Skip to main content
Version: 24.2

AWS

This page describes the infrastructure and other prerequisites for deploying Seqera Platform Enterprise on Amazon Web Services (AWS).

Run the Seqera container with Docker on an AWS EC2 instance, or with Kubernetes on an Amazon EKS cluster. You must satisfy the requirements for your installation target:

  • SMTP server: If you don't have an email server, use Amazon Simple Email Service.

    Amazon blocks EC2 traffic over port 25 by default. Your integration must use a port that can successfully reach your SMTP server.

  • MySQL database: An external database, such as one provided by Amazon Relational Database Service, is highly recommended for production deployments.

  • (Optional) SSL certificate: HTTP must not be used in production environments. An SSL certificate is required for your Seqera instance to handle HTTPS traffic. See SSL/TLS configuration for more information.

    HTTP-only implementations must set the TOWER_ENABLE_UNSAFE_MODE=true environment variable in the Seqera hosting infrastructure to enable user login. HTTP must not be used in production environments.

  • (Optional) AWS Parameter Store: Store sensitive Seqera configuration values as SecureString AWS Parameter Store parameters. See AWS Parameter Store configuration for instructions. This is recommended for production environments.

  • (Optional) DNS: DNS is required to support human-readable domain names and load-balanced traffic. If you don't have access to a pre-existing DNS service, use Amazon Route 53.

Prerequisites for Docker

An EC2 instance is required. See Amazon EC2 for instructions to provision an EC2 instance for this purpose.

Prerequisites for EKS

If you're installing Seqera Enterprise with Kubernetes, an Elastic Kubernetes Service (EKS) cluster is required. See the EKS documentation to provision your own cluster.

EKS cluster requirements

AWS setup

Set up commonly-used AWS services for Seqera deployment.

Fetch Seqera config values from AWS Parameter Store

From version 23.1, you can retrieve Seqera Enterprise configuration values remotely from the AWS Parameter Store. See AWS Parameter Store configuration for instructions.

Amazon SES

Seqera Enterprise supports AWS Simple Email Service (SES) as an alternative to traditional SMTP servers for sending application emails.

If you use AWS SES in sandbox mode, both the sender and the receiver email addresses must be verified via AWS SES. Sandbox is not recommended for production use. See the AWS docs for instructions to move out of the sandbox.

Amazon RDS

External databases for Seqera Enterprise deployments require:

  • A MySQL8 Community DB instance
  • At least 2 vCPUs, 8 GB memory, and 30 GB SSD storage
  • Manual MySQL user and database schema creation. See Database configuration for more details.

Recommended instance class and storage requirements depend on the number of parallel pipelines you expect to run.

See Creating an Amazon RDS DB instance to guide you through the external database setup for your production deployment.

After your database is created:

  • Update the inbound rules for the underlying EC2 instance to allow MySQL connections.
  • Update your Seqera configuration with the database hostname, username, and password.

Amazon EC2

See Getting started with Amazon EC2 for instructions to create your EC2 instance.

Create an instance with these attributes:

  • Amazon Machine Image (AMI): Amazon Linux 2023 Optimized
  • Instance type: c5a.xlarge or c5.large with 4 CPUs and 8 GB RAM
  • Root storage: 30 GB
  • Tags: It is helpful to use a descriptive Name value for your instance, such as seqera-app-server.
  • Security Group name: Seqera deployment manifests provided in this installation guide use tower-sg by default. If you choose to use a custom name, this must be updated consistently across your deployment files.
  • Keypair: It is security best practice to use a new keypair for your production deployment instance.

After your instance is launched:

  1. Use the key pair to connect to the server with SSH and its public IP address. Terminal-based SSH is easier to use than browser-based SSH for copying and pasting text.

  2. Install Docker.

  3. Install Docker Compose.

  4. Confirm that Docker Compose is installed:

    docker compose version

Seqera container images

Seqera Platform Enterprise is distributed as a collection of Docker containers available through the Seqera container registry (cr.seqera.io). Contact support to get your container access credentials. Once you've received your credentials, retrieve the Seqera container images on your EC2 instance:

  1. Retrieve the username and password you received from Seqera support.

  2. Authenticate to the registry:

    docker login -u 'username' -p 'password' cr.seqera.io
  3. Pull the Seqera container images:

    docker pull cr.seqera.io/private/nf-tower-enterprise/backend:v24.1.7

    docker pull cr.seqera.io/private/nf-tower-enterprise/frontend:v24.1.7

Next steps

See Configuration.