Skip to content

Commit

Permalink
docs: egress docs (#742)
Browse files Browse the repository at this point in the history 
* docs: egress docs

* Fix prepare_master_account file and remove yarn.lock file

* docs: post deployment guide updates

* docs: pr review

* docs: spelling correction

* docs: new post depl guide

* docs: new post depl manual

Co-authored-by: Sharma <shyogesh@88665a06ebc4.ant.amazon.com>
Co-authored-by: Tim Nguyen <thingut@amazon.com>
  • Loading branch information
@shyogesh-sw
3 people authored Oct 14, 2021
1 parent 0fe71e5 commit 3d2b406
Show file tree
Hide file tree
Showing 23 changed files with 9,019 additions and 214 deletions.
Binary file modified docs/Service_Workbench_Post_Deployment_Guide.pdf
View file
Binary file not shown.
10 changes: 6 additions & 4 deletions docs/docs/deployment/post_deployment/account_structure.md
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
---
id: account_structure
title: Account Structure
sidebar_label: Account Structure
title: Account structure
sidebar_label: Account structure
---

Service Workbench uses _three_ types of accounts. You will see these account names throughout the documentation.

- **Organizational** : Holds the AWS Organization which creates hosting accounts. Note that you may already have a method of obtaining AWS accounts supported by your organization. If this is the case, you will not create an organizational account or use the Create Account functionality within Service Workbench when onboarding a hosting account.
- **Main**: The account from which Service Workbench is deployed. Will be billed for all AWS usage charges in this deployment.
- **Master**: Holds the AWS Organization which creates Member accounts.
- **Hosting**: User accounts created within Service Workbench for individuals.
- **Master**: Holds the AWS Organization which creates member accounts.
- **Member**: Accounts that are established associated to the Service Workbench main account through the onboarding process to host the compute resources (Amazon SageMaker notebook instances, Amazon EC2 Windows and Linux instances, Amazon EMR clusters) associated to Service Workbench workspaces.

Read the following files in the source code documentation to learn more about the different types of AWS accounts within Service Workbench:

Expand Down
232 changes: 122 additions & 110 deletions docs/docs/deployment/post_deployment/aws_accounts.md
View file

Large diffs are not rendered by default.

12 changes: 6 additions & 6 deletions docs/docs/deployment/post_deployment/create_admin_user.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
id: create_admin_user
title: Create an Administrator User
sidebar_label: Create an Administrator User
title: Create an administrator user
sidebar_label: Create an administrator user
---

import useBaseUrl from '@docusaurus/useBaseUrl';
Expand All @@ -10,15 +10,15 @@ Once you create an [Account](/deployment/post_deployment/link_aws_account) and a

<img src={useBaseUrl('img/deployment/post_deployment/create_user_00.jpg')} />

_**Figure 7: Create an Administrator**_
_**Figure: Create an administrator**_


_**Note**: A root user account will already be created, however, you must not routinely use the root user account._

For testing purposes, you can create a local user by clicking ‘**Add Local User**. Assign the user the administrator’s role, and associate the user with the **Project** you created, and set the status to **Active**’. See **Figure 8**.
For testing purposes, you can create a local user by choosing **Add Local User**. Assign the user the administrator’s role, and associate the user with the **Project** you created, and set the status to **Active**.

<img src={useBaseUrl('img/deployment/post_deployment/create_user_01.jpg')} />

_**Figure 8: Add Local User**_
_**Figure: Add local user**_

**In prod environments we highly recommend using an IDP. For more details, click [here](../../user_guide/sidebar/admin/auth/introduction.md)**
In production environments we highly recommend using an IDP. For more details, refer to the *Service Workbench Configuration Guide*.
19 changes: 10 additions & 9 deletions docs/docs/deployment/post_deployment/create_index_project.md
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,26 @@
---
id: create_index_project
title: Create Indexes and Projects
sidebar_label: Create Indexes and Projects
title: Create indexes and projects
sidebar_label: Create indexes and projects
---

import useBaseUrl from '@docusaurus/useBaseUrl';

**Projects** and **Indexes** form a hierarchy under '**Accounts**'. Each Account can have multiple **Indexes**, each **Index** can have multiple **Projects**. **Projects** are attached to **Users**, so you must create the **Projects** first.
Now that you have onboarded a hosting account, you can create indexes and projects associated to this account.

After you create an [Account](/deployment/post_deployment/link_aws_account) in the ‘**Accounts**’ tab of the administrative interface, create an ‘**Index**’ that links to the Account, by selecting the ‘**Account ID**’ from the drop-down list.
**Projects** and **Indexes** form a hierarchy under **Accounts**. Each account can have multiple **Indexes**, each **Index** can have multiple **Projects**. **Projects** are attached to **Users**, so you must create the **Projects** first.

