AWS Account Prerequisites ​

Before attempting to install a Yellowbrick stack, make sure you have an AWS account with the correct set of privileges. You may also want to configure a profile that defines access to your AWS environment. The Yellowbrick software deployment requires a moderate level of AWS services. If you are new to AWS or unfamiliar with the work flows, see AWS Partner Solutions General Information Guide and AWS Training and Certification. These sites provide materials for learning how to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

For AWS connections, you can log in directly through a browser (Management Console) or via the command line (aws-cli). Your account does not have to be set up for single sign-on (SSO); SSO is optional. You can also log in as an IAM user with valid credentials.

Dedicated Yellowbrick User ​

The Yellowbrick installer is based on AWS CloudFormation. The CloudFormation template will create cloud infrastructure in addition to installing the Yellowbrick software. The installer will need an AWS account to perform these actions.

By default AWS follows the principle of least-privilege permissions for all access granted as part of the deployment, which means to grant only the permissions required to perform a task. Only an IAM administrator can create IAM policies that grant users and roles permissions. It is recommended that you use an IAM Roles for Service Accounts (IRSA) account, dedicated to Yellowbrick. If the Adminstrator acess is not available, please contact Yellowbrick support for the non-Adminstrator install role definition and usage.

To use a least-privilege IAM role for installation, the following generic rights will be needed:

• S3 bucket Read and Write access
• Create CloudFormation privileges
• Create EKS Read and Write access
• Route 53 Read and Write access
• Create a new VPC (not required if you are providing the VPC)
• AWSAdministratorAccess privileges

AWS advises not using an AWS root account because it is not required for installation or operations. Instead, Yellowbrick will create each IAM role and IAM policy for the installation. For more information, see Policies and permissions in IAM.

Region and Preferred Availability Zone ​

Note that setup of your AWS account determines the region and preferred availability zone (AZ) in which you will install the Yellowbrick stack. You may want to check with your AWS enterprise support representative ahead of time for insight about hardware availability in specific zones. Currently, Yellowbrick Cloud Data Warehouse installs into one region with multiple AZs. The installer offers a choice of regions and zones.

You will be asked to provide your AWS account ID and preferred AZ to the Yellowbrick support team who will guide you through the installation process.

aws-cli ​

Optionally, you may want to have a current version of the aws-cli tool available on the client system that you can use to do certain administration tasks. aws-cli is the AWS Command Line Interface, a tool for managing various AWS services.

Check that the CLI is installed:

% which aws
/usr/local/bin/aws
~ % aws --version
aws-cli/2.7.14 Python/3.9.11 Darwin/21.5.0 exe/x86_64 prompt/off

You can check your current AWS configuration as follows:

% cat /Users/brumsby/.aws/config
[profile ct-sandbox-***-***-******]
region = us-east-1
sso_start_url = https://**********.awsapps.com/start
sso_region = us-west-2
sso_account_id = **************
sso_role_name = AWSAdministratorAccess

You can set the AWS PROFILE environment variable to point to that AWS account:

% export AWS_PROFILE=ct-sandbox-doc-bob-rumsby
% env | grep AWS
AWS_PROFILE=ct-sandbox-doc-bob-rumsby

You do not need to specify the profile in aws commands when the PROFILE variable is set. (Also, you do not need to set any other AWS environment variables.)

As a simple test that your account is working as expected and you can access S3 buckets, you can run an aws s3 ls command:

% aws s3 ls 
2021-03-17 15:57:38 bobr-bucket1
...

Parent topic:Preparing for a New Installation