Skip to content

AWS - Amazon Web Services#

This guide will walk you through the steps to configure the necessary resources to have an AWS infrastructure ready to host Critical Manufacturing MES. The configuration includes several components needed to run the MES, such as a Kubernetes cluster, database optionally running on AWS, shared storage solutions, network configurations for secure and reliable communication, and load balancers for traffic management.

The following architecture diagram shows how the Critical Manufacturing MES can be deployed on AWS cloud infrastructure, including, among others, the kubernetes cluster for the application servers, SQL Server database, and external services such as Rabbit MQ and ClickHouse.

Infrastructure architecture and components

Time Estimate#

This guide includes the creation of several infrastructure resources and may take up to an hour to complete.

Preconditions#

Required Skills and Knowledge#

It is assumed the user has basic knowledge of some AWS services, such as:

  1. AWS Services: Understanding of Amazon Web Services (AWS), specifically VPC and networking, EKS, EC2, IAM, and Route 53.
  2. Kubernetes: Familiarity with Kubernetes concepts such as clusters, nodes, pods, and services.
  3. EKS: Experience with Amazon EKS and the deployment of Kubernetes clusters on AWS.
  4. Command Line Interface: Ability to work with AWS CLI and eksctl for infrastructure management.
  5. IAM Roles and Policies: Knowledge of AWS IAM, including the creation of policies and roles for managing service accounts and permissions.
  6. Storage Classes: Familiarity with Amazon EFS, S3, and Storage Gateways, and their integration with Kubernetes.

Billable AWS Services#

When deploying an EKS-based environment on AWS, there are several AWS services that will incur costs. Below is a list of the billable services and an indication of whether each is mandatory or optional for the deployment.

Service Mandatory Description Pricing
Amazon VPC (Virtual Private Cloud) ✅ Required to create the network environment. There are costs for NAT gateways, VPC endpoints, Load Balancers, and data transfer. https://aws.amazon.com/vpc/pricing/ ⧉
Amazon EKS (Elastic Kubernetes Service) ✅ Required for running Kubernetes clusters. Costs include control plane fees and per-node pricing. https://aws.amazon.com/eks/pricing/ ⧉
Amazon EC2 (Elastic Compute Cloud) ✅ Required for provisioning worker nodes. EC2 instance costs are based on the instance type, and pricing is pay-per-hour or reserved. https://aws.amazon.com/ec2/pricing/ ⧉
Amazon EFS (Elastic File System) (at least one of the storage solutions is required) Used for shared storage across the cluster. If persistent storage is needed, EFS may be necessary. https://aws.amazon.com/efs/pricing/ ⧉
Amazon S3 (Simple Storage Service) (at least one of the storage solutions is required) Used for object storage. Costs include storage fees and data retrieval. https://aws.amazon.com/s3/pricing/ ⧉
AWS Storage Gateway (S3 File Storage Gateway) (at least one of the storage solutions is required) Depending on the chosen Volume Types, it may needed to create a Storage Gateway to share data in Amazon S3 and access it locally via file gateways. https://aws.amazon.com/storagegateway/pricing/ ⧉
Amazon Route 53 If domain name resolution and custom DNS are required for your deployment, Route 53 will be used for managing DNS. https://aws.amazon.com/route53/pricing/ ⧉

AWS Regions Support#

Critical Manufacturing MES does not impose any AWS Region restriction by itself. For details on regional support for each required AWS service, please consult https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/ ⧉.

AWS Service Limits#

When deploying to Amazon EKS, you might encounter AWS service limits. These limits, also known as AWS Service Quotas ⧉, include constraints on the number of EC2 instances, EBS volumes, NAT gateways, and other resources that can be provisioned within an AWS account.

Before starting a deployment, it is recommended to check your current service limits to avoid interruptions during cluster creation and management. To view your limits:

  1. Go to the Service Quotas Dashboard ⧉.
  2. In the AWS Management Console, you can view your limits for different services such as EC2, VPC, and EKS.
  3. If any limit is too low, submit a request to increase the limit by clicking Request quota increase.

Secrets Management#

Critical Manufacturing does not require any specific service for managing secrets, as all the sensitive data is stored as Kubernetes Secrets. For more details, check https://portal.criticalmanufacturing.com/Help/devops-center/deployment-targets/kubernetes-section/kubernetes_sensitive_data/ ⧉.

Publicly Available Components#

Which components and services need to be publicly available to outside of the AWS infrastructure depends on your specific configuration and requirements. In a deployment following the suggested architecture, where all the components are deployed and running in the AWS Cloud, the only resource that needs to be publicly exposed and available to ingress traffic is the Load Balancer / DNS managing service.

Required Software#

It is possible to create the cluster in three different ways:

In this guide, we will use eksctl, version 0.114.0, and AWS CLI, so these tools must be installed. More information on how to install this command can be found here ⧉.

Requirements#

If the cluster will be used to deploy a Critical Manufacturing MES installation, the requirements must be taking into account. You can check the MES requirements in the Application Layer - Container Stack page.

Configuration Sections#

The following sections will cover:

Each section will focus on the key configurations and requirements to ensure the MES system operates efficiently on AWS infrastructure.