1. On the **Indexes** tab, click ‘**Add Index**’. See **Figure 5**.
After you create an [Account](/deployment/post_deployment/link_aws_account) in the **Accounts** tab of the administrative interface, create an **Index** that links to the account, by selecting the **Account ID** from the drop-down.

<img src={useBaseUrl('img/deployment/post_deployment/create_index_00.jpg')} />
1. On the **Indexes** tab, choose **Add Index**.

_**Figure 5: Create an Index**_
<img src={useBaseUrl('img/deployment/post_deployment/create_index_00.jpg')} />

_**Figure: Create an index**_

2. Create a **Project** that links to the new Index. In the **Projects** tab, click ‘**Add Project**’. See **Figure 6**.
2. Create a **Project** that links to the new Index. In the **Projects** tab, choose **Add Project**.

<img src={useBaseUrl('img/deployment/post_deployment/create_index_01.jpg')} />

_**Figure 6: Create a Project**_
_**Figure: Create a project**_

97 changes: 48 additions & 49 deletions docs/docs/deployment/post_deployment/import_service_catalog_products.md
View file
Original file line number Diff line number Diff line change
@@ -1,60 +1,59 @@
---
id: import_service_catalog_products
title: Import Service Catalog Products
sidebar_label: Import Service Catalog Products
title: Import AWS Service Catalog products
sidebar_label: Import AWS Service Catalog products
---

import useBaseUrl from '@docusaurus/useBaseUrl';

Service Workbench uses [AWS Service Catalog](https://aws.amazon.com/servicecatalog/?aws-service-catalog.sort-by=item.additionalFields.createdDate&aws-service-catalog.sort-order=desc)
to manage different types of computation resources available for researchers to use through the platform.

With AWS Service Catalog integration, Service Workbench allows Admin users to create and manage catalogs of IT services
that are approved for use on AWS. These IT services can include everything from virtual machine images,
servers, software, and databases to complete multi-tier application architectures.
With AWS Service Catalog integration, Service Workbench allows admin users to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures.

With this integration, Service Workbench helps organization to centrally manage commonly deployed IT services,
and helps achieve consistent governance and meet compliance requirements,
while enabling users to quickly deploy only the approved IT services they need.
With this integration, Service Workbench helps organization to centrally manage commonly deployed IT services, and helps achieve consistent governance and meet compliance requirements, while enabling users to quickly deploy only the approved IT services they need.

When Service Workbench is deployed, an AWS Service Catalog portfolio is created by default with four commonly used products: Amazon SageMaker, Amazon EC2 for Windows, Amazon EC2 for Linux and Amazon EMR. The administrator needs to import and configure these products using Service Workbench user interface before they can be deployed. If you want to include additional custom products in the AWS Service Catalog portfolio, complete these steps:

When Service Workbench is deployed, an AWS Service Catalog portfolio is created by default with four commonly used products: Amazon SageMaker, Amazon EC2 for Windows, Amazon EC2 for Linux and Amazon EMR. The **administrator** needs to import and configure these products using Service Workbench user interface before they can be deployed. If you want to include additional custom products in the AWS Service Catalog portfolio, complete these steps:
1. Add the AWS CloudFormation template in the following directory:
`addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog`
2. Add the AWS CloudFormation template file name in the productsToCreate list in the following location:
`addons/addon-base-raas/packages/base-raas-post-deployment/lib/steps/create-service-catalog-portfolio.js`
3. Deploy Service Workbench.

1. Add the AWS CloudFormation template in the following directory:
* `addons/addon-base-raas/packages/base-raas-cfn-templates/src/templates/service-catalog`
2. Add the AWS CloudFormation template file name in the `productsToCreate` list in the following location:
* `addons/addon-base-raas/packages/base-raas-post-deployment/lib/steps/create-service-catalog-portfolio.js`
Note: If products are updated directly in Service Catalog in the AWS Management console, then their automatic version updates via Service Workbench are not guaranteed anymore.

## Import a Product

In this step, you import a pre-defined product, configure parameters to be used for product launch, and approve the configured product to be used. The following sections use Amazon EC2 Linux as an example, followed by setting different configuration required for Amazon EC2 Windows, Amazon SageMaker and Amazon EMR.

### Prerequisites

Ensure the following prerequisites are met in order to import a product.

#### AMI
#### Creating AMI

Make sure you completed the step, [Deploy the Machine Images SDC](/deployment/deployment/index#deploy-the-machine-images-sdc)
as part of the deployment process.

