Repeatable k3s stack deployment on AWS EC2

This guide provides a streamlined approach to installing the complete Immuta software stack on a single AWS EC2 instance. It assumes knowledge of AWS infrastructure setup and uses Ansible along with AWS Secrets Manager for a smooth deployment process.

Prerequisites

  • EC2 Instance:

    • Type: m5.2xlarge

    • OS: Latest AWS Linux 2023 image

  • Networking:

    • Internet connectivity to and from the EC2 instance (Public IP)

    • DNS hostname (preferably with control over the DNS zone)

    • Security group allowing inbound on ports 22 (SSH) and 443 (HTTPS)

  • Security:

    • TLS certificate/key pair

    • Access to AWS Secrets Manager in the EC2 deployment account

    • Instance role with permissions to read secrets from AWS Secrets Manager

  • Credentials:

    • Immuta Harbor credentials

Deployment Instructions

Follow the steps below to deploy the software stack.

  1. Store Secrets in AWS Secrets Manager

    Create entries for the following keys:

    • immuta_db_password

    • tls_crt_b64

    • tls_key_b64

    • immuta_registry_user

    • immuta_registry_password

    Note: to encode your certificate and key in base64:

    cat file.crt | base64 -w0
  2. Install Dependencies on EC2 Instance

    sudo dnf install -y ansible git
  3. Clone the EC2 Deployment Repository

    git clone [email protected]:immuta/ec2-deploy.git
    cd ec2-deploy
  4. Edit the immuta.yaml inventory file with your variable values:

    # Edit the immuta.yaml inventory file and update the following variables with your own values:
    ---
    - hosts: localhost
      become: true
      vars:
        immuta_namespace: immuta
        immuta_version: 2024.3.7
        aws_secret_name: rebtest.immuta.us
        aws_region: us-east-1
  5. Run the Ansible Playbook

    ansible-playbook immuta.yaml
Post installation state

Configure DNS and Validate the installation

Configure your DNS hostname to point to the public IP address of your EC2 Instance and validate connectivity:

Web App connectivity

Last updated