This section describes some more advanced deployment scenarios for Exasol 8 on AWS.
The features described in this section are only available for deployments using a CloudFormation template.
c4 aws play -T creates a new Amazon VPC with the deployment. You can also create a deployment using an existing VPC. In this case a new VPC will not be created, and the subnet, internet gateway, routes, and endpoints of the existing VPC will be used instead.
To deploy using an existing VPC you must add the following parameters to your c4 configuration file or set the parameters on the command line when you create the deployment. For more information about how to specify parameters in different locations, see Parameters in c4.
|A new VPC will be automatically created with the deployment.
|A VPC must be specified it in the following parameters.
|<subnet ID of the VPC>
Identifier of the network to be used for the deployment.
The subnet ID is found in the AWS Console.
|<IPv4 CIDR Block of the VPC>
The IP address range that will be used for the nodes.
This range does not always equal to the range set on the network and should therefore be set explicitly.
The CIDR is determined in the AWS Console.
The deployment instances can be assigned an existing Amazon Identity and Access Management (IAM) role that is specified in the c4 configuration, or a new IAM profile can be created with the deployment. To use an existing IAM profile, add the following parameters to the c4 configuration:
A new AWS IAM profile will be created with the deployment.
The IAM profile specified in
|Name of the AWS IAM role to use.
Existing Security Group
To use an existing security group within an existing VPC, add the following parameter to the c4 configuration:
|<security group ID>
The security group ID is found in the AWS Console.
If set to
Elastic IP Addresses
Elastic IP addresses are used by default for the nodes in Exasol AWS deployments. To disable the use of Elastic IP addresses, set the following parameter in the c4 configuration:
Each node automatically gets an elastic IP address that can be used to access the node directly from the internet.
The node has full outgoing communication, without any limitations, and ingoing communication to the allowed ports (by default, to SSH, HTTPS and EXASOL).
The nodes will not get elastic IP addresses.
By default, no direct outgoing or incoming communication with the node from the internet is possible.
If the node will need internet access, this must be provided by special network configuration via a NAT gateway or a proxy server (not configured by default).
When using an existing VPC with Elastic IP addresses disabled (
CCC_AWS_USE_EIP=false), the following VPC endpoints must be defined:
- SSM Messages
For more information about VPC endpoints, see What are VPC endpoints?.
Access Exasol With AWS SSM
AWS Systems Manager (SSM) is supported on deployments using a CloudFormation template (
c4 aws play -T).
Using SSM allows you to access the
cos subsystems on an Exasol cluster that has no direct TCP/IP connection.
It is not possible to connect interactively to the database using
c4 connect -s db over SSM.
To set the connection method to SSM, set the following parameter in the c4 configuration:
Both SSH and SSM are enabled by default in all Exasol AWS deployments. To disable SSH access for a deployment using SSM, specify
AWS_SSH_KEY_PAIR=SSM on the command line when creating the deployment:
AWS Availability Zones
AWS availability zones (AZ) are supported for deployments using a CloudFormation template (
c4 aws play -T).
c4 play starts deployment without specifying availability zones. CloudFormation will then automatically assign all instances to a zone. To restrict deployment to specific availability zones, set the following parameters in the configuration file or include them in the
c4 play command:
|Parameter (configuration file)
|Parameter (command line)
|Contains a list of available availability zones to be used in the deployment.
Assigns availability zones to instances.
If only one availability zone is enabled, it will use IP addresses from the
If several availability zones are specified, the
CCC_PLAY_SUBNETWORK_CIDR parameter is ignored and the networks of the zones automatically get IP addresses from the range 192.168.0.0/16 sliced by the /26 mask (192.168.0.0/26, 192.168.0.64/26 ...)
Example 1: Create 3 instances all in same
eu-west-1c availability zone.
Example 2: Enable two availability zones and put all instances into one of them, keeping the second zone available for further deployments.
c4 aws --enabled-availability-zones "eu-west-1b eu-west-1c" \
--availability-zone eu-west-1b play -T -N3 @exasol-8.23.4
Example 3: Enable two availability zones and distribute instances between them in a round-robin fashion. In this example nodes 11, 13, and 15 will be in
eu-west-1a, and nodes 12 and 14 will be in
Example 4: Enable all availability zones in the given region, use the special word
Example 5: Assign specific instances to distinct availability zones:
c4 aws --enable-availability-zones "all" \
--availability-zone-11 eu-west-1c \
--availability-zone-13 eu-west-1a play -T -N5 @exasol-8.23.4
This will create 5 instances where nodes 11 and 13 will be assigned to eu-west-1c and eu-west-1a respectively, and the other nodes will be distributed over all the enabled availability zones in a round-robin fashion:
For more information about Availability Zones, see Regions and Zones.