Repeatable k3s stack deployment on AWS EC2

This guide provides a streamlined approach to installing the complete Immuta software stack on a single AWS EC2 instance. It assumes knowledge of AWS infrastructure setup and uses Ansible along with AWS Secrets Manager for a smooth deployment process.

Prerequisites

EC2 Instance:
- Type: m5.2xlarge
- OS: Latest AWS Linux 2023 image
Networking:
- Internet connectivity to and from the EC2 instance (Public IP)
- DNS hostname (preferably with control over the DNS zone)
- Security group allowing inbound on ports 22 (SSH) and 443 (HTTPS)
Security:
- TLS certificate/key pair
- Access to AWS Secrets Manager in the EC2 deployment account
- Instance role with permissions to read secrets from AWS Secrets Manager
Credentials:
- Immuta Harbor credentials

Deployment Instructions

Follow the steps below to deploy the software stack.

Only Immuta 2024.3 is supported

Store Secrets in AWS Secrets Manager
Create entries for the following keys:
- immuta_db_password
- tls_crt_b64
- tls_key_b64
- immuta_registry_user
- immuta_registry_password
Note: to encode your certificate and key in base64:
```
cat file.crt | base64 -w0
```
Install Dependencies on EC2 Instance
```
sudo dnf install -y ansible git
```

Clone the EC2 Deployment Repository

git clone [email protected]:immuta/ec2-deploy.git
cd ec2-deploy

Edit the immuta.yaml inventory file with your variable values:

# Edit the immuta.yaml inventory file and update the following variables with your own values:
---
- hosts: localhost
  become: true
  vars:
    immuta_namespace: immuta
    immuta_version: 2024.3.7
    aws_secret_name: rebtest.immuta.us
    aws_region: us-east-1

Run the Ansible Playbook
```
ansible-playbook immuta.yaml
```

Configure DNS and Validate the installation

Configure your DNS hostname to point to the public IP address of your EC2 Instance and validate connectivity:

PreviousImmuta Installation on Self Managed Infrastructure Overview NextTrino OAuth2 and JWT via Okta

Last updated 3 months ago