Checklist: Creating an AWS Deployment

The complete process of deploying on AWS includes the following steps, which should be performed in the listed order. Each of these steps is explained in the following sections.

 

Task

See...

Ensure that your AWS environment is ready for deployment

Understanding the Prerequisites for an AWS Deployment

Create and configure the AWS Virtual Private Cloud Create the Virtual Private Cloud
Create two security groups, one for the bastion host and one for intra-VPC connectivity Creating Security Groups
Create the IAM role for Elastic Kubernetes Service (EKS) Creating the IAM Roles in AWS
Prepare the bastion host, which you will use for access to the AWS deployment environment Creating and Configuring the Bastion

 

 

Task

See...

Ensure that your AWS environment is ready for deployment

Understanding the Prerequisites for an AWS Deployment

Prepare your AWS Deployment environment

Create and configure the AWS Virtual Private Cloud, including security groups and IAM roles  
Create two security groups, one for the bastion host and one for intra-VPC connectivity  
Create the IAM role for Elastic Kubernetes Service (EKS)  
   
Ensure that you have the latest installation files Downloading Installation Tools and Packages
Prepare the Elastic File System (EFS) instance used for the AWS deployment environment Creating the Elastic File System
Set up your EKS cluster Configuring the Elastic Kubernetes Service
Create and label the worker nodes, where application processing takes place Creating and Configuring Worker Nodes
Configure a public hosted zone for the OMT structure Configuring Route 53

Transfer the product images to the Elastic Container Registry (ECR)

Uploading Product Images to the ECR

(Conditional) If you plan to deploy Intelligence or Recon, install the ArcSight Database in AWS

Installing the Database in AWS

(Conditional) If you plan to deploy Intelligence, configure settings for Elasticsearch in AWS

(Conditional – Intelligence) Configuring Settings for Elasticsearch in AWS

Install ArcSight capabilities

    Install basic pods onto the Kubernetes cluster to bootstrap the OMT infrastructure Bootstrapping OMT
    Ensure that you have secure, trusted communication between pods within the Kubernetes cluster and components outside of the cluster Securing External Communication with the RE Certificate
    To create the Application Load Balancer (ALB), import your certificate or a CA-signed certificate into Amazon Certificate Manager Creating and Validating the Route 53 Certificate
    Configure an ALB to serve as the single point of contact for clients Configuring the Application Load Balancer (ALB)
    Create and label the worker nodes, where application processing takes place Labeling Cloud (AWS) Worker Nodes
    Deploy capabilities Installing ArcSight in AWS

Configure the Load Balancer to serve as the single point of contact for clients

    Configure access to the OMT management portal and to reconfiguration Performing Post Installation Network Configuration

Post deployment configurations

Configure the database and Kafka Scheduler Completing the Database and Kafka Scheduler Setups - AWS

Enable the ArcSight products application (pod) logs in AWS, including FluentD for logging the cluster functionality (Cloudwatch)

Enabling Pod Logs in AWS

Performing Post-deployment Configuration

Post-deployment Configuration

Integrating the Platform Into Your Environment

Integrating the Platform Into Your Environment