LogoLogo
Public Knowledge Base
Public Knowledge BaseSupport Knowledge ArticlesPrerequisite Checklist HubSnowflakeSelf-Managed Articles
Public Knowledge Base
Public Knowledge BaseSupport Knowledge ArticlesPrerequisite Checklist HubSnowflakeSelf-Managed Articles
  • Self-hosted Immuta
    • Official Immuta Self-Managed Deployment Documentation
    • What's new in 2024.2?
    • Deployment Options
      • AWS Immuta Deployment
      • Azure Immuta Deployment
      • In-cluster PostgreSQL using Crunchydata
      • In-cluster Elasticsearch using Elastic Cloud on Kubernetes (ECK)
      • Production Linkerd with AWS Private CA issuer
      • Deploying Linkerd via Open Source Linkerd
      • Deploying Linkerd Service Mesh via Buoyant Enterprise for Linkerd
      • Uninstalling Linkerd
      • Upgrading to Immuta 2024.2 LTS
      • LTS Upgrade via Legacy Chart
      • Legacy Audit - no Elasticsearch
      • Temporal with RDS
      • Setting Up OpenSearch User Pemissions
    • Air gapped installations
      • Immuta Installation on k3s in Air Gapped environment
      • Air-gapped Installation Artifact Transfer
  • Excessive failed jobs in pgboss impacting system performance
  • Example Trino installation via Open Source Helm Chart
  • Immuta Installation on Self Managed Infrastructure Overview
  • Repeatable k3s stack deployment on AWS EC2
  • Trino OAuth2 and JWT via Okta
  • Copy of Okta Attribute Mapping
Powered by GitBook
On this page
  • Deployment Instructions
  • Configure DNS and Validate the installation

Repeatable k3s stack deployment on AWS EC2

This guide provides a streamlined approach to installing the complete Immuta software stack on a single AWS EC2 instance. It assumes knowledge of AWS infrastructure setup and uses Ansible along with AWS Secrets Manager for a smooth deployment process.

Prerequisites

  • EC2 Instance:

    • Type: m5.2xlarge

    • OS: Latest AWS Linux 2023 image

  • Networking:

    • Internet connectivity to and from the EC2 instance (Public IP)

    • DNS hostname (preferably with control over the DNS zone)

    • Security group allowing inbound on ports 22 (SSH) and 443 (HTTPS)

  • Security:

    • TLS certificate/key pair

    • Access to AWS Secrets Manager in the EC2 deployment account

    • Instance role with permissions to read secrets from AWS Secrets Manager

  • Credentials:

    • Immuta Harbor credentials

Deployment Instructions

Follow the steps below to deploy the software stack.

Only Immuta 2024.3 is supported

  1. Store Secrets in AWS Secrets Manager

    Create entries for the following keys:

    • immuta_db_password

    • tls_crt_b64

    • tls_key_b64

    • immuta_registry_user

    • immuta_registry_password

    Note: to encode your certificate and key in base64:

    cat file.crt | base64 -w0

  2. Install Dependencies on EC2 Instance

    sudo dnf install -y ansible git

  3. Clone the EC2 Deployment Repository

    git clone git@github.com:immuta/ec2-deploy.git
cd ec2-deploy

  4. Edit the immuta.yaml inventory file with your variable values: 

    # Edit the immuta.yaml inventory file and update the following variables with your own values:
---
- hosts: localhost
  become: true
  vars:
    immuta_namespace: immuta
    immuta_version: 2024.3.7
    aws_secret_name: rebtest.immuta.us
    aws_region: us-east-1

  5. Run the Ansible Playbook

    ansible-playbook immuta.yaml

Configure DNS and Validate the installation

Configure your DNS hostname to point to the public IP address of your EC2 Instance and validate connectivity:

PreviousImmuta Installation on Self Managed Infrastructure OverviewNextTrino OAuth2 and JWT via Okta

Last updated 1 month ago

Post installation state
Web App connectivity