diff --git a/pages/architecture.md b/pages/architecture.md
index c1e80e0da..334234b39 100644
--- a/pages/architecture.md
+++ b/pages/architecture.md
@@ -19,7 +19,7 @@ permalink: /architecture/
## End-to-end architecture
-
+
## CICD in tooling account
@@ -75,7 +75,7 @@ from the AWS logic and processing. To achieve this decoupling, the web applicati
data.all infrastructure runs **90% on serverless** services in a private VPC,
the remaining 10% is for the OpenSearch cluster. Since data.all release v1.5.0 you have the ability to deploy an OpenSearch Serverless cluster instead by specifying the `enable_opensearch_serverless` parameter of the configuration cdk.json file. Check the [Deploy to AWS](./deploy-aws/) section.
-
+
## Frontend Components
@@ -161,7 +161,7 @@ and vulnerabilities scanning.
## Backend Components
-
+
### Backend VPC
diff --git a/pages/deploy/deploy_aws.md b/pages/deploy/deploy_aws.md
index 70938dbb9..30d9267f5 100644
--- a/pages/deploy/deploy_aws.md
+++ b/pages/deploy/deploy_aws.md
@@ -29,9 +29,14 @@ In addition, you will need at least two AWS accounts. For each of these accounts
ready to use on your terminal. Do not proceed if you are not administrator in the tooling
account, and in the deployment account(s).
-- Tooling account: hosts the code repository, and the CI/CD pipeline.
-- Deployment account(s): hosts data.all's backend, and frontend AWS infrastructure. You can deploy
-data.all to multiple environments on the same or multiple AWS accounts (e.g dev, test, qa, prod).
+- **Tooling account**: hosts the code repository, and the CI/CD pipeline. We can use any region to deploy the CI/CD resources
+if the underlying AWS services (CodeCommit, CodeBuild...) are available in the selected region. In addition, you will need
+access to a second region. The reason is that we use [CDK Pipelines](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.pipelines-readme.html),
+an opinionated CDK construct that deploys a cross-region replication support stack. For all regions except `us-east-1` the replication region is `us-east-1`.
+- **Deployment account(s)**: hosts data.all's backend and frontend AWS infrastructure. You can deploy
+data.all to multiple environments on the same or multiple AWS accounts (e.g dev, test, qa, prod). If deployment is configured
+with `internet_facing` set to true, `us-east-1` is required for the deployment of some frontend components.
+Backend resources can be hosted in any region given that the AWS services used are available.
**Note**: If you are not deploying data.all in production mode, you could use the same AWS account as the Tooling
and the Deployment account.
@@ -100,7 +105,8 @@ Your region (can be any supported region)
```bash
cdk bootstrap --trust --trust-for-lookup -c @aws-cdk/core:newStyleStackSynthesis=true --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws:///
```
-North Virginia region (needed for Cloudfront integration with ACM on us-east-1)
+
+If you plan to configure the deployment with internet-facing frontend, you also need to bootstrap the North Virginia region (needed for Cloudfront integration with ACM on us-east-1)
```bash
cdk bootstrap --trust --trust-for-lookup -c @aws-cdk/core:newStyleStackSynthesis=true --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess aws:///us-east-1
```
@@ -136,8 +142,9 @@ of our repository. Open it, you should be seen something like:
"internet_facing": "boolean_CLOUDFRONT_IF_TRUE_ELSE_ECS_BEHIND_INTERNAL_ALB|DEFAULT=true",
"custom_domain": {
"hosted_zone_name": "string_ROUTE_53_EXISTING_DOMAIN_NAME|DEFAULT=None, REQUIRED if internet_facing=false",
- "hosted_zone_id": "string_ROUTE_53_EXISTING_HOSTED_ZONE_ID|DEFAULT=None, REQUIRED if internet_facing=false",
- "certificate_arn": "string_AWS_CERTIFICATE_MANAGER_EXISTING_CERTIFICATE_ARN|DEFAULT=None, REQUIRED if internet_facing=false"
+ "hosted_zone_id": "string_ROUTE_53_EXISTING_HOSTED_ZONE_ID|DEFAULT=None",
