Installing Pivotal Cloud Foundry on AWS
Page last updated:
Warning: Pivotal Cloud Foundry (PCF) v2.6 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.
This guide describes how to install Pivotal Cloud Foundry (PCF) on Amazon Web Services (AWS).
You can install PCF on AWS with either the Pivotal Application Service (PAS) or Pivotal Container Service (PKS) runtime. There are resource requirements specific to each runtime. Ensure you meet the requirements for your runtime and the requirements specific to AWS before installing PCF on AWS.
This section lists the following resource requirements for installing PCF on AWS:
- General PCF resource requirements. See PCF Resource Requirements.
- AWS-specific resource requirements. See AWS Resource Requirements.
This section lists PCF resource requirements for installing PCF on AWS. It includes general PCF resource requirements for both the PAS and PKS runtimes.
View one of the following, depending on your PCF runtime:
- PAS-specific PCF resource requirements. See PAS Resource Requirements.
- PKS-specific PCF resource requirements. See PKS Resource Requirements.
The following are general resource requirements for deploying and managing a PCF deployment with Ops Manager and PAS:
- PAS requires sufficient IP allocation. The following lists the minimum required IP allocations:
- One static IP address for either HAProxy or one of your Gorouters
- One static IP address for each job in the Ops Manager tile. See the Ops Manager Resource Config pane for each tile for a full list.
- One static IP address for each job listed below:
- File Storage
- MySQL Proxy
- MySQL Server
- Backup Restore Node
- MySQL Monitor
- Diego Brain
- TCP Router
- One IP for each VM instance created by the service.
- An additional IP address for each compilation worker. Use the following formula to determine the total IPs required:
IPs needed = static IPs + VM instances + compilation workers.
- Pivotal recommends that you allocate at least 36 dynamic IP addresses when deploying Ops Manager and PAS. BOSH requires additional dynamic IP addresses during installation to compile and deploy VMs, install PAS, and connect to services.
- Pivotal recommends using a network without DHCP for deploying PAS VMs.
Note: If you have DHCP, refer to the Troubleshooting Guide to avoid issues with your installation.
For PKS-specific resource requirements, see AWS Prerequisites and Resource Requirements.
The following are AWS-specific resource requirements for installing PCF on AWS with an external database and external file storage:
Installing PCF on AWS requires a minimum of the following VM instance limits in your AWS account. The number of VMs required depends on the number of tiles and availability zones you plan to deploy. The following VM guidelines apply to the PAS, Small Footprint PAS, and PKS runtimes:
- PAS: At a minimum, a new AWS deployment requires the following VMs for PAS:
AWS Requirements VM Name VM Type Default VM Count Required or Optional VM PAS NATS t3.micro 2 Required File Storage m5.large 1 Optional MySQL Proxy t3.micro 2 Optional MySQL Server r5.large 3 Optional Backup Restore Node t3.micro 1 Optional Diego BBS t3.micro 3 Required UAA m5.large 2 Required Cloud Controller m5.large 2 Required HAProxy t3.micro 0 Optional Router t3.micro 3 Required MySQL Monitor t3.micro 1 Optional Clock Global t3.medium 2 Required Cloud Controller Worker t3.micro 2 Required Diego Brain t3.small 3 Required Diego Cell r5.xlarge 3 Required Loggregator Traffic Controller t3.micro 2 Required Syslog Adapter t3.micro 3 Required Syslog Scheduler t3.micro 2 Required Doppler Server m5.large 3 Required TCP Router t3.micro 0 Optional CredHub r5.large 2 Optional Istio Router r5.large 0 Optional Istio Control r5.large 0 Optional Route Syncer r5.large 0 Optional Ops Manager BOSH Director m5.large 1 Required
Note: If you are deploying a test or sandbox PCF that does not require high availability, then you can scale down the number of VM instances in your deployment. For more information, see Scaling PAS.
- Small Footprint PAS: To run Small Footprint PAS, a new AWS deployment requires:
AWS Requirements VM Name VM Type Default VM Count Minimum HA VM Count Required or Optional VM Small Footprint PAS Compute r5.xlarge 1 3 Required Control r5.xlarge 1 2 Required Database r5.large 1 3 Required Router t3.micro 1 3 Required File Storage m5.large 1 N/A Optional Backup Restore Node t3.micro 1 1 Optional MySQL Monitor t3.micro 1 1 Optional HAProxy t3.micro 0 2 Optional TCP Router t3.micro 0 1 Optional Istio Router r5.large 0 1 Optional Istio Control r5.large 0 2 Optional Route Syncer r5.large 0 1 Optional Ops Manager BOSH Director m5.large 1 N/A Required
- PKS: See AWS Prerequisites and Resource Requirements.
- PAS: At a minimum, a new AWS deployment requires the following VMs for PAS:
The following AWS resources are required for installing PCF on AWS with PAS:
- 3 Elastic Load Balancers (ELBs)
- 1 Relational Database Service. As a minimum, Pivotal recommends using a db.m5.xlarge instance with at least 100 GB of allocated storage.
- 5 S3 Buckets
To install PCF on AWS, you must:
Increase or remove the VM instance limits in your AWS account. Installing PCF requires more than the default 20 concurrent instances. For more information about VM resource requirements, see Requirements.
Configure your AWS account with the appropriate AWS region. For more information about selecting the correct region for your deployment, see Region and Availability Zone Concepts in the AWS documentation.
Install the AWS CLI. Configure the AWS CLI with the user credentials that have admin access to your AWS account. To download the AWS CLI, see AWS CLI.
Configure an AWS EC2 key pair to use with your PCF deployment. For more information, see Creating an EC2 Key Pair in the AWS documentation.
Register a wildcard domain for your PCF installation. For more information, see SSL/TLS Certificates for Classic Load Balancers in the AWS documentation.
Create an SSL certificate for your PCF domain. For more information, see the AWS documentation about SSL certificates.
Note: To deploy PCF to a production environment, you must obtain a certificate from a certificate authority. Pivotal recommends using a self-signed certificate generated by Ops Manager for development and testing purposes only.
(PAS-only) Configure sufficient IP allocation. For more information about IP allocation requirements, see PAS Resource Requirements.
(Optional) (PAS-only) Configure external storage. Pivotal recommends using external storage if possible. For more information about how file storage location affects platform performance and stability during upgrades, see Configure File Storage.
(Optional) (PAS and Ops Manager-only) Configure external databases. Pivotal recommends using external databases in production deployments for BOSH Director and PAS. An external database must be configured to use the UTC timezone.
(Optional) (PAS and Ops Manager-only) Configure external user stores. When you deploy PCF, you can select a SAML user store for Ops Manager or a SAML or LDAP user store for PAS, to integrate existing user accounts.
You can install PCF on AWS either manually or using Terraform.
To install PCF on AWS, do one of the following:
- Install PCF on AWS manually. See Installing PCF on AWS Manually.
- Install PCF on AWS using Terraform. See Install PCF on AWS Using Terraform.
The following are additional resources related to installing PCF on AWS:
For information about AWS identity and access management, see What is IAM? in the AWS documentation.
For information about users, groups, and roles in AWS, see Identities (Users, Groups, and Roles) in the AWS documentation.
For best practices for managing IaaS users and permissions, see Temporary Security Credentials in the AWS documentation.
For recommendations on how to create and scope AWS accounts for PCF, see AWS Permissions Guidelines.
For more information about certificate requirements for installing PCF, see Certificate Requirements.