Required AWS Objects

Page last updated:

This topic describes the objects you create in Amazon Web Services (AWS) in order to deploy Pivotal Platform.

Overview

Use this topic to determine the resource requirements of Pivotal Platform on AWS, or to verify that you created the correct resources after completing the procedures in Preparing to Deploy Ops Manager on AWS Manually and Deploying Ops Manager on AWS Manually.

S3 Buckets for Ops Manager and PAS

You must create the following S3 buckets from the S3 Dashboard:

  • pcf-ops-manager-bucket
  • pcf-buildpacks-bucket
  • pcf-packages-bucket
  • pcf-resources-bucket
  • pcf-droplets-bucket

These buckets must be empty when you install or reinstall Pivotal Platform.

See Step 2: Create S3 Buckets in Preparing to Deploy Ops Manager on AWS Manually.

IAM User for Pivotal Platform

You must create an IAM user for Pivotal Platform named pcf-user from the Identity and Access Management Dashboard, using the policy document included in the Pivotal Platform for AWS Policy Document topic.

See Step 3: Create an IAM User for Pivotal Platform in Preparing to Deploy Ops Manager on AWS Manually.

Key Pair

You must generate a key pair named pcf-ops-manager-key. For more information about setting up a key pair, see Amazon EC2 Key Pairs in the AWS documentation.

VPC (Public and Private Subnets)

You must create a VPC with public and private subnets from the VPC Dashboard.

The following table lists the subnets in CIDR block 10.0.0.0/16.

Name AZ IPv4 CIDR block
pcf-public-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.0.0/24
pcf-public-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.1.0/24
pcf-public-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.2.0/24
pcf-management-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.16.0/28
pcf-management-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.16.16/28
pcf-management-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.16.32/28
pcf-ert-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.4.0/24
pcf-ert-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.5.0/24
pcf-ert-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.6.0/24
pcf-services-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.8.0/24
pcf-services-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.9.0/24
pcf-services-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.10.0/24
pcf-rds-subnet-az0 REGION-#a (for example, us-west-2a) 10.0.12.0/24
pcf-rds-subnet-az1 REGION-#b (for example, us-west-2b) 10.0.13.0/24
pcf-rds-subnet-az2 REGION-#c (for example, us-west-2c) 10.0.14.0/24

See Step 4: Create a VPC in Preparing to Deploy Ops Manager on AWS Manually.

NAT Instance

You must create a NAT instance when creating a VPC. The NAT instance must have the following configuration:

  • Instance type: t3.medium
  • Key pair name: pcf-ops-manager-key
  • Enable DNS hostnames: Yes
  • Hardware tenancy: Default

See Step 4: Create a VPC in Preparing to Deploy Ops Manager on AWS Manually.

You must also assign the NAT instance to the pcf-nat-security-group. See Step 6: Secure the NAT Instance in Deploying Ops Manager on AWS Manually.

Security Groups

The following sections describe the security groups you must create from the EC2 Dashboard.

Ops Manager

The Ops Manager Security Group must be named pcf-ops-manager-security-group and have the following inbound rules:

Type Protocol Port Range Source
HTTP TCP 80 My IP
HTTPS TCP 443 My IP
SSH TCP 22 My IP
BOSH Agent TCP 6868 10.0.0.0/16
BOSH Director TCP 25555 10.0.0.0/16

See Step 5: Configure a Security Group for Ops Manager in Preparing to Deploy Ops Manager on AWS Manually.

Pivotal Platform VMs

The Pivotal Platform VMs Security Group must be named pcf-vms-security-group and have the following inbound rule:

Type Protocol Port Range Source
All traffic All 0 - 65535 Custom IP 10.0.0.0/16

See Step 6: Configure a Security Group for Pivotal Platform VMs in Preparing to Deploy Ops Manager on AWS Manually.

Web ELB

The Web ELB Security Group must be named pcf-web-elb-security-group and have the following inbound rules:

Type Protocol Port Range Source
Custom TCP rule TCP 4443 Anywhere 0.0.0.0/0
HTTP TCP 80 Anywhere 0.0.0.0/0
HTTPS TCP 443 Anywhere 0.0.0.0/0

See Step 7: Configure a Security Group for the Web ELB in Preparing to Deploy Ops Manager on AWS Manually.

SSH ELB

The SSH ELB Security Group must be named pcf-ssh-elb-security-group and have the following inbound rule:

Type Protocol Port Range Source
Custom TCP rule TCP 2222 Anywhere 0.0.0.0/0

The SSH ELB Security Group must have the following outbound rule:

Type Protocol Port Range Source
All traffic All All Anywhere 0.0.0.0/0

See Step 8: Configure a Security Group for the SSH ELB in Preparing to Deploy Ops Manager on AWS Manually.

TCP ELB

The TCP ELB Security Group must be named pcf-tcp-elb-security-group and have the following inbound rule:

Type Protocol Port Range Source
Custom TCP rule TCP 1024 - 1123 Anywhere 0.0.0.0/0

The TCP ELB Security Group must have the following outbound rule:

Type Protocol Port Range Source
All traffic All All Anywhere 0.0.0.0/0

See Step 9: Configure a Security Group for the TCP ELB in Preparing to Deploy Ops Manager on AWS Manually.

Outbound NAT

The Outbound NAT Security Group must be named pcf-nat-security-group and have the following inbound rule:

Type Protocol Port Range Source
All traffic All All Custom IP 10.0.0.0/16

See Step 10: Configure a Security Group for the Outbound NAT in Preparing to Deploy Ops Manager on AWS Manually.

MySQL

The MySQL Security Group must be named pcf-mysql-security-group and have the following inbound rules:

Type Protocol Port Range Source
MySQL TCP 3306 Custom IP 10.0.0.0/16

The MySQL Security Group must have the following outbound rules:

Type Protocol Port Range Destination
All traffic All All Custom IP 10.0.0.0/16

See Step 11: Configure a Security Group for MySQL in Preparing to Deploy Ops Manager on AWS Manually.

Ops Manager AMI

You must locate the public Ops Manager AMI using the AMI ID provided by the PDF downloaded when clicking Pivotal Ops Manager for AWS on Pivotal Network.

See Step 1: Launch a Pivotal Ops Manager AMI in Deploying Ops Manager on AWS Manually.

ELBs

The following sections describe the ELBs you must create from the EC2 Dashboard.

Web ELB

You must create a web ELB with the following configuration:

  • Name: pcf-web-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-elb-security-group
  • Health Check: TCP Port 8080, Path: /health

See Step 2: Create Web Load Balancer in Deploying Ops Manager on AWS Manually.

SSH ELB

  • Name: pcf-ssh-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-ssh-security-group
  • Health Check: TCP Port 2222

See Step 3: Create SSH Load Balancer in Deploying Ops Manager on AWS Manually.

TCP ELB

  • Name: pcf-tcp-elb
  • LB Inside: pcf-vpc
  • Selected Subnet: pcf-public-subnet-az0, pcf-public-subnet-az1, pcf-public-subnet-az2
  • Security Group: pcf-tcp-security-group
  • Health Check: TCP Port 80

See Step 4: Create TCP Load Balancer in Deploying Ops Manager on AWS Manually.

DNS Configuration

You must navigate to your DNS provider and create CNAME and A records for all three of your load balancers.

See Step 5: Configure DNS Records in Deploying Ops Manager on AWS Manually.

RDS Subnet Group

You must create a subnet group for RDS named pcf-rds-subnet-group from the RDS Dashboard.

See Step 7: Create RDS Subnet Group in Deploying Ops Manager on AWS Manually.

MySQL Database

You must create a MySQL database from the RDS Dashboard.

See Step 8: Create a MySQL Database using AWS RDS in Deploying Ops Manager on AWS Manually.