1. Kion Success Center
  2. AWS Administration
  3. Getting Started
  4. ECS Deployment

AWS ECS Deployment: Standard Deployment

Follow

Last updated

AWS ECS Deployment: Standard Deployment 

For new installations using an AWS account where the VPC has internet access. 

Ensure you log in to the AWS account that will host your Kion instance.

We recommend installing Kion in a separate, dedicated AWS account. We do not recommend installing into the management account.

License Key

Provide the Kion team with the AWS account number where you will be performing this installation. In return, you will receive a license key that matches your account.

Prepare the Installation Files

For an ECS deployment, download the following files:

  • kion-app-ecs.yml from the release notes for the version of Kion you are installing.
  • kion-aurora.yml from here.
  • If you choose to create a new VPC: kion-vpc.yml from here.

VPC

You can create a new VPC or use an existing VPC. We recommend using 6 subnets: 3 private subnets in different availability zones that route to a NAT and 3 public subnets in matching availability zones that route to an internet gateway. To accommodate our load balancers, the subnets cannot be smaller than /27.

To use our CloudFormation template to set up a VPC:

  1. Open CloudFormation in the AWS console.
  2. Under Specify Template, select Upload a template file.
  3. Upload the kion-vpc.yml template.
  4. Name the stack kion-vpc and use the default configurations.

Database Stack

Use the kion-aurora.yml AWS CloudFormation template to launch an AWS CloudFormation stack called kion-db. If a configuration is not called out in the following instructions, it can be left with the default value.

  1. Open CloudFormation in the AWS console.
  2. Under Specify Template, select Upload a template file.
  3. Upload the kion-aurora.yml template.
  4. Name the stack kion-db.
  5. VPC ID. Enter the ID of the VPC used for this installation.
  6. Subnets. Select the private subnets of the VPC to use for this installation. At least 2 selections are required.
  7. Availability Zones. Select the availability zones that match the private subnets you selected.
  8. DB Username. Enter a user name for the database.
  9. DB Password. Create a strong password and store it securely, either natively, in Secrets Manager, or in Systems Manager (SSM) Parameter Store.
  10. Instance Type. Select an instance type that is compatible with Aurora MySQL 8+. We recommend starting with a db.r5.large. This can be updated post-deployment if needed.
  11. Number of Nodes. Match this number to the number of private subnets within your VPC.
  12. KMS Key ARN. If you are using an existing KMS Key, include it here. Otherwise, leave this blank.
  13. RDS Encryption Type. Select an encryption type for your database.
  14. Backtrack Window (optional). Configure this to allow time for admins to correct any modifications incorrectly applied to the DB. This may incur additional costs. For more information, see Amazon's article Backtracking an Aurora DB cluster.
  15. Enable Performance Insights (optional). Configure this to receive additional analytics on the performance of your database. This may incur additional costs. For more information see Amazon's article Performance Insights.

Application Stack

Use the kion-app-ecs.yml AWS CloudFormation template to launch an AWS CloudFormation stack called kion-app. If a configuration is not called out in the following instructions, it can be left with the default value.

To get the database endpoint, you can reference the Outputs tab on the kion-db AWS CloudFormation stack.

  1. Open CloudFormation in the AWS console.
  2. Under Specify Template, select Upload a template file.
  3. Upload the kion-app.yml template.
  4. Name the stack kion-app.
  5. Ensure the Unique Namespace matches the kion-db Namespace.
  6. VPC ID. This should match the VPC ID created in previous steps.
  7. Private Subnets. Select the private subnets you applied to the VPC for this installation.
  8. User Facing Subnets. Select the public subnets you applied to the VPC for this installation.
  9. Additional Security Groups. At a minimum, select the security group created by the database stack. If the Kion tasks will need any others to allow access to / from other services, select those as well.
  10. User Facing Load Balancer Scheme. Update the value to internet-facing.
  11. Allow Access from CIDR. Locate the IPv4 Address of the current IP or VPN range being used to launch the application. Additional IPs needing access to the application can be added via security groups post-deployment.
  12. Additional Security Groups. We recommended selecting the Kion VPC’s default security group during install. Then, change to a security group that allows your organization to access the application post-deployment.
  13. DB Write URL. Enter the Endpoint URL from the Outputs tab of your kion-db stack.
  14. DB Read URL. If your Kion DB contains a read-only endpoint, enter the URL here.
  15. DB Username. Enter the DB admin account user name created for your kion-db stack.
  16. DB Password Type. If you use SecureString or SecretsManager for your Kion DB, update the password type to the appropriate option.
  17. DB Password. Enter the DB admin password created for your kion-db stack. 
    1. If you use SecureString, enter the Name of your SecureString SSM parameter. 
    2. If you use SecretsManager, enter the Secret's ARN. 
      1. For SecretsManager, refer to the following support article for setup instructions: Secret Encryption and Storage
  18. Deliver to CloudWatch. Update the value to true.
previous-arrow.png PreviousNext next-arrow.png

 

Related to