Configure c4 for AWS
This section describes how to configure Exasol Deployment Tool (c4) for deploying Exasol 8 on Amazon Web Services (AWS).
For more information about how to install and use c4, see Exasol Deployment Tool (c4).
c4 must be installed and accessible. For more information, see Install c4.
- An active AWS account with the relevant permissions.
- An active Exasol subscription on your AWS account
- An AWS access key for accessing your deployment on AWS. For more information, see Understanding and getting your AWS credentials.
- AWS Command Line Interface v2. For more information, see Installing or updating the latest version of the AWS CLI.
- If your AWS account requires multi factor authentication (MFA) you need to set this up in AWS before continuing. For more information, see Enabling a virtual multi-factor authentication (MFA) device (console).
Create a c4 Configuration File
The c4 deployment tool has a large number of configurable parameters. The default values for the parameters are internally stored in the application. You can override the default values by creating a local configuration file in your user home directory. Parameters that are not included in the local configuration file will use the application default values.
The following parameters must always be defined in the local configuration file:
||Email address to be used for deployment tagging.|
||Boolean for including an access node in the deployment. If this option is unset or set to false an access node will not be deployed and the Administration API cannot be used to manage the instance.|
||Password for COS authentication (user: admin).|
||Password for Exasol database authentication (user: sys).|
Password used internally for running the deployments.
This password is only used internally and will not be required further, but a password must be explicitly set in the configuration file as there is no default value.
Parameters that are not described in this documentation are for advanced configuration only and should not be changed without consulting Exasol. Changing these parameters may make the deployment invalid and/or cause loss of data.
The following examples use Linux shell syntax. Configuration parameters can also be defined in YAML or JSON format. For more information about setting parameters in these languages, see Parameters in c4.
Create the directory
~/.cccin your home directory (if it does not already exist).
Create the file
~/.ccc/configand define the mandatory parameters (using your preferred text editor such as vim or nano).
For security reasons you should always replace the default passwords by setting unique, secure passwords in the configuration file.
CCC_USER_PASSWORD parameter must be set in the configuration file, otherwise the deployments will not start.
For more information about the c4 configuration file, use
c4 config --help.
If the AWS CLI is not yet configured on your machine you must set it up with your AWS Access Key ID and Access Key. To configure the AWS CLI, run the following command and proceed through the wizard:
For more information about configuring the AWS CLI, see AWS CLI Configuration Basics.
EC2 Key Pair
To be able to access your instances you must have an active EC2 key pair in your AWS account. The key pair that you specify will be associated with the EC2 instances and are used for authentication. For more information, see Amazon EC2 key pairs.
You can either create a new key pair or import an existing one using the CLI:
You can create a new EC2 key pair using either the AWS Console in your browser or the AWS CLI. Detailed instructions can be found in the AWS Documentation. See the following example to create a key pair using the CLI:
aws --profile default-mfa ec2 create-key-pair \
--key-name my-key-pair \
--query "KeyMaterial" \
--output text > ~/.ssh/my-key-pair.pem
In the example above, the private key is saved in
If you have a pre-existing SSH key that you want to use in AWS, you can import the key using either the AWS Console in your browser or the AWS CLI. Detailed instructions can be found in the AWS Documentation. The following example imports an SSH key:
If you use MFA authentication, the profile name must be appended with -mfa.
Private Key Permissions
The SSH key allows you to access the host system and the COS container of the deployment with the highest privileges. Make sure that the private key is generated with a passphrase and that the .pem key file has proper access restrictions.
Ensure the following details regarding the private key:
The private key must be saved in the
The owner of the private key must be the user who is running c4 commands
Read-only permissions are set on the private key:
Configure AWS Configuration Parameters
Open the c4 configuration file
~/.ccc/config in a text editor and add the following parameters:
|CCC_AWS_PROFILE||The configured AWS Profile name used by the deployment tool|
|CCC_AWS_REGION||AWS region where deployments must be done by default|
|CCC_AWS_KEY_PAIR||The name of the SSH key pair to be used in the deployed instances|
|CCC_AWS_KEY_PAIR_FILE||The name of the file with the SSH private key of the pair specified in CCC_AWS_KEY_PAIR. The file must be found in the
Boolean for disabling multi factor authentication (MFA) in AWS.
MFA is enabled by default in c4. If your AWS account does not require MFA, this parameter must be set to
The instance type of all database nodes used during deployment. The default instance type is
The instance type can also be changed after deployment. For details, see Scale a Cluster.
Validate AWS Configuration in c4
To verify that all required configuration parameters have been set, use
c4 config. For example:
To verify that all dependencies for AWS are fulfilled and that the AWS account is accessible, use
c4 aws diag. For example:
$ c4 aws diag
[OK] aws tools are installed
[OK] jq is installed
[OK] pip is installed
[OK] aws version 1.16+
[OK] aws tools credentials are set
[OK] aws tools credentials are correct
[OK] exasol aws account is accessible
[OK] Private AWS SSH access key file found