The Automation Anywhere Cloud Service on AWS private cloud architecture includes a Control Room installed on an AWS EC2 instance and CloudFormation stack provisioned resources in the same VPC.

The following diagram illustrates Automation Anywhere Cloud Service on AWS private cloud architecture:

Architecture diagram of AACS on AWS private cloud

Components

The components in Automation Anywhere Cloud Service on AWS private cloud can be broadly defined as follows:

Automation Anywhere Cloud Service domain name
Automation Anywhere Cloud Service domain name is the fully qualified domain name (FQDN) that serves as address to access the installed Control Room. You require a public certificate from AWS Certificate Manager (ACM) to enable the TLS/HTTPS connection between the Control Room and the resources that CloudFormation provisions.
You need to create a public hosted zone to request a certificate from ACM. You require this public hosted zone only to request the certificate. After ACM issues the certificate, you must delete this public hosted zone and create a private hosted zone with the same domain name. The domain name that you enter when creating the hosted zone serves as the FQDN for the Control Room. The DNS records in a private hosted zone do not resolve outside of the VPC you specifically associate with them.
Automation Anywhere Cloud Service AWS CloudFormation stack
The CloudFormation stack provisions the resources required for Automation Anywhere Cloud Service. These resources include IAM policies, load balancers, AWS Elastic Kubernetes Services (EKS) cluster, domain name, security group settings, and internet gateway settings.
Automation Anywhere provides an AWS CloudFormation template that enables you to create a CloudFormation stack in your AWS VPC. The template allows you to configure various parameters and create CloudFormation stack. After the stack installs, a temporary EC2 instance launches to install the required helm charts. This temporary EC2 instance terminates after the helm chart installs successfully. The stack also creates an instance profile that contains relevant IAM permissions for the EC2 instance.
For more information about CloudFormation and required parameters, see CloudFormation stack for Automation Anywhere Cloud Service.
AWS EC2 instance
The AWS EC2 instance hosts the Control Room. You must launch the EC2 instance in the same VPC. The minimum requirements to launch the EC2 is same as installing the on-premises Control Room on AWS. The Control Room installer supports both Windows and Linux platforms. The installer has an option to link the AWS account ID and the region to the Control Room.
The CloudFormation stack creates an instance profile that contains the necessary IAM permissions. This instance profile must be attached to the EC2 instance. After attaching, the Control Room becomes accessible through the domain name that you specify in the CloudFormation stack. For more information, see AWS EC2 instance for Automation Anywhere Cloud Service.
Control Room
The Control Room installer is the on-premises installer that allows you to install and set up the Control Room in your AWS EC2 instance. You must specify your AWS account ID and region during the installation process. This option allows the Control Room to connect to the AWS Elastic Kubernetes Services (EKS) cluster that the CloudFormation stack creates. This option also automatically starts the Automation Anywhere Cloud Service orchestrator service in the EC2 instance when you launch it.
If you already have a Control Room installed on an EC2 instance, you only need to deploy the Control Room CloudFormation stack.

For a new setup, install the Control Room on a EC2 instance in an AWS account. The installer binds the the Control Room to the AWS account and start the Automation Anywhere Cloud Service orchestrator automatically.

After the Control Room installation is complete, you must attach the instance profile that CloudFormation stack creates, to the EC2 instance. After the profile is attached, you can access the Control Room using the domain name that you specify in the CloudFormation stack.