This is the final phase of deploying WSO2 Identity Server HA deployment. Use the identity.yaml to set up the deployment.
The WSO2 IS CloudFormation templates use Puppet to manage the server configurations and use the following AMIs to provision the deployment.
-
Puppet master AMI - Contains the Identity Server Generally Available(GA) distribution, WSO2 Update Manager, and Puppet modules containing the configurations for IS deployment patterns.
-
IS AMI - Contains the scripts that are required to create the Puppet catalog. Additionally, these AMIs contain the OS hardening recommended by WSO2. When EC2 instances start using the AMIs, the instances are updated to get the latest OS updates.
-
Puppet master
- The latest OS updates and the required tools such as AWS CLI, Logstash, JDK are installed in the Puppetmaster.
- The scripts needed to add the latest updates to the WSO2 products are retrieved.
- The latest updates for WSO2 servers are added to the residing GA WSO2 servers in the AMI.
- Relevant configurations(IP addresses, DB URLs, etc.) are done to the puppet modules.
- DB scripts are executed against the DB created in Phase 2.
-
Identity Server(Puppet agent)
- The latest OS updates and the required tools such as puppet agent, AWS CLI, Logstash, JDK are installed in the puppet agent.
- Puppet modules are retrieved from the Puppet master and the product is installed.
- The directories should be persisted and mounted to an Elastic File System(EFS).
- WSO2 servers are started.
$101.92 per month
The above cost is calculated upon the usage of default parameters given in the identity.yaml. If different inputs are chosen at the runtime, the cost may differ from the above.
WSO2ISEFSFileSystem contains the bare minimum configurations to run an EFS. In a production system, the following values should be configured based on the requirements.
Replace the EFS configurations in the CloudFormation if you need the File System to be encrypted.
A Boolean value that, if true, creates an encrypted file system.
The ID of the AWS KMS customer master key (CMK) to be used to protect the encrypted file system. This parameter is only required if you want to use a nondefault CMK. If this parameter is not specified, the default CMK for Amazon EFS is used. If KmsKeyId is specified, the Encrypted parameter must be set to true.
WSO2ISEFSFileSystem:
Type: 'AWS::EFS::FileSystem'
Properties:
PerformanceMode: generalPurpose
Encrypted: true
KmsKeyId: !Ref KmsKeyIdReplace the EFS configurations in the CloudFormation if you need to change the throughput configurations.
The throughput mode for the file system to be created. There are two throughput modes to choose from for your file system: bursting and provisioned. If you set ThroughputMode to provisioned, you must also set a value for ProvisionedThroughPutInMibps. You can decrease your file system's throughput in Provisioned Throughput mode or change between the throughput modes as long as it’s been more than 24 hours since the last decrease or throughput mode change
The throughput, measured in MiB/s, that you want to provision for a file system that you're creating. Valid values are 1-1024. Required if ThroughputMode is set to provisioned. The upper limit for throughput is 1024 MiB/s.
WSO2ISEFSFileSystem:
Type: 'AWS::EFS::FileSystem'
Properties:
PerformanceMode: generalPurpose
ThroughputMode: provisioned
ProvisionedThroughPutInMibps: 2.0- Update the CIDR blocks of the identity.yaml as required to limit the traffic to/in your deployment as required.