Preparing to Install the InfinStor Service¶
- Preparing to Install the InfinStor Service
- Required Permissions
- DNS Domain and Certificate considerations
- Locating the the Hosted Zone ID in AWS Route 53
- Manual creation of DNS entries
Admin Permissions, DNS Domain considerations and Certificate creation are some of details that are discussed here.
Required Permissions¶
You need to create this infinstor root stack as an administrator with the following permissions:
- Create a domain, or have permissions to add entries to an existing domain hosted in Route 53
- Permission to create certificates for the above DNS entries, or alternatively have access to a wildcard certificate
- Permission to create Serverless Applications
- Permission to create dynamodb tables
- Permission to create ec2 instances for the mlflow projects functionality
DNS Domain and Certificate considerations¶
The following subdomains are needed for the operation of Infinstor Service. For example, if the service is being installed at infinstor.yourcompany.com, then the following domains need to be setup.
- api.infinstor.yourcompany.com
- mlflow.infinstor.yourcompany.com
- mlflowui.infinstor.yourcompany.com
- mlflowstatic.infinstor.yourcompany.com
- service.infinstor.yourcompany.com
During installation of Infinstor Service, these domains can be created automatically or manually.
In addition, when certificates are automatically created during installation of Infinstor Service or when they are imported into AWS Certificate Manager, DNS entries need to be created under the above domain to prove ownership of the domain. For details, see Easier Certificate Validation Using DNS with AWS Certificate Manager | AWS Security Blog (amazon.com)
Following are the possible installation scenarios. These are described in detail here: Install Root Stack
| DNS | Certificate | Behavior | |
|---|---|---|---|
| #1 | Domain is hosted in Route 53 and AWS user has permissions to create DNS entries | User wants certificates to be auto created in the AWS account by Infinstor CloudFormation Template (CFT) | Infinstor CFT will auto create above subdomains under the domain specified using the Hosted Zone ID; Infinstor CFT will auto create the needed certificates in AWS Certificate Manager (ACM) |
| #2 | Domain is hosted in Route 53 and AWS user has permissions to create DNS entries | User has a wild card certificate for the domain and has imported it into AWS Certificate Manager | Infinstor CFT will auto create above subdomains under the domain specified using the Hosted Zone ID; User supplies the ARN for a wild card certificate for the domain where Infinstor Service is being installed |
| #3 | Domain is not hosted in Route 53 or AWS user does not have permissions to create DNS entries | User wants certificates to be auto created in the AWS account by Infinstor CloudFormation Template (CFT) | User manually creates DNS entries (for the above subdomains and for certificate's domain verification) using the steps listed below; Infinstor CFT auto creates the needed certificates in AWS Certificate Manager (ACM) |
| #4 | Domain is not hosted in Route 53 or AWS user does not have permissions to create DNS entries | User has a wild card certificate for the domain and has imported it into AWS Certificate Manager | User manually creates DNS entries (for the above subdomains and for certificate's domain verification) using the steps listed below; User supplies the ARN for a wild card certificate for the domain where Infinstor Service is being installed |
Locating the the Hosted Zone ID in AWS Route 53¶
Shown below is a screen shot showing the Hosted Zone ID for a domain name hosted in AWS Route 53
Manual creation of DNS entries¶
After the installation of this Infinstor CFT, for scenarios #3 and #4 described above, the administrator will need to manually create DNS entries as described below. To do this, after installation of the CloudFormation Template (CFT) completes, follow the steps below to manually create these subdomains using your DNS management tool.
- api.infinstor.yourcompany.com
- Create a CNAME entry that points
infinstor:ApiDnsNametoinfinstor:ApiARecord. This export is from the substackinfinstor-dashboard-<something>. For example,- if the stack export
infinstor:ApiDnsNameis set toapi - and the stack export
infinstor:ApiARecordis set tod-blahblah.execute-api.us-east-1.amazonaws.com, - and if the domain is
isstage8.com, - then create a CNAME record that directs
api.isstage8.comtod-blahblah.execute-api.us-east-1.amazonaws.com
- if the stack export
- Create a CNAME entry that points
- service.infinstor.yourcompany.com
- Create a CNAME entry that points
infinstor:ServiceDnsNametoinfinstor:ServiceARecord. This export is from the substackinfinstor-staticfiles-<something>
- Create a CNAME entry that points
- mlflow.infinstor.yourcompany.com
- Create a CNAME entry that points to the CloudFormation export name
infinstor:MlflowRestApiDnsNametoinfinstor:MlflowRestApiARecord. This export is from the substackinfinstor-mlflow-<something>
- Create a CNAME entry that points to the CloudFormation export name
- mlflowstatic.infinstor.yourcompany.com
- Create a CNAME entry that points to the CloudFormation export name
infinstor:MlflowStaticDnsNametoinfinstor:MlflowStaticARecord. This export is from the substackinfinstor-staticfiles-<something>
- Create a CNAME entry that points to the CloudFormation export name
- mlflowui.infinstor.yourcompany.com
- Create a CNAME entry that points to the CloudFormation export name
infinstor:MlflowUiDnsNametoinfinstor:MlflowUiARecord. This export is from the substackinfinstor-staticfiles-<something>
- Create a CNAME entry that points to the CloudFormation export name