Configure c4 for AWS

This section describes how to configure Exasol Deployment Tool (c4) for deploying Exasol 8 on Amazon Web Services (AWS).

For more information about how to install and use c4, see Exasol Deployment Tool (c4).

Prerequisites

c4 must be installed and accessible. For more information, see Install c4.
An active AWS account with the relevant permissions.
An active Exasol subscription on your AWS account
An AWS access key for accessing your deployment on AWS. For more information, see Understanding and getting your AWS credentials.
AWS Command Line Interface v2. For more information, see Installing or updating the latest version of the AWS CLI.
If your AWS account requires multi factor authentication (MFA) you need to set this up in AWS before continuing. For more information, see Enabling a virtual multi-factor authentication (MFA) device (console).

Create a c4 Configuration File

The c4 deployment tool has a large number of configurable parameters. The default values for the parameters are internally stored in the application. You can override the default values by creating a local configuration file in your user home directory. Parameters that are not included in the local configuration file will use the application default values.

The following parameters must always be defined in the local configuration file:

Parameter	Description
`CCC_USER_EMAIL`	Email address to be used for deployment tagging.
`CCC_PLAY_ACCESS_NODE`	Boolean for including an access node in the deployment. If this option is unset or set to `false` an access node will not be deployed and the Administration API cannot be used to manage the instance.
`CCC_PLAY_ADMIN_PASSWORD`	Password for COS authentication (user: admin).
`CCC_PLAY_DB_PASSWORD`	Password for Exasol database authentication (user: sys).
`CCC_USER_PASSWORD`	Password used internally for running the deployments. This password is only used internally and will not be required further, but a password must be explicitly set in the configuration file as there is no default value.

Parameters that are not described in this documentation are for advanced configuration only and should not be changed without consulting Exasol. Changing these parameters may make the deployment invalid and/or cause loss of data.

The following examples use Linux shell syntax. Configuration parameters can also be defined in YAML or JSON format. For more information about setting parameters in these languages, see Parameters in c4.

Create the directory ~/.ccc in your home directory (if it does not already exist).
```
mkdir ~/.ccc
```

Create the file ~/.ccc/config and define the mandatory parameters (using your preferred text editor such as vim or nano).

vim ~/.ccc/config

CCC_USER_EMAIL=my.name@example.com
CCC_PLAY_ACCESS_NODE=true
CCC_PLAY_ADMIN_PASSWORD=<my_cos_password>
CCC_PLAY_DB_PASSWORD=<my_db_password>
CCC_USER_PASSWORD=<my_user_password>

For security reasons you should always replace the default passwords by setting unique, secure passwords in the configuration file.

The CCC_USER_PASSWORD parameter must be set in the configuration file, otherwise the deployments will not start.

For more information about the c4 configuration file, use c4 config --help.

Configure AWS Access

If the AWS CLI is not yet configured on your machine you must set it up with your AWS Access Key ID and Access Key. To configure the AWS CLI, run the following command and proceed through the wizard:

aws configure

For more information about configuring the AWS CLI, see AWS CLI Configuration Basics.

EC2 Key Pair

To be able to access your instances you must have an active EC2 key pair in your AWS account. The key pair that you specify will be associated with the EC2 instances and are used for authentication. For more information, see Amazon EC2 key pairs.

You can either create a new key pair or import an existing one using the CLI:

Create a new EC2 Key Pair

You can create a new EC2 key pair using either the AWS Console in your browser or the AWS CLI. Detailed instructions can be found in the AWS Documentation. See the following example to create a key pair using the CLI:

aws --profile default-mfa ec2 create-key-pair \
    --key-name my-key-pair \
    --query "KeyMaterial" \
    --output text > ~/.ssh/my-key-pair.pem

In the example above, the private key is saved in my-key-pair.pem

Import an existing SSH key

If you have a pre-existing SSH key that you want to use in AWS, you can import the key using either the AWS Console in your browser or the AWS CLI. Detailed instructions can be found in the AWS Documentation. The following example imports an SSH key:

aws --profile default-mfa ec2 import-key-pair \
    --key-name my-imported-key
    --public-key-material fileb://~/.ssh/my-key.pub

If you use MFA authentication, the profile name must be appended with -mfa.

Private Key Permissions

The SSH key allows you to access the host system and the COS container of the deployment with the highest privileges. Make sure that the private key is generated with a passphrase and that the .pem key file has proper access restrictions.

Ensure the following details regarding the private key:

The private key must be saved in the ~/.ssh/ folder
The owner of the private key must be the user who is running c4 commands
Read-only permissions are set on the private key:
```
chmod 400 ~/.ssh/MyKeyPair.pem
```

Configure AWS Configuration Parameters

Open the c4 configuration file ~/.ccc/config in a text editor and add the following parameters:

Parameter	Description
CCC_AWS_PROFILE	The configured AWS Profile name used by the deployment tool
CCC_AWS_REGION	AWS region where deployments must be done by default
CCC_AWS_KEY_PAIR	The name of the SSH key pair to be used in the deployed instances
CCC_AWS_KEY_PAIR_FILE	The name of the file with the SSH private key of the pair specified in CCC_AWS_KEY_PAIR. The file must be found in the `~/.ssh/` directory
CCC_AWS_NO_MFA	Boolean for disabling multi factor authentication (MFA) in AWS. MFA is enabled by default in c4. If your AWS account does not require MFA, this parameter must be set to `true`. If MFA is required, this parameter must either be set to `false` or omitted from the configuration file.
CCC_AWS_INSTANCE_TYPE	The instance type of all database nodes used during deployment. The default instance type is `c5d.2xlarge`. The instance type can also be changed after deployment. For details, see Scale a Cluster.

Validate AWS Configuration in c4

To verify that all required configuration parameters have been set, use c4 config. For example:

$ c4 config
CCC_USER_EMAIL=my.name@example.com
CCC_PLAY_ACCESS_NODE=true
CCC_PLAY_ADMIN_PASSWORD=sdf87934kh&8_yg7
CCC_PLAY_DB_PASSWORD=R_&hkjgKjgnvP#9x
CCC_USER_PASSWORD=98f*7jhgdf_Yfe
CCC_AWS_PROFILE=default
CCC_AWS_REGION=eu-west-1
CCC_AWS_KEY_PAIR=ic-pair1
CCC_AWS_KEY_PAIR_FILE=ic-pair1.pem

To verify that all dependencies for AWS are fulfilled and that the AWS account is accessible, use c4 aws diag. For example:

$ c4 aws diag
[OK] aws tools are installed
[OK] jq is installed
[OK] pip is installed
[OK] aws version 1.16+
[OK] aws tools credentials are set
[OK] aws tools credentials are correct
[OK] exasol aws account is accessible
[OK] Private AWS SSH access key file found

Next Steps

Once c4 is configured, you can run a Basic Deployment using c4 or learn more about Basic Use of c4.