# System Requirements To help organize the information, we've broken down requirements into four categories: - **Tools** (utilities we use for deploying or maintaining the cluster) - **Resources** (consumable, measurable artifacts like S3 buckets) - **Permissions** (access needed to perform deployment/maintenance actions) - **Information** (values we must know when deploying or maintaining the cluster, often involve making configuration decisions) The lists below are meant to provide a working understanding of what is needed for deployment; however, we will work with your team to tailor a more comprehensive list beforehand based on your infrastructure needs. ## Tools - Terraform v1.0.2 or above ([install](https://learn.hashicorp.com/tutorials/terraform/install-cli)) - Helm 3.6.1 or above ([install](https://helm.sh/docs/intro/install/)) - AWS CLI 2.2.29 or above ([install](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)) - Setup your AWS config & credentials. - Test that awscli works e.g. by trying to list your S3 buckets: ```bash aws s3api list-buckets ``` - Kubernetes CLI 1.20 or above ([install](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html)) ## Resources Note that these are approximations, and actual resource requirements may vary based on your use case(s). - VPC x 1 - Private Subnet x 2 (recommended at least 50 IP addresses per subnet) - Public Subnet x 2 (recommended at least 10 IP addresses per subnet) - S3 bucket x 3 (can add more as needed) - EC2 instances x 6* (recommended with auto-scaling for up to at least 20 instances) - 5 for **control plane** services - recommended at least 16 GiB RAM (such as the `t3.xlarge` template) in an Autoscaling Group (5 minimum, 5 desired, 10 maximum) - 1 for **data plane** services - recommended at least 32 GiB RAM (such as the `t3.2xlarge` template) in an Autoscaling Group (1 minimum, 1 desired, 10 maximum) - 1 Network Load Balancer* - (NOTE: this is auto-provisioned by the Ingress LoadBalancer service) - 1 SSL Certificate - 1 Domain ## Permissions NOTE: Robust Intelligence will provide you with an updated list of specific IAM resources before deployment. - Administrator IAM Role - for creating and destroying resources for the cluster - Model Testing Service-Linked IAM Role - for the cluster to read models and data - Cluster Autoscaler IAM Role (Optional) - for EKS to automatically scale up the cluster - External DNS IAM Role (Optional) - for modifying DNS records in Route 53 - Elastic Load Balancer Service-Linked IAM Role (Optional) - for managing Network Load Balancers - Blob Storage Service-Linked IAM Role (Optional) - for the cluster to read/write models and data to/from a dedicated S3 bucket - ECR Image Builder Service-Linked IAM Role (Optional) - for the cluster to build custom Docker images for containerizing model dependenceies - ECR Repo Manager Service-Linked IAM Role (Optional) - for the cluster to push custom Docker images for containerizing model dependenceies ## Information - Desired AWS region(s) - Desired custom integrations (we will help you decide) - Designated cluster administrator email - Data Science team emails (to create their accounts) - OIDC Configuration Values (Optional) - Client ID - Client Secret - Issuer URL - Callback URL - SMTP Configuration Values (Optional) - Server URL and port - Sender address - Sender address secret - Receiver address(es)