Repeatable k3s stack deployment on AWS EC2

This guide provides a streamlined approach to installing the complete Immuta software stack on a single AWS EC2 instance. It assumes knowledge of AWS infrastructure setup and uses Ansible along with AWS Secrets Manager for a smooth deployment process.

Prerequisites

• EC2 Instance:

  • Type: m5.2xlarge

  • OS: Latest AWS Linux 2023 image

• Networking:

  • Internet connectivity to and from the EC2 instance (Public IP)

  • DNS hostname (preferably with control over the DNS zone)

  • Security group allowing inbound on ports 22 (SSH) and 443 (HTTPS)

• Security:

  • TLS certificate/key pair

  • Access to AWS Secrets Manager in the EC2 deployment account

  • Instance role with permissions to read secrets from AWS Secrets Manager

• Credentials:

  • Immuta Harbor credentials

Deployment Instructions

Follow the steps below to deploy the software stack.

1. Store Secrets in AWS Secrets Manager

   Create entries for the following keys:

   • immuta_db_password

   • tls_crt_b64

   • tls_key_b64

   • immuta_registry_user

   • immuta_registry_password

   

   Note: to encode your certificate and key in base64:

2. Install Dependencies on EC2 Instance

3. Clone the EC2 Deployment Repository

4. Edit the immuta.yaml inventory file with your variable values:

5. Run the Ansible Playbook

Configure DNS and Validate the installation

Configure your DNS hostname to point to the public IP address of your EC2 Instance and validate connectivity: