Amazon Web Services (AWS)
Airbyte supports Amazon Web Services as a Cloud Provider. There are several ways that you can deploy Airbyte using AWS.
You can use the AWS managed Kubernetes solution EKS, using abctl
on an EC2 instance, or on a Kubernetes distribution
that has been deployed on EC2 instances.
Policies
You will need to create an AWS Role and associate that Role with either an AWS User when using Access Credentials, or an Instance Profile or Kubernetes Service Account when using IAM Roles for Service Accounts. That Role will need the following policies depending on in for integrate with S3 and AWS Secret Manager respectively.
AWS S3 Policy
The following policies, allow the cluster to communicate with S3 storage
{
"Version": "2012-10-17",
"Statement":
[
{ "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "*" },
{
"Effect": "Allow",
"Action": ["s3:ListBucket", "s3:GetBucketLocation"],
"Resource": "arn:aws:s3:::YOUR-S3-BUCKET-NAME",
},
{
"Effect": "Allow",
"Action":
[
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:DeleteObject",
],
"Resource": "arn:aws:s3:::YOUR-S3-BUCKET-NAME/*",
},
],
}
AWS Secret Manager Policy
The following policies, allow the cluster to communicate with AWS Secret Manager
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret",
"secretsmanager:ListSecrets",
"secretsmanager:DescribeSecret",
"secretsmanager:TagResource",
"secretsmanager:UpdateSecret"
],
"Resource": [
"*"
],
"Condition": {
"ForAllValues:StringEquals": {
"secretsmanager:ResourceTag/AirbyteManaged": "true"
}
}
}
]
}
Using an EC2 Instance with abctl
This guide will assume that you are using the Amazon Linux distribution, however any distribution that supports a docker
engine should work with abctl
. The launching and connecting to your EC2 Instance is outside the scope of this guide,
you can find more information on how to launch and connect to EC2 Instances in the Get started with Amazon EC2
documentation from Amazon.
abctl
runs by default on port 8000. You can change the port by passing the --port
flag to the local install
command.
Make sure that the security group that you have configured for the EC2 Instance allows traffic in on the port that you
deploy Airbyte on. See the Control traffic to your AWS resources using security groups
documentation for more information.
- Install the docker engine:
sudo yum install -y docker
- Add the ec2-user (or whatever your distros default user) to the docker group:
sudo usermod -a -G docker ec2-user
- Start and optionally enable (start on boot) the docker engine:
sudo systemctl start docker
sudo systemctl enable docker
- Exit the shell and reconnect to the ec2 instance, an example would look like:
exit
ssh -i ec2-user-key.pem ec2-user@1.2.3.4
- Download the latest version of abctl and install it in your path:
curl -LsfS https://get.airbyte.com | bash -
- Run the
abctl
command and install Airbyte:
abctl local install
Editing the Ingress
By default abctl
will install and Nginx Ingress and set the host name to localhost
. You will need to edit this to
match the host name that you have deployed Airbyte to. To do this you will need to have the kubectl
command installed
on your EC2 Instance and available on your path.
If you do not already have the CLI tool kubectl installed, please follow these instructions to install.
Then you can run kubectl edit ingress -n airbyte-abctl --kubeconfig ~/.airbyte/abctl/abctl.kubeconfig
and edit the host
key under the spec.rules section of the Ingress definition. The host should match the FQDN name that you are trying to
host Airbyte at, for example: airbyte.company.example
.
Using an ALB for Ingress
The recommended method for Cluster Ingress is an AWS ALB. The Ingress section of the documentation shows how to configure the Kubernetes Ingress using the AWS Load Balancer Controller. This assumes that you have already correctly configured your Cluster with the AWS Load Balancer Controller. This configuration is outside the scope of this documentation. You can find more information on how to correctly configure an ALB Ingress Controller by reading the official Route application and HTTP traffic with Application Load Balancers documentation provided by Amazon.
Once the AWS Load Balancer Controller has been correctly installed the Airbyte installation process will be able to automatically create an ALB for you. You can combine the ALB with AWS Certificate Manager (ACM) to secure your instance with TLS. The ACM documentation can be found here: Getting Started with AWS Certificate Manager. To use the ACM certificate, you can specify the certificate-arn when creating the Kubernetes Ingress. For more information see the Kubernetes Ingress Annotations documentation.