in all AWS Regions. You must launch this product in an AWS Region where Amazon Cognito is available. For the most current availability by Region, see the AWS Regional Services List
. -
Under Parameters, review the parameters for this product template and modify them as necessary. If you deployed the automated external resources, you can find these parameters in the Outputs tab of the external resources stack.
Parameter Default Description EnvironmentName <res-demo>
A unique name given to your RES environment starting with res-, no longer than 11 characters, and no capital letters. AdministratorEmail The email address for the user completing setup of the product. This user additionally functions as a break-glass user if there is an active directory single sign on integration failure. InfrastructureHostAMI ami- [numbers or letters only]
(Optional) You may provide a custom AMI id to use for all the infrastructure hosts. The current supported base OS is Amazon Linux 2. For more information, see Configure RES-ready AMIs. SSHKeyPair The key pair used to connect to infrastructure hosts. ClientIP x.x.x
.0/24 orx.x.x
.0/32IP address filter which limits connection to the system. You can update the ClientIpCidr after deployment. ClientPrefixList (Optional) Provide a managed prefix list for IPs allowed to directly access the web UI and SSH into the bastion host. IAMPermissionBoundary
(Optional) You may provide a managed policy ARN that will be attached as a permission boundary to all roles created in RES. For more information, see Setting custom permission boundaries. VpcId ID for the VPC where instances will launch. IsLoadBalancerInternetFacing Select true to deploy internet facing load balancer (Requires public subnets for load balancer). For deployments that need restricted internet access, select false. LoadBalancerSubnets Select at least two subnets in different Availability Zones where load balancers will launch. For deployments that need restricted internet access, select private subnets. For deployments that need internet access, select public subnets. If more than two were created by the external networking stack, select all that were created. InfrastructureHostSubnets Select at least two private subnets in different Availability Zones where infrastructure hosts will launch. If more than two were created by the external networking stack, select all that were created. VdiSubnets Select at least two private subnets in different Availability Zones where VDI instances will launch. If more than two were created by the external networking stack, select all that were created. ActiveDirectoryName corp.res.com
Domain for the active directory. It does not need to match the portal domain name. ADShortName corp
The short name for the active directory. This is also called the NetBIOS name. LDAP Base DC=corp,DC=res,DC=com
An LDAP path to the base within the LDAP hierarchy. LDAPConnectionURI A single ldap:// path that can be reached by the active directory's host server. If you deployed the automated external resources with the default AD domain, you can use ldap://corp.res.com. ServiceAccountCredentialsSecretArn Provide a Secret ARN which contains the username and password for the Active Directory ServiceAccount user, formatted as a username:password key/value pair. UsersOU Organizational unit within AD for users that will sync. GroupsOU Organizational unit within AD for groups that will sync. SudoersGroupName RESAdministrators Group name that contains all users with sudoer access on instances at install and administrator access on RES. ComputersOU Organizational unit within AD that instances will join. DomainTLSCertificateSecretARN (Optional) Provide a domain TLS certificate secret ARN to enable TLS communication to AD. EnableLdapIDMapping Determines if UID and GID numbers are generated by SSSD or if the numbers provided by the AD are used. Set to True to use SSSD generated UID and GID, or False to use UID and GID provided by the AD. For most cases this parameter should be set to True. DisableADJoin False To prevent Linux hosts from joining the directory domain, change to True. Otherwise, leave in the default setting of False. ServiceAccountUserDN Provide the distinguished name (DN) of the service account user in Directory. SharedHomeFilesystemID An EFS ID to use for the shared home filesystem for Linux VDI hosts. CustomDomainNameforWebApp (Optional) Subdomain used by the web portal to provide links for the web portion of the system. CustomDomainNameforVDI (Optional) Subdomain used by the web portal to provide links for the VDI portion of the system. ACMCertificateARNforWebApp (Optional) When using the default configuration, the product hosts the web application under the domain amazonaws.com. You may host the product services under your domain. If you deployed the automated external resources, this was generated for you and the information can be found in the Outputs of the res-bi stack. If you need to generate a certificate for your web application, see Configuration guide. CertificateSecretARNforVDI (Optional) This ARN secret stores the public certificate for your web portal's public certificate. If you set a portal domain name for your automated external resources, you can find this value under the Outputs tab of the res-bi stack. PrivateKeySecretARNforVDI (Optional) This ARN secret stores the private key for your web portal's certificate. If you set a portal domain name for your automated external resources, you can find this value under the Outputs tab of the res-bi stack. -
Choose Create stack to deploy the stack.
You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive a CREATE_COMPLETE status in approximately 60 minutes.