To check if AMIs were created successfully, perform the following actions:
To check if AMIs were created successfully:

1. Navigate to Amazon EC2.
2. Select the '**AMI**' tab.
3. Note down the 4 AMIs created for (1) Amazon EC2 Linux, (2) Amazon EC2 Windows, (3) Amazon EMR, and (4) Amazon EC2 Rstudio.
4. Copy the AMI IDs and use for workspace import and configuration. Alternatively, you can also copy these AMI IDs from the terminal when the machine-images SDC is deployed.
2. Choose the AMI tab.
3. Note down the four AMIs created for Amazon EC2 Linux, Amazon EC2 Windows, Amazon EMR, and Amazon EC2 RStudio.
4. Copy the AMI IDs and use for workspace import and configuration. Alternatively, you can also copy these AMI IDs from the terminal when the machine-images SDC is deployed.

_**Note**: If you run the machine images SDC multiple times, duplicated AMIs are created. This is okay and will not affect any Service Workbench functionalities. You can choose to remove the duplicates to avoid confusion or leave them as is._
**Note**: If you run the machine images SDC multiple times, duplicated AMIs are created. This is okay and will not affect any Service Workbench functionalities. You can choose to remove the duplicates to avoid confusion or leave them.


#### Service Catalog Portfolio
#### Viewing Service Catalog Portfolio

1. Log in to Service Workbench UI as an **administrator**.
2. Navigate to ‘**Workspace Types**’ tab. Four AWS Service Catalog Products display as shown in **Figure 9**.
2. Navigate to ‘**Workspace Types**’ tab. Four AWS Service Catalog Products display as shown below.

<img src={useBaseUrl('img/deployment/post_deployment/service_catalog_import_00.png')} />

***Figure 9: AWS Service Catalog Products***
***Figure: AWS Service Catalog Products***

These four products come from the AWS Service Catalog portfolio created by the system during deployment. And they'll be ready for use once imported and configured.

Expand All @@ -63,70 +62,70 @@ If you wish to include other AWS computation resources in the future:
1. Add a new product to the existing Service Workbench portfolio in AWS Service Catalog
2. Update the role `ServiceCatalogLaunchConstraintRole` in [cloudformation.yml](https://github.com/awslabs/service-workbench-on-aws/blob/mainline/main/solution/post-deployment/config/infra/cloudformation.yml#L204) to include permission needed to launch and terminate the product

### Import
### Importing a workspace

In this section, the Amazon EC2 Linux is used as an example.

1. Click the '**Import**' button under `ec2-linux-instance`.
2. Update **Name** and **Description** so you can easily identify the workspace.
1. Choose '**Import**' under `ec2-linux-instance`.
2. Enter the **Name** and **Description** so you can easily identify the workspace.

### Configure
### Configuring the workspace

Once you import a workspace type, perform the following actions:

1. Click '**Add Configuration**'
2. Add **ID**, **Name**, **Description**, and **Estimated Costs** for the configuration. A common naming convention here is to attach the instance size after the product name. For example, use `ec2-linux-instance-V1-small` for a small Linux Amazon EC2 instance.
3. Click**Next**’.
4. Add access control for the workspace configuration.
5. Click '**Next**'
1. Choose '**Add Configuration**'
2. Enter the **ID**, **Name**, **Description**, and **Estimated Costs** for the configuration. A common naming convention here is to attach the instance size after the product name. For example, use `ec2-linux-instance-V1-small` for a small Linux Amazon EC2 instance.
3. Choose**Next**’.
4. Enter access control for the workspace configuration.
5. Enter '**Next**'.

The input parameters are parameters used for the product, AWS CloudFormation template. The number and type of parameters are different for different products. Most of the parameters used for the four system created products can be evaluated automatically at launch time. These parameters are available for selection in the drop-down when filling the input parameters page.

### Configuration for EC2 Linux

For Amazon EC2 Linux, the only two fields that are not available in the drop-down are **InstanceType** and **AmiId**.
For Amazon EC2 Linux, the only two fields that are not available in the drop-down are **InstanceType** and **AmiId**.

**Figure 10** and **Figure 11** display screenshot images that exemplify Amazon EC2 Linux configurations.
The following figures display screenshot images that exemplify Amazon EC2 Linux configurations.

