Private VPC
This article walks through what it means to deploy Upsolver to your own VPC and how to do so.
Last updated
Was this helpful?
This article walks through what it means to deploy Upsolver to your own VPC and how to do so.
Last updated
Was this helpful?
You can deploy your cluster and API servers to your own VPC in AWS.
Private VPC mode gives you full security control over the data that Upsolver handles and ensures the data being processed never leaves your AWS account. Upsolver's global API server will not have access to your data in this deployment mode; therefore, this mode requires running an API server in the VPC.
If you prefer Upsolver to manage and host your servers, you can use instead.
In order to integrate your Upsolver account with AWS, you must have an AWS user with permissions to:
Run CloudFormation scripts
Create and manage user roles
Create and manage S3 buckets
Create VPCs and related resources (ACLs, Subnets, ...)
You must integrate Upsolver into your AWS account to provide read and write access to the data to be processed.
The following resources are created when you integrate with AWS using the My VPC option:
This role is used by your EC2 servers during start up and it also provides data access.
1. Log in to your Upsolver account. You will be prompted to integrate your account with AWS.
2. Within the message displayed, click click here.
3. Decide whether or not to grant Upsolver permission to:
This will allow for the creation and management of Athena tables for Athena outputs created in Upsolver.
4. Check Create a Dedicated Upsolver User. This option must be selected.
5. Check Create a Dedicated Upsolver Bucket to create a new bucket in your account. This will be the default bucket that intermediate files and Upsolver outputs are written to.
6. Select the cluster deployment method. To use your own VPC in your AWS account, select My VPC, My VPC with Spotinst Account, or My Existing VPC.
7. Under VPC CIDR, enter in the range of IPv4 addresses for your VPC in CIDR block format. Leave the default range if you don't need to peer the VPC.
8. In the Ingress Traffic CIDR List field, enter a comma-separated list of CIDR ranges from which the local API server will be accessible.
9. Check Allow Upsolver Access to add Upsolver's office IP address to the ingress permissions for the VPC. This will allow Upsolver to easily assist you with any issues or questions.
10. If you selected My VPC with My Spotinst Account as your cluster deployment type, fill in your AWS Spotinst token and account ID.
11. If you selected My Existing VPC as your cluster deployment type, configure the following options:
Enter in the ID of the VPC you wish to use.
12. Select the region where you want to run the integration to create a VPC for Upsolver servers to run in your account.
13. Click Continue.
14. Click Launch Integration; you will be directed to a CloudFormation stack page to create the necessary resources.
15. At the bottom of the page, check the I acknowledge statement and then click Create stack.
16. Wait for the stack creation status to change from CREATE_IN_PROGRESS to CREATE_COMPLETE.
17. Return to the Upsolver tab and wait for the integration window to indicate that the integration is complete (The Relaunch Integration button will change to Done).
18. Click Done.
You can now work in Upsolver.
See: for a detailed description of the permissions given to the roles.
