The following document outlines the requirements for a self-hosted AWS install of the BluBracket Enterprise Server.
The deployment will be done via Amazon Web Services CloudFormation template. BluBracket Support team will provide:
The template URL
List of resources required:
BluBracket customer will need to ensure that following requirements are met during and post deployment phase:
A user account with role that has permissions to:
Assign tags to subnets
Create roles. Note that BluBracket supports attaching permission boundaries. The ARN for desired permission boundary can be supplied via CloudFormation wizard.
Register CloudFormation resource types
1 VPC with 2 private and 2 public subnets split between 2 AZs
Available IPs per subnet - 64
1 VPC with 3 private and 3 public subnets split between 3 AZs
Available IPs per subnet - 128
Selected subnets must have outbound internet access to reach index.docker.io on TCP 443.
Selected subnet must have outbound access to AWS S3
Once the CloudFormation template is deployed, following primary resources will be created:
1 Load balancer (type = application)
1 EKS Cluster with 3 t3.2xlarge EC2 instances
1 m5.large RDS instance
1 t2.micro EC2 instance
Refer to BluBracket CloudFormation Resources BOM for the detailed list of all resources and related attributes.
The BluBracket Enterprise Server should have the following ports and URL’s whitelisted
TCP 443 from <github enterprise server URL> ingress via load balancer
TCP 22 (SSH) from <desired subnets> ingress via VPC routes
TCP 80/443 (BluBracket) from <desired subnets> via VPC routes
TCP 443 to index.docker.io from private subnets chosen during deployment
TCP 443 to <github enterprise server URL> from private and public subnets chosen during deployment
The GitHub Enterprise Server should have the following ports open
TCP 443 from <blubracket enterprise server URL>
TCP 443 to <blubracket enterprise server URL>
BluBracket CloudFormation template uses few lambda functions that rely on Security Token Service (aka STS). For this, lambda function will use regional endpoints to ensure reduced latency.
Please make sure to verify that region in which BluBracket deployment is desired have STS endpoints activated. This can be verified/configured by navigating to IAM settings in the desired AWS account.