<img src={useBaseUrl('img/deployment/post_deployment/sc_ec2_linux_00.png')} />

***Figure 10: Configurations for Amazon EC2 Linux***
***Figure: Configurations for Amazon EC2 Linux***

<img src={useBaseUrl('img/deployment/post_deployment/sc_ec2_linux_01.png')} />

***Figure 11: Configurations for Amazon Linux EC2***
***Figure: Configurations for Amazon Linux EC2***

### Configuration for Amazon EC2 Windows

For Amazon EC2 Windows, the only two fields that are not available in the drop-down are ‘**InstanceType**’ and ‘**AmiId**’. (Use the AMI ID you copied in Prerequisites - AMI)

**Figure 12**, **Figure 13**, and **Figure 14** display screenshot images that exemplify Amazon EC2 Windows configurations.
The following figures display screenshot images that exemplify Amazon EC2 Windows configurations.

<img src={useBaseUrl('img/deployment/post_deployment/SWB_param1.png')} />

***Figure 12: Configurations for EC2 Windows***
***Figure: Configurations for EC2 Windows***

<img src={useBaseUrl('img/deployment/post_deployment/SWB_param2.png')} />

***Figure 13: Configurations for EC2 Windows***
***Figure: Configurations for EC2 Windows***

<img src={useBaseUrl('img/deployment/post_deployment/SWB_param3.png')} />

***Figure 14: Configurations for EC2 Windows***
***Figure: Configurations for EC2 Windows***

### Configuration for Amazon SageMaker

For Amazon SageMaker, the only field that’s not available in the drop-down is ‘**InstanceType**’.

**Figure 14** and **Figure 15** display screenshot images that exemplify Amazon SageMaker configurations.
The following figures display screenshot images that exemplify Amazon SageMaker configurations.

<img src={useBaseUrl('img/deployment/post_deployment/sc_sagemaker_00.png')} />

***Figure 14: Configurations for Amazon SageMaker***
***Figure: Configurations for Amazon SageMaker***

<img src={useBaseUrl('img/deployment/post_deployment/sc_sagemaker_01.png')} />

***Figure 15: Configurations for Amazon SageMaker***
***Figure: Configurations for Amazon SageMaker***

### Configuration for Amazon EMR

Expand All @@ -139,19 +138,19 @@ Amazon EMR requires a few more fields that are not available in the drop-down me
- WorkerInstanceType
- AmiId (Use the AMI id we copied in prerequisites - AMI)

**Figure 16**, **Figure 17**, and **Figure 18** display screenshot images that exemplify Amazon EMR configurations.
The following figures display screenshot images that exemplify Amazon EMR configurations.

<img src={useBaseUrl('img/deployment/post_deployment/sc_emr_00.png')} />

***Figure 16: Configurations for Amazon EMR***
***Figure: Configurations for Amazon EMR***

<img src={useBaseUrl('img/deployment/post_deployment/sc_emr_01.png')} />

***Figure 17: Configurations for Amazon EMR***
***Figure: Configurations for Amazon EMR***
<img src={useBaseUrl('img/deployment/post_deployment/sc_emr_02.png')} />

***Figure 18: Configurations for Amazon EMR***
***Figure: Configurations for Amazon EMR***

## Approve
## Approving the workspace

Once the configuration completes, click the **Approve** button; the newly created workspace type will be available for launch in the **Study and Workspace** tab.
Once the configuration completes, choose the **Approve** button. The newly created workspace type will be available for launch in the **Study and Workspace** tab.
4 changes: 2 additions & 2 deletions docs/docs/deployment/post_deployment/link_aws_account.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
id: link_aws_account
title: Create or Add an AWS Account
sidebar_label: Create or Add an AWS Account
title: Create or add an AWS Account
sidebar_label: Create or add an AWS Account
---

import useBaseUrl from '@docusaurus/useBaseUrl';
Expand Down
8 changes: 4 additions & 4 deletions docs/docs/deployment/post_deployment/logs.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
id: logs
title: Viewing logs
sidebar_label: Viewing Service Workbench Logs
title: Viewing Service Workbench logs
sidebar_label: Viewing Service Workbench logs
---

### Viewing Service Workbench logs in CloudWatch ###
### Viewing Service Workbench logs in Amazon CloudWatch ###
Service Workbench has API Gateway access logging enabled. The logs are available in CloudWatch at the ```/aws/api-gateway/<name of your API>``` log group:


Expand All @@ -31,7 +31,7 @@ Following is the format of the access logs:
```
Lambda logs are also available in CloudWatch with the default log group names ```/aws/lambda/<lambda function name>```.

### Metrics ###
### Available metrics ###

The default metrics for Lambda and API Gateway are available in CloudWatch. For the full list of available metrics, see:

Expand Down
Loading

0 comments on commit 3d2b406

Please sign in to comment.