+ "certificate_arn": "string_AWS_CERTIFICATE_MANAGER_EXISTING_CERTIFICATE_ARN|DEFAULT=None, REQUIRED if internet_facing=false",
+ "email_notification_sender_email_id":"string_EMAIL_NOTIFICATION_SENDER_EMAIL_ID|DEFAULT=noreply"
},
"ip_ranges": "list_of_strings_IP_RANGES_TO_ALLOW_IF_NOT_INTERNET_FACING|DEFAULT=None",
"apig_vpce": "string_USE_AN_EXISTING_VPCE_FOR_APIG_IF_NOT_INTERNET_FACING|DEFAULT=None",
@@ -147,8 +154,13 @@ of our repository. Open it, you should be seen something like:
"enable_quicksight_monitoring": "boolean_ENABLE_CONNECTION_QUICKSIGHT_RDS|DEFAULT=false",
"shared_dashboards_sessions": "string_TYPE_SESSION_SHARED_DASHBOARDS|(reader, anonymous) DEFAULT=anonymous",
"enable_pivot_role_auto_create": "boolean_ENABLE_PIVOT_ROLE_AUTO_CREATE_IN_ENVIRONMENT|DEFAULT=false",
- "enable_update_dataall_stacks_in_cicd_pipeline": "boolean_ENABLE_UPDATE_DATAALL_STACKS_IN_CICD_PIPELINE|DEFAULT=false"
- "enable_opensearch_serverless": "boolean_USE_OPENSEARCH_SERVERLESS|DEFAULT=false"
+ "enable_update_dataall_stacks_in_cicd_pipeline": "boolean_ENABLE_UPDATE_DATAALL_STACKS_IN_CICD_PIPELINE|DEFAULT=false",
+ "enable_opensearch_serverless": "boolean_USE_OPENSEARCH_SERVERLESS|DEFAULT=false",
+ "cognito_user_session_timeout_inmins": "integer_COGNITO_USER_SESSION_TIMEOUT_INMINS|DEFAULT=43200",
+ "reauth_config": {
+ "reauth_apis": "list_of_strings_OPERATION_NAMES_TO_REQUIRE_REAUTH_ON|DEFAULT=None",
+ "ttl": "int_TIME_IN_MINUTES_TO_ALLOW_USER_TO_PERFORM_SENSITIVE_APIS_BEFORE_FORCING_REAUTH|DEFAULT=5"
+ }
}
]
}
@@ -159,36 +171,38 @@ have listed and defined all the parameters of the cdk.json file. If you still ha
and find 2 examples of cdk.json files.
-| **General Parameters** | **Optional/Required** | **Definition** |
-|-----------------------------------------------|-----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| tooling_vpc_id | Optional | The VPC ID for the tooling account. If not provided, **a new VPC** will be created. |
-| tooling_region | Optional | The AWS region for the tooling account where the AWS CodePipeline pipeline will be created. (default: eu-west-1) |
-| tooling_vpc_restricted_nacl | Optional | If set to **true**, VPC NACLs added to restrict network traffic on the subnets of the data.all provisioned tooling VPC (default: false)
-| git_branch | Optional | The git branch name can be leveraged to deploy multiple AWS CodePipeline pipelines to the same tooling account. (default: main) |
-| git_release | Optional | If set to **true**, CI/CD pipeline RELEASE stage is enabled. This stage releases a version out of the current branch. (default: false) |
-| quality_gate | Optional | If set to **true**, CI/CD pipeline quality gate stage is enabled. (default: true) |
-| resource_prefix | Optional | The prefix used for AWS created resources. It must be in lower case without any special character. (default: dataall) |
-| **Deployment environments Parameters** | **Optional/Required** | **Definition** |
-| ---------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| envname | REQUIRED | The name of the deployment environment (e.g dev, qa, prod,...). It must be in lower case without any special character. |
-| account | REQUIRED | The AWS deployment account (deployment account N) |
-| region | REQUIRED | The AWS deployment region |
-| with_approval | Optional | If set to **true** an additional step on AWS CodePipeline to require user approval before proceeding with the deployment. (default: false) |
-| vpc_id | Optional | The VPC ID for the deployment account. If not provided, **a new VPC** will be created. |
-| vpc_endpoints_sg | Optional | The VPC endpoints security groups to be use by AWS services to connect to VPC endpoints. If not assigned, NAT outbound rule is used. |
-| vpc_restricted_nacl | Optional | If set to **true**, VPC NACLs added to restrict network traffic on the subnets of the data.all provisioned deployment VPC (default: false)
-| internet_facing | Optional | If set to **true** CloudFront is used for hosting data.all UI and Docs and APIs are public. If false, ECS is used to host static sites and APIs are private. (default: true) |
-| custom_domain | Optional* | Custom domain configuration: hosted_zone_name, hosted_zone_id, and certificate_arn. If internet_facing parameter is **false** then custom_domain is REQUIRED for ECS ALB integration with ACM and HTTPS. It is optional when internet_facing is true. |
-| ip_ranges | Optional | Used only when internet_facing parameter is **false** to allow API Gateway resource policy to allow these IP ranges in addition to the VPC's CIDR block. |
-| apig_vpce | Optional | Used only when internet_facing parameter is **false**. If provided, it will be used for API Gateway otherwise a new VPCE will be created. |
-| prod_sizing | Optional | If set to **true**, infrastructure sizing is adapted to prod environments. Check additional resources section for more details. (default: true) |
-| enable_cw_rum | Optional | If set to **true** CloudWatch RUM monitor is created to monitor the user interface (default: false) |
-| enable_cw_canaries | Optional | If set to **true**, CloudWatch Synthetics Canaries are created to monitor the GUI workflow of principle features (default: false) |
-| enable_quicksight_monitoring | Optional | If set to **true**, RDS security groups and VPC NACL rules are modified to allow connection of the RDS metadata database with Quicksight in the infrastructure account (default: false) |
-| shared_dashboard_sessions | Optional | Either 'anonymous' or 'reader'. It indicates the type of Quicksight session used for Shared Dashboards (default: 'anonymous') |
-| enable_pivot_role_auto_create | Optional | If set to **true**, data.all creates the pivot IAM role as part of the environment stack. If false, a CloudFormation template is provided in the UI and AWS account admins need to deploy this stack as pre-requisite to link a data.all environment (default: false) |
-| enable_update_dataall_stacks_in_cicd_pipeline | Optional | If set to **true**, CI/CD pipeline update stacks stage is enabled for the deployment environment. This stage triggers the update of all environment and dataset stacks (default: false) | |
-| enable_opensearch_serverless | Optional | If set to **true** Amazon OpenSearch Serverless collection is created and used instead of Amazon OpenSearch Service domain (default: false) |
+| **General Parameters** | **Optional/Required** | **Definition** |
+|-----------------------------------------------|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| tooling_vpc_id | Optional | The VPC ID for the tooling account. If not provided, **a new VPC** will be created. |
+| tooling_region | Optional | The AWS region for the tooling account where the AWS CodePipeline pipeline will be created. (default: eu-west-1) |
+| tooling_vpc_restricted_nacl | Optional | If set to **true**, VPC NACLs added to restrict network traffic on the subnets of the data.all provisioned tooling VPC (default: false) |
+| git_branch | Optional | The git branch name can be leveraged to deploy multiple AWS CodePipeline pipelines to the same tooling account. (default: main) |
+| git_release | Optional | If set to **true**, CI/CD pipeline RELEASE stage is enabled. This stage releases a version out of the current branch. (default: false) |
+| quality_gate | Optional | If set to **true**, CI/CD pipeline quality gate stage is enabled. (default: true) |
+| resource_prefix | Optional | The prefix used for AWS created resources. It must be in lower case without any special character. (default: dataall) |
+| **Deployment environments Parameters** | **Optional/Required** | **Definition** |
+| ---------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| envname | REQUIRED | The name of the deployment environment (e.g dev, qa, prod,...). It must be in lower case without any special character. |
