Preparing to Installing the InfinStor Service

Admin Permissions, DNS Domain considerations and Certificate creation are some of details that are discussed here.

Required Permissions

You need to create this infinstor root stack as an administrator with the following permissions:

  • Create a domain, or have permissions to add entries to an existing domain hosted in Route 53
  • Permission to create certificates for the above DNS entries, or alternatively have access to a wildcard certificate
  • Permission to create Serverless Applications
  • Permission to create dynamodb tables
  • Permission to create ec2 instances for the mlflow projects functionality

DNS Domain considerations

DNS is necessary for two purposes:

  • Prove ownership of domain while creating certificates
  • Create DNS entries for the newly created InfinStor services

There are two options with regard to DNS.

  • Option 1: The (sub)domain is hosted in Route 53 in the same AWS account where the InfinStor service is being installed, and the admin installing the InfinStor service has permissions to add and delete DNS entries in this (sub)domain
  • Option 2: The (sub)domain is hosted in another AWS account or the admin installing the InfinStor service does not have permissions to create/delete DNS entries. In this case the admin installing the InfinStor service must have a wildcard DNS certificate that covers the subdomain. For example, if the service is being installed in the subdomain isstage8.com, then a wildcard certificate for *.isstage8.com will be necessary. The InfinStor CFTs will use it for services such as mlflow.isstage8.com, mlflowui.isstage8.com, etc.

DNS Option 1: Subdomain is hosted in Route 53 and InfinStor is going to automatically create entries

Create a new domain or note down zone id of existing domain in AWS Route 53. In the following example, isstage8.com is the domain. Note the Hosted zone ID, as shown below.

The InfinStor stack will create DNS entries. For example, if the domain is isstage8.com, DNS entries are created for service.isstage8.com, mlflow.isstage8.com, mlflowui.isstage8.com, mlflowstatic.isstage8.and, api.isstage8.com, etc.

DNS Option 2: The admin installing InfinStor has a wildcard certificate for the subdomain, and will create the DNS entries by other means

The wildcard certifcate ARN is provided as a parameter to the InfinStor root stack as shown below.

The admin will also need to create DNS entries as described below

  • Create a CNAME entry that points to the CloudFormation export name infinstor:ApiDnsName to infinstor:ApiARecord. For example, if the stack export infinstor:ApiDnsName is set to api and the stack export infinstor:ApiARecord is set to d-blahblah.execute-api.us-east-1.amazonaws.com, and if the domain is isstage8.com, then create a CNAME record that directs api.isstage8.com to d-blahblah.execute-api.us-east-1.amazonaws.com
  • Create a CNAME entry that points to the CloudFormation export name infinstor:ServiceDnsName to infinstor:ServiceARecord
  • Create a CNAME entry that points to the CloudFormation export name infinstor:MlflowRestApiDnsName to infinstor:MlflowRestApiARecord
  • Create a CNAME entry that points to the CloudFormation export name infinstor:MlflowStaticDnsName to infinstor:MlflowStaticARecord
  • Create a CNAME entry that points to the CloudFormation export name infinstor:MlflowUiDnsName to infinstor:MlflowUiARecord