The Automation Anywhere Cloud Service on AWS private cloud architecture includes a Control Room and a Automation Anywhere Cloud Service environment, each setup on separate AWS VPCs connected through VPC peering.

Hosting the API Task environment in a separate AWS private cloud enables you to scale this environment easily based on your organizational requirements. This ensures that the latency is minimal when running API Tasks.

The following diagram illustrates Automation Anywhere Cloud Service on AWS private cloud architecture:

Architecture diagram of Automation Anywhere Cloud Service on AWS Virtual Private Cloud

Components

There are four components in Automation Anywhere Cloud Service on AWS private cloud architecture:

  1. Control Room AWS account.
  2. Automation Anywhere Cloud Service AWS account.
  3. VPC peering between both accounts.
  4. Cross account DNS configuration.

Control Room AWS account

The Control Room AWS account hosts the Control Room. Install and set up the Control Room in an EC2 instance in this AWS account. If you already have a Control Room installed on an EC2 instance in your AWS private cloud, you only need to deploy the Control Room CloudFormation stack.

For a new setup, install the Control Room on a EC2 instance in an AWS account. The installer binds the the Control Room to the AWS account and start the Automation Anywhere Cloud Service orchestrator automatically.

Automation Anywhere Cloud Service AWS account

The Automation Anywhere Cloud Service AWS account hosts the Automation Anywhere Cloud Service environment. This AWS account contains all the compute resources required for the running API Tasks.

Use the Automation Anywhere Cloud Service On-prem CloudFormation template and configure the AWS Elastic Kubernetes Service (EKS) cluster. You can scale this EKS cluster based on your workload requirements.

VPC peering between both accounts

After you configure both the AWS accounts, you must establish a VPC peering connection between both AWS VPCs. A VPC peering connection enables you to route the data traffic between both accounts privately using IPv4 addresses configured in their respective routing tables. VPC peering allows you to reduce latency and increase throughput during API Task execution. After you set up VPC peering, update the route tables of both the VPCs to enable data transmission between them.

Cross account DNS configuration

Once the VPC peering connection becomes active, you must configure the DNS for the private IPv4 addresses. This ensures that both accounts can access each other's resources through the configured domain names.