+| account | REQUIRED | The AWS deployment account (deployment account N) |
+| region | REQUIRED | The AWS deployment region |
+| with_approval | Optional | If set to **true** an additional step on AWS CodePipeline to require user approval before proceeding with the deployment. (default: false) |
+| vpc_id | Optional | The VPC ID for the deployment account. If not provided, **a new VPC** will be created. |
+| vpc_endpoints_sg | Optional | The VPC endpoints security groups to be use by AWS services to connect to VPC endpoints. If not assigned, NAT outbound rule is used. |
+| vpc_restricted_nacl | Optional | If set to **true**, VPC NACLs added to restrict network traffic on the subnets of the data.all provisioned deployment VPC (default: false) |
+| internet_facing | Optional | If set to **true** CloudFront is used for hosting data.all UI and Docs and APIs are public. If false, ECS is used to host static sites and APIs are private. (default: true) |
+| custom_domain | Optional* | Custom domain configuration: `hosted_zone_name`, `hosted_zone_id`, `certificate_arn`, and `email_notification_sender_email_id`. If internet_facing parameter is **false** or `share_notifications.email` is active in `config.json` then custom_domain is REQUIRED for ECS ALB integration with ACM and HTTPS. It is optional when internet_facing is true. |
+| ip_ranges | Optional | Used only when internet_facing parameter is **false** to allow API Gateway resource policy to allow these IP ranges in addition to the VPC's CIDR block. |
+| apig_vpce | Optional | Used only when internet_facing parameter is **false**. If provided, it will be used for API Gateway otherwise a new VPCE will be created. |
+| prod_sizing | Optional | If set to **true**, infrastructure sizing is adapted to prod environments. Check additional resources section for more details. (default: true) |
+| enable_cw_rum | Optional | If set to **true** CloudWatch RUM monitor is created to monitor the user interface (default: false) |
+| enable_cw_canaries | Optional | If set to **true**, CloudWatch Synthetics Canaries are created to monitor the GUI workflow of principle features (default: false) |
+| enable_quicksight_monitoring | Optional | If set to **true**, RDS security groups and VPC NACL rules are modified to allow connection of the RDS metadata database with Quicksight in the infrastructure account (default: false) |
+| shared_dashboard_sessions | Optional | Either 'anonymous' or 'reader'. It indicates the type of Quicksight session used for Shared Dashboards (default: 'anonymous') |
+| enable_pivot_role_auto_create | Optional | If set to **true**, data.all creates the pivot IAM role as part of the environment stack. If false, a CloudFormation template is provided in the UI and AWS account admins need to deploy this stack as pre-requisite to link a data.all environment (default: false) |
+| enable_update_dataall_stacks_in_cicd_pipeline | Optional | If set to **true**, CI/CD pipeline update stacks stage is enabled for the deployment environment. This stage triggers the update of all environment and dataset stacks (default: false) |
+| enable_opensearch_serverless | Optional | If set to **true** Amazon OpenSearch Serverless collection is created and used instead of Amazon OpenSearch Service domain (default: false) |
+| cognito_user_session_timeout_inmins | Optional | The number of minutes to set the refresh token validity time for user session's in Cognito before a user must re-login to the data.all UI (default: 43200 - i.e. 30 days) |
+| reauth_config | Optional | A dictionary containing a list of API operations that require a user to re-authenticate before proceedind (`reauth_apis`) and a time to live (`ttl`) for how long a user's re-auth session is valid to perform re-auth APIs before having to re-authenticate again |
**Example 1**: Basic deployment: this is an example of a minimum configured cdk.json file.
@@ -260,7 +274,13 @@ deploy to 2 deployments accounts.
"ip_ranges": ["IP_RANGE1", "IP_RANGE2"],
"apig_vpce": "vpc-xxxxxxxxxxxxxx",
"enable_pivot_role_auto_create": true,
- "enable_update_dataall_stacks_in_cicd_pipeline": true
+ "enable_update_dataall_stacks_in_cicd_pipeline": true,
+ "enable_opensearch_serverless": true,
+ "cognito_user_session_timeout_inmins": 240,
+ "reauth_config": {
+ "reauth_apis": ["CreateDataset", "ImportDataset", "deleteDataset"],
+ "ttl": 10
+ }
}
]
}
@@ -280,8 +300,18 @@ the different configuration options.
"features": {
"file_uploads": false,
"file_actions": true,
- "aws_actions": true
- }
+ "aws_actions": true,
+ "preview_data": true,
+ "glue_crawler": true,
+ "share_notifications": {
+ "email": {
+ "active": false,
+ "parameters": {
+ "group_notifications": true
+ }
+ }
+ },
+ },
},
"mlstudio": {
"active": true
@@ -325,13 +355,14 @@ check the [UserGuide](https://github.com/awslabs/aws-dataall/blob/main/UserGuide
| feed | None | S3 Bucket and Glue database construct to store data in data.all |
| vote | catalog | S3 Bucket and Glue database construct to store data in data.all |
| datasets | datasets_base, dataset_sharing, catalog, vote, feed | S3 Bucket and Glue database construct to store data in data.all |
-| dataset_sharing | datasets_base | Sub-module that allows sharing of Datasets through Lake Formation and S3 |
+| dataset_sharing | datasets_base, notifications | Sub-module that allows sharing of Datasets through Lake Formation and S3 |
| datasets_base | None | Shared code related to Datasets. |
-| worksheets | None | Athena query editor integrated in data.all UI |
+| worksheets | datasets | Athena query editor integrated in data.all UI |
| datapipelines | feed | CICD pipelines that deploy [AWS DDK](https://awslabs.github.io/aws-ddk/) applications |
| mlstudio | None | SageMaker Studio users that can open a session directly from data.all UI |
| notebooks | None | SageMaker Notebooks created and accessible from data.all UI |
| dashboards | catalog, vote, feed | Start a Quicksight session or import and share a Quicksight Dashboard. |
+| notifications | None | Construct to notify users on dataset sharing updates in data.all |
### Disable module features
@@ -345,15 +376,28 @@ In the example config.json, the feature that enables file upload from data.all U
"features": {
"file_uploads": false,
"file_actions": true,
- "aws_actions": true
+ "aws_actions": true,
+ "preview_data": true,
+ "glue_crawler": true,
+ "share_notifications": {
+ "email": {
+ "active": false,
+ "parameters": {
+ "group_notifications": true
+ }
+ }
+ },
}
},
```
-| **Feature** | **Module** | **Description** |
-|---------------|------------|--------------------------------------|
-| file_uploads | datasets | Upload files in a Dataset in the Upload tab |
-| file_actions | datasets | Create, Read, Update, Delete on Dataset Folders |
-| aws_actions | datasets | Get AWS Credentials and assume Dataset IAM role from data.all's UI |
+| **Feature** | **Module** | **Description** |
+|-------------------|------------|----------------------------------------------------------------------------------------------------|
+| file_uploads | datasets | Upload files in a Dataset in the Upload tab |
+| file_actions | datasets | Create, Read, Update, Delete on Dataset Folders |
+| aws_actions | datasets | Get AWS Credentials and assume Dataset IAM role from data.all's UI |
+| preview_data | datasets | Enable previews of dataset tables for users in data.all UI |
+| glue_crawler | datasets | Allow running Glue Crawler to catalog new data for data.all datasets directly from the UI |
+| share_notifications | datasets | Allow additional notifications (on top of data.all's built in UI notifications) to be sent to data.all users when a dataset sharing operation occurs (currently only type `email` notifications is supported and requires `custom_domain` hosted zone parameters be specified in `cdk.json`) |
### Disable core features
In some cases, customers need to disable features that belong to the core functionalities of data.all. One way to restrict
@@ -369,9 +413,9 @@ a particular feature in the core is to add it to the core section of the `config
This is the list of core features that can be switched on/off at the moment. Take it as an example if you need to
disable any other core feature.
-| **Feature** | **Module** | **Description** |
-|---------------|------------|--------------------------------------|
-| env_aws_actions | environments | Get AWS Credentials and assume Environment Group IAM roles from data.all's UI |
+| **Feature** | **Module** | **Description** |
+|-----------------------|----------------|----------------------------------------------------------------------------------|
+| env_aws_actions | environments | Get AWS Credentials and assume Environment Group IAM roles from data.all's UI |
@@ -390,7 +434,9 @@ cdk synth
```bash
cdk synth
```
-Here is an example of a generated cdk.context.json file:
+Here is an example of a generated cdk.context.json file. Data.all requires one subnet per
+Availability Zone. In case more than one subnet per availability zone is returned in the cdk.context.json file, remove
+the subnets that won't be used in the deployment.
````json
{
"vpc-provider:account=XXX:filter.vpc-id=vpc-XXX:region=eu-west-1:returnAsymmetricSubnets=true": {
@@ -474,6 +520,24 @@ diagram.
With this pipeline we can now deploy the infrastructure to the deployment account(s). Navigate to AWS CodePipeline
in the tooling account and check the status of your pipeline.
+## 12. Setting SES for Email Notifications
+
+Please follow instructions from below only if you have enabled email notifications on share workflow by switching the email.active config ( from `config.json` file ) to `true` in the `share_notifications` feature under `datasets` module.
+
+### Moving AWS SES out of Sandbox
+If you have specified `custom_domain` in `cdk.json` and set `modules.datasets.features.share_notifications.email.active` to `active` in `config.json`, after the deployment you should see a SES identity which is formed in your AWS Account.
+You can check it by going to the AWS Console -> AWS SES -> Identities. At this time you have successfully deployed infrastructure to
+send email notifications via SES, but your AWS account is in the Sandbox mode. When in Sandbox mode, you will have to verify each
+recipient email id manually. In order to get your SES account out of Sandbox, please follow the instructions in Moving out of Sandbox .
+Once your AWS SES account is out of sandbox you can send email to any recipient email id without any prior verification.
+
+### Monitoring for Email Bounces
+When SES Stack is deployed during the pipeline stage, it will setup a configuration set
+which will send any email bounces, delivery failures, rejects & complaints to an SNS topic. In this step, you can add subscriptions to this SNS topic to monitor email delivery problems
+In order to do that go to AWS Console -> SNS -> Select the SNS topic which would look like `{resource_prefix}-{envname}-SNS-Email-Bounce-Topic` ( where resource_prefix and envname are specified in the cdk.json ) -> Create Subscription. You can attach multiple subscriptions to
+this SNS topic and monitor and take actions in case of any delivery failure.
+
+
## Additional resources - FAQs
### How does the `prod_sizing` field in `cdk.json` affect the architecture ?
@@ -485,13 +549,13 @@ When setting the value to `false`, backend resources become smaller but you save
These are the resources affected:
| Backend Service |prod_sizing| Configuration
-|----|----|----|
-|Aurora |true| - Deletion protection enabled
- Backup retention of 30 days
- Paused after 1 day of inactivity
- Max capacity unit of 16 ACU
- Min capacity unit of 4 ACU |
-|Aurora |false| - Deletion protection disabled
- No backup retention
- Paused after 10 mintes of inactivity
- Max capacity unit of 8 ACU
- Min capacity unit of 2 ACU |
-|OpenSearch |true| - The KMS key of the OpenSearch cluster is kept when the CloudFormation stack is deleted
- Cluster configured with 3 master node and 2 data nodes
- Each data node has an EBS volume of 30GiB attached to it |
-|OpenSearch |false| - The KMS key of the OpenSearch cluster gets deleted when the CloudFormation stack is deleted
- Cluster configured with 0 