PCF on AWS Requirements

Page last updated:

This topic lists the requirements for installing Pivotal Cloud Foundry (PCF) on Amazon Web Services (AWS).

General Requirements

The following are general requirements for deploying and managing a PCF deployment with Ops Manager and Pivotal Application Service (PAS):

  • A wildcard DNS record that points to your router or load balancer. Alternatively, you can use a service such as xip.io. For example, 203.0.113.0.xip.io.

    • PAS gives each application its own hostname in your app domain.
    • With a wildcard DNS record, every hostname in your domain resolves to the IP address of your router or load balancer, and you do not need to configure an A record for each app hostname. For example, if you create a DNS record *.example.com pointing to your load balancer or router, every application deployed to the example.com domain resolves to the IP address of your router.
  • At least one wildcard TLS certificate that matches the DNS record you set up above, *.example.com.

  • Sufficient IP allocation:

    • One static IP address for either HAProxy or one of your gorouters
    • One static IP address for each job in the Ops Manager tile. See the Resource Config pane for each tile for a full list.
    • One static IP address for each job listed below:
      • Consul
      • NATS
      • File Storage
      • MySQL Proxy
      • MySQL Server
      • Backup Restore Node
      • HAProxy
      • Router
      • MySQL Monitor
      • Diego Brain
      • TCP Router
    • One IP for each VM instance created by the service.
    • An additional IP address for each compilation worker. So the formula for total IPs needed is IPs needed = static IPs + VM instances + compilation workers.

      Note: Pivotal recommends that you allocate at least 36 dynamic IP addresses when deploying Ops Manager and PAS. BOSH requires additional dynamic IP addresses during installation to compile and deploy VMs, install PAS, and connect to services.

  • One or more NTP servers if not already provided by your IaaS.

  • (Recommended) A network without DHCP available for deploying the PAS VMs.

    Note: If you have DHCP, refer to the Troubleshooting Guide to avoid issues with your installation.

  • (Optional) External storage. When you deploy PCF, you can select internal file storage or external file storage, either network-accessible or IaaS-provided, as an option in the PAS tile. Pivotal recommends using external storage whenever possible. See Upgrade Considerations for Selecting File Storage in Pivotal Cloud Foundry for a discussion of how file storage location affects platform performance and stability during upgrades.

  • (Optional) External databases. When you deploy PCF, you can select internal or external databases for the BOSH Director and for PAS. Pivotal recommends using external databases in production deployments. An external database must be configured to use the UTC timezone.

  • (Optional) External user stores. When you deploy PCF, you can select a SAML user store for Ops Manager or a SAML or LDAP user store for PAS, to integrate existing user accounts.

  • The most recent version of the Cloud Foundry Command Line Interface (cf CLI).

 

AWS Requirements

The following are the minimum resource requirements for maintaining a high-availability (HA) Pivotal Cloud Foundry (PCF) deployment with Ops Manager and Pivotal Application Service (PAS) on Amazon Web Services infrastructure:

Note: These requirements assume you are using an external database and external file storage.

  • 3 Elastic Load Balancers
  • 1 Relational Database Service. As a minimum, Pivotal recommends using a db.m3.xlarge instance with at least 100 GB of allocated storage.
  • 5 S3 Buckets
  • EC2 instances (VMs):
    • PAS: At a minimum, a new AWS deployment requires the following VMs for PAS:
      PAS and Ops Manager VM Type VM Count
      t2.micro 24
      m4.large 5
      c4.xlarge 4
      r4.large 3
      t2.small 3
      t2.medium 1
      By default, PAS deploys the number of VM instances required to run a highly available configuration of PCF. If you are deploying a test or sandbox PCF that does not require HA, you can scale down the number of instances in your deployment. For information about the number of instances required to run a minimal, non-HA PCF deployment, see Scaling PAS.
    • Small Footprint PAS: To run Small Footprint PAS, a new AWS deployment requires:
      AWS Requirements VM Type VM Count Notes
      Small Footprint PAS m4.large 1
      r4.large 1
      r4.xlarge 2
      t2.micro 13 Add 1 to count if using HAProxy
      t2.small 3
      Ops Manager m4.large 1
      c4.xlarge 4

In addition to the resources above, you must have the following to install PCF on AWS:

  • An AWS account that can accommodate the minimum resource requirements for a PCF installation.
  • The appropriate region selected within your AWS account. For help selecting the correct region for your deployment, see the AWS documentation about regions and availability zones.
  • The AWS CLI installed on your machine and configured with user credentials that have admin access to your AWS account.
  • Sufficiently high instance limits, or no instance limits, on your AWS account. Installing PCF requires more than the default 20 concurrent instances.
  • A key pair to use with your PCF deployment. For more information, see the AWS documentation about creating a key pair.
  • A registered wildcard domain for your PCF installation. You need this registered domain when configuring your SSL certificate and Cloud Controller. For more information, see the AWS documentation about Creating a Server Certificate.
  • An SSL certificate for your PCF domain. This can be a self-signed certificate, but Pivotal recommends using a self-signed certificate for testing and development. You should obtain a certificate from your Certificate Authority for use in production. For more information, see the AWS documentation about SSL certificates.

Certificate Requirements on AWS

If you are deploying PCF on AWS, then the certificate that you configure in PAS must match the certificate that you upload to AWS as a prerequisite to PCF deployment.

See Certificate Requirements for general certificate requirements for deploying PCF.

AWS Security Documents

AWS Permissions Guidelines

Pivotal recommends following the principle of least privilege by scoping privileges to the most restrictive permissions possible for a given role. See AWS Permissions Guidelines for recommendations on how to create and scope AWS accounts for PCF.

Delete PCF on AWS

You can use the AWS console to remove an installation of all components, but retain the objects in your bucket for a future deployment:

Create a pull request or raise an issue on the source for this page in GitHub