Pre-Requisites
Installation of IDEA is automated via Docker. Make sure you have the following tools installed/configured on your system prior to launching the installation:
Docker
You must have Docker installed on your environment if you want to proceed to a standard 1-click installation. If needed, you can download and install Docker from the official Docker website.
Refer to this guide to avoid permissions issues while running Docker as a non-root user.
Docker License: Please ensure you or your organization adheres to the Docker Subscription Service Agreement. Otherwise you must proceed to a manual installation.
AWS CLIv2
If needed, install awscli
v2 on your local environment by following the instructions from this link https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Create the IAM policies
These IAM policies contains all the permissions required to install/uninstall IDEA. This policy and be enabled/disabled at the user level if needed.
Policy to uninstall IDEA is optional. If needed you can terminate your cluster from the AWS console using your own IAM user. The uninstall policy is only needed if you are planning to automatize cluster creation/termination
To create a policy:
Navigate to the IAM console page: https://console.aws.amazon.com/iamv2/
Click "Policies" on the left sidebar
Click "Create Policy"
Select the JSON tab and copy/paste the content of https://github.com/awslabs/scale-out-computing-on-aws/blob/main/installer/SOCAInstallerIamPolicy.json. This file contains all the required permissions to install/uninstall IDEA.
Click "Next: Tags" and add optional tags as needed
Click "Next: Review", chose a name and a description
Click "Create Policy"
Repeat the steps3 to 7, but this time copy/paste the content of JSONUNINSTALL during step4
Create your IAM user or role
Should I configure an IAM user or role?
Use IAM user
Use IAM role if you have the permission to create and attach it.
Use IAM user if you do not have the permission to create/attach an IAM role
Create IAM User
IAM user must have the permissions required to install IDEA.
Navigate to the IAM console page: https://console.aws.amazon.com/iamv2/
Click "Users" on the left sidebar
Click "Add User"
Choose a username
Under AWS Access Type check "Access key - Programmatic access"
Click "Next: Add Permissions"
Click "Attach existing policies directly" button and choose the IAM policy you just created on the previous step
Click "Next: Add Tags". Add any optional tags as needed
Click "Next: Review"
Click "Create User"
You will be prompted with your AWS Access Key ID and AWS Secret Access Key. Save them in a secure location as we will need them later. In case you lost them, you can generate a new pair them via IAM User > Security Credentials
Click "Close"
Configure your local IAM user
Now you have created your IAM user, you must configure your local environment.
Before configuring it, you must have AWSCLIv2 installed. To install it, refer to this guide: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Once installed, runaws configure
command and follow the prompts. Make sure to use the access/secret key created previously. If you do not have access to them, login to IAM, choose your IAM user, navigate to Security Credentials command and re-generate a new access/secret security pair
Create IAM Role
Navigate to the IAM console page: https://console.aws.amazon.com/iamv2/
Click "Roles" on the left sidebar
Select "AWS Service" as Trusted Entity and "EC2" as Use Case
Select the "Permission Policies" you created previously
Review the "Role details" then click "Create Role"
Now your IAM role is created, go back to the EC2 console, select the EC2 instance you want to trigger the installation from and attach the newly created IAM role to it
Create the SSH Keypair
This SSH key will be used to connect to the IDEA hosts as admin user. Keep it secure!
To create your SSH key:
Navigate to the EC2 console page: https://console.aws.amazon.com/ec2/v2/. Make sure to select the AWS region you want to use.
Click "Key Pairs" on the left sidebar under "Network & Security" section
Click "Create Key pair"
Pick a name, select RSA format and download it either as
.pem
if you are using Unix or.ppk
via PuTTY on Windows. (note: you can always transform .pem to .ppk and vice-versa)Click "Create key pair"
This will download the private key on your local system. To be able to use the key, you must apply correct permissions by running chmod 600 /path/to/your_pem_key.
Last updated