AWS account requirements
First, make sure you have the prerequisites.
Then before you install AI Unlimited, address these AWS items.
Prepare your AWS account
-
Work with your cloud admin to ensure you have the IAM permissions to create the cloud resources defined in the AI Unlimited template.
-
If you'll need to access the manager instance to run commands or debug, you can connect to it one of these ways:
- Use a key pair to securely connect using Secure Shell (SSH). You will need the key pair when you specify the stack details.
- Use AWS Session Manager to connect. To enable this, attach the session-manager.json policy to a role you provide to the manager.
-
If you plan to use an Application Load Balancer (ALB) or Network Load Balancer (NLB), make sure you have permission to manage these AWS services:
- AWS Certificate Manager—to issue a new certificate for the hosted zone ID in Route 53.
- AWS Route 53—to configure a custom domain name and route DNS queries to your load balancer.
Allow AI Unlimited to create roles
The manager needs a role that allows it to deploy the engine. The engine needs a role that allows the engine nodes to communicate. You can let AI Unlimited create both of these roles.
If your security does not allow AI Unlimited to create roles, create the roles yourself or with the help of your cloud admin.
Role for the manager
To let AI Unlimited create this role for you, when you specify the stack details, provide these values for these parameters:
IamRole
: NewIamRoleName
: leave blank
Role for the engine
AI Unlimited can create a new role for the engine each time the engine is deployed.
The engine-specific policies AI Unlimited creates are restricted this way:
To allow AI Unlimited to create a new role for each engine deployment, when you configure the cloud integration in the AI Unlimited setup, leave the Default IAM role field blank.