Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc(self-managed): clarify quotas needed for AWS usage #4864

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
doc(self-managed): clarify quotas needed for AWS usage
leiicamundi committed Jan 16, 2025
commit 6ba6b72bc49d3126367abc2719e15fcbd292a4fe
4 changes: 4 additions & 0 deletions docs/self-managed/setup/deploy/amazon/amazon-eks/eksctl.md
Original file line number Diff line number Diff line change
@@ -50,6 +50,10 @@ This guide results in the following:
- [IAM Roles for Service Accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) (IRSA) configured and [Pod Identities](https://docs.aws.amazon.com/eks/latest/userguide/pod-identities.html).
- This simplifies the setup by not relying on explicit credentials, but instead allows creating a mapping between IAM roles and Kubernetes service accounts based on a trust relationship. A [blog post](https://aws.amazon.com/blogs/containers/diving-into-iam-roles-for-service-accounts/) by AWS visualizes this on a technical level.
- This allows a Kubernetes service account to temporarily impersonate an AWS IAM role to interact with AWS services like S3, RDS, or Route53 without supplying explicit credentials.
- [AWS Quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html)
- Ensure at least **3 Elastic IPs** (one per availability zone).
- Verify quotas for **VPCs, EC2 instances, and storage**.
- Request increases if needed via the AWS console ([guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)), costs are only for resources used.

This basic cluster setup is required to continue with the Helm set up as described in our [AWS Helm guide](./eks-helm.md).

Original file line number Diff line number Diff line change
@@ -30,6 +30,10 @@ If you are completely new to Terraform and the idea of IaC, read through the [Te
- This simplifies the setup by not relying on explicit credentials and instead creating a mapping between IAM roles and Kubernetes service account based on a trust relationship. A [blog post](https://aws.amazon.com/blogs/containers/diving-into-iam-roles-for-service-accounts/) by AWS visualizes this on a technical level.
- This allows a Kubernetes service account to temporarily impersonate an AWS IAM role to interact with AWS services like S3, RDS, or Route53 without having to supply explicit credentials.
- IRSA is recommended as an [EKS best practice](https://aws.github.io/aws-eks-best-practices/security/docs/iam/).
- [AWS Quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html)
- Ensure at least **3 Elastic IPs** (one per availability zone).
- Verify quotas for **VPCs, EC2 instances, and storage**.
- Request increases if needed via the AWS console ([guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)), costs are only for resources used.
- This guide uses GNU/Bash for all the shell commands listed.

### Considerations
4 changes: 4 additions & 0 deletions docs/self-managed/setup/deploy/openshift/redhat-openshift.md
Original file line number Diff line number Diff line change
@@ -49,6 +49,10 @@ Camunda 8 supports OpenShift versions in the Red Hat General Availability, Full
- [jq (1.7+)](https://jqlang.github.io/jq/download/) to interact with some variables.
- [GNU envsubst](https://www.gnu.org/software/gettext/manual/html_node/envsubst-Invocation.html) to generate manifests.
- [oc (version supported by your OpenShift)](https://docs.openshift.com/container-platform/4.17/cli_reference/openshift_cli/getting-started-cli.html) to interact with OpenShift.
- [AWS Quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html)
- Ensure at least **3 Elastic IPs** (one per availability zone).
- Verify quotas for **VPCs, EC2 instances, and storage**.
- Request increases if needed via the AWS console ([guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)), costs are only for resources used.
- A namespace to host the Camunda Platform, in this guide we will reference `camunda` as the target namespace.

## Deploy Camunda 8 via Helm charts
Original file line number Diff line number Diff line change
@@ -18,6 +18,10 @@ This guide provides a user-friendly approach for setting up and managing Amazon
- [kubectl (1.30+)](https://kubernetes.io/docs/tasks/tools/#kubectl), a CLI tool to interact with the cluster.
- [AWS CLI (2.17+)](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html), a CLI tool for creating AWS resources.
- [eksctl (0.193+)](https://eksctl.io/getting-started/), a CLI tool for creating and managing Amazon EKS clusters.
- [AWS Quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html)
- Ensure at least **3 Elastic IPs** (one per availability zone).
- Verify quotas for **VPCs, EC2 instances, and storage**.
- Request increases if needed via the AWS console ([guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)), costs are only for resources used.
- This guide uses GNU/Bash for all the shell commands listed.

### Considerations
Original file line number Diff line number Diff line change
@@ -32,6 +32,10 @@ If you are completely new to Terraform and the idea of IaC, read through the [Te
- This simplifies the setup by not relying on explicit credentials and instead creating a mapping between IAM roles and Kubernetes service account based on a trust relationship. A [blog post](https://aws.amazon.com/blogs/containers/diving-into-iam-roles-for-service-accounts/) by AWS visualizes this on a technical level.
- This allows a Kubernetes service account to temporarily impersonate an AWS IAM role to interact with AWS services like S3, RDS, or Route53 without having to supply explicit credentials.
- IRSA is recommended as an [EKS best practice](https://aws.github.io/aws-eks-best-practices/security/docs/iam/).
- [AWS Quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html)
- Ensure at least **3 Elastic IPs** (one per availability zone).
- Verify quotas for **VPCs, EC2 instances, and storage**.
- Request increases if needed via the AWS console ([guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)), costs are only for resources used.
- This guide uses GNU/Bash for all the shell commands listed.

### Considerations
Original file line number Diff line number Diff line change
@@ -30,6 +30,10 @@ If you are completely new to Terraform and the idea of IaC, read through the [Te
- [kubectl (1.30+)](https://kubernetes.io/docs/tasks/tools/#kubectl) to interact with the cluster.
- [ROSA CLI](https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/getting_started/rosa-quickstart-guide-ui#rosa-getting-started-environment-setup_rosa-quickstart-guide-ui) to interact with the cluster.
- [jq (1.7+)](https://jqlang.github.io/jq/download/) to interact with some Terraform variables.
- [AWS Quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html)
- Ensure at least **3 Elastic IPs** (one per availability zone).
- Verify quotas for **VPCs, EC2 instances, and storage**.
- Request increases if needed via the AWS console ([guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-resource-limits.html)), costs are only for resources used.
- This guide uses GNU/Bash for all the shell commands listed.

### Considerations