Deploying CloudFormation stack on Control Room AWS VPC

The Control Room AWS CloudFormation stack enables you to connect the Control Room AWS with the API Task AWS account. The CloudFormation stack creates IAM resources for the Elastic Kubernetes Service (EKS) cluster available on the API Task AWS VPC.

Create and deploy the AWS CloudFormation stack using the custom CloudFormation template in your Control Room AWS account console. The CloudFormation stack creates necessary IAM resources such as admin role and instance profile for the admin role that you need to connect both the AWS accounts. If required, you can also update the stack parameters as per your organizational requirements. You can deploy this CloudFormation stack on an existing Control Room deployed on AWS.

Prerequisites

Ensure that you meet the following requirements:
  • Control Room CloudFormation template file (<api-task-controlroom-account.yaml>). Download this file from A-People Downloads page (Login required).
    Note: You must change the TargetAccountId parameter in the CloudFormation template to the account ID of the API Task AWS account.
  • A user account in the Control Room AWS account that has assume-role permission to act as an administrator in the API Task AWS account.

Procedure

  1. Log in to the Control Room AWS console with the user account mentioned in the prerequisites.
  2. Go to the CloudFormation console, and click Create stack.
  3. Configure the following parameters in the Create stack page:
    1. Select Choose an existing template in Prerequisite - Prepare template section.
    2. Select Upload a template file, and click Choose file in Specify template section
    3. Select the downloaded CloudFormation template file and click Next.
      The uploaded file automatically generates the S3 URL.
  4. Configure the following parameters in the Specify stack details page.
    1. Enter an appropriate stack name in Stack name.
      The stack name is hardcoded and cannot be renamed later.
    2. Enter the account ID of the API Task AWS account in TargetAccountId.
      This setting enables you to connect the Control Room AWS account to the API Task AWS for VPC peering.
    3. Click Next.
  5. Configure the following parameters in Configure stack options page:
    1. Select Preserve successfully provisioned resources in the Stack failure options section.
      The Preserve successfully provisioned resources option enables you to debug and troubleshoot in case of any deployment failures.
      Note: The Use deletion policy option is the default selection in Delete newly created resources during a rollback.
    2. Select the I acknowledge that AWS CloudFormation might create IAM resources with custom names check box, and click Next .
  6. Review the details of the CloudFormation template, and then click Submit.
    CloudFormation starts to create the stack with the following IAM resources as defined in the template:
    • Admin role
    • Instance profile for the admin role
The Stacks dashboard of the CloudFormation console displays the new stack. You can view the IAM resources you created in the Resources tab. If required, you can use the Update stack option to modify the configured parameters based on your organizational requirements.