This is a project to create a research engineering studio in AWS within CRUK constraints. As we are operating within a shared VPC, some adjustements (aka hacks) are required for both the codebase and the installation instructions.
Secrets, as secrets can't be stored as part of the codebase, we would need to manually create the following secrets in the AWS Secrets Manager
- Create
res-ad-service-act-passwordsecret in Secret Manager and add the following tagsres:EnvironmentName= res-prodres:ModuleName= cluster-manager
- Create RSA Key called
RES-RSA-KEYand store in Secret Manager
RES requires a private hosted zone to be created in Route53. This is not possible in a shared VPC without additional steps.
- create a
temporary VPCin the account where you are planning to install RES and retreive the VPC ID - create a private hosted zone named
<stack-name>.<region>.rese.g.res-int.eu-west-2.resand associate it with thetemporary VPCand retrieve the hosted zone ID - Authenticate your AWS CLI with the credentials of the account where you are planning to install RES
- Create an association authorization to the
shared VPCfrom the CLI
aws route53 create-vpc-association-authorization --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id> --region eu-west-1- Authenticate your AWS CLI with the Networking account credentials
- Associate the hosted zone with the
shared VPC
aws route53 associate-vpc-with-hosted-zone --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id> --region eu-west-1- Authenticate again with the credentials of the account where you are planning to install RES
- Delete the association authorization as it is not needed anymore
aws route53 delete-vpc-association-authorization --hosted-zone-id <hosted-zone-id> --vpc VPCRegion=<region>,VPCId=<vpc-id> --region eu-west-1- Log into route53 console and edit the hosted zone to remove the association with the
temporary VPC - Delete the temporary VPC
RES installation is done through containers. However, the codebase that is shipped with RES 2024.08 does attempt to create a private hosted zone and attempst to create other VPC resources that are not allowed in a shared VPC. To work around this, we need to make some changes to the codebase. cruk/Container folder has some adjusted files along with a Dockerfile to correctly inject these files into the container. we would need to build and use the modified containers as part of the installation process.
- log into the AWS account where you are planning to install RES
- In AWS ECR Create a repository named
research-engineering-studio-edited - While you are logged into the account from the CLI, use the included script to build the container and push it to ECR
cd cruk/Container
./build-image.shcruk/ResDeploy is a CDK project that deploys the standard prerequisites and set CRUK configuration
cd cruk/ResDeploy
cdk deploy res-prod Follow the configuration guidelines in the RES documentation to configure the studio.