AWS
This page describes the infrastructure and other prerequisites for deploying Seqera Platform Enterprise on Amazon Web Services (AWS).
Run the Seqera container with Docker on an AWS EC2 instance, or with Kubernetes on an Amazon EKS cluster. You must satisfy the requirements for your installation target:
-
SMTP server: If you don't have an email server, use Amazon Simple Email Service.
noteAmazon blocks EC2 traffic over port 25 by default. Your integration must use a port that can successfully reach your SMTP server.
-
MySQL database: An external database, such as one provided by Amazon Relational Database Service, is highly recommended for production deployments.
-
Redis-compatible cache: An external Redis-compatible cache, such as one provided by Amazon ElastiCache, is highly recommended for production deployments.
-
(Optional) SSL certificate: HTTP must not be used in production environments. An SSL certificate is required for your Seqera instance to handle HTTPS traffic. See SSL/TLS configuration for more information.
noteHTTP-only implementations must set the
TOWER_ENABLE_UNSAFE_MODE=true
environment variable in the Seqera hosting infrastructure to enable user login. HTTP must not be used in production environments. -
(Optional) AWS Parameter Store: Store sensitive Seqera configuration values as SecureString AWS Parameter Store parameters. See AWS Parameter Store configuration for instructions. This is recommended for production environments.
-
(Optional) DNS: DNS is required to support human-readable domain names and load-balanced traffic. If you don't have access to a pre-existing DNS service, use Amazon Route 53.
Prerequisites for Docker
An EC2 instance is required. See Amazon EC2 for instructions to provision an EC2 instance for this purpose.
Prerequisites for EKS
If you're installing Seqera Enterprise with Kubernetes, an Elastic Kubernetes Service (EKS) cluster is required. See the EKS documentation to provision your own cluster.
EKS cluster requirements
-
Kubernetes 1.19 or later
-
Subnet requirements
- At least 2 subnets across two different Availability Zones
- Subnets must be tagged for AWS Load Balancer Controller auto-discovery
- Public subnets must be configured to auto-assign IPs on launch
- Public and private subnets must allow egress traffic to the public internet
-
RBAC requirements
- The cluster must be created by a non-root user
aws-auth
must be updated to allow access to additional IAM users/roles (if needed)
-
Addons
- Install the cert-manager
- Install the AWS Load Balancer Controller
-
Ingress
- ALB provisioning via the AWS Load Balancer Controller
- ALB integration with the Amazon Certificate Manager
Additionally, the ingress assumes the presence of SSL certificates, DNS resolution, and ALB logging. If you've chosen not to use some or all of these features, you'll need to modify the manifest accordingly before applying it to the cluster.
AWS setup
Set up commonly-used AWS services for Seqera deployment.
Fetch Seqera config values from AWS Parameter Store
From version 23.1, you can retrieve Seqera Enterprise configuration values remotely from the AWS Parameter Store. See AWS Parameter Store configuration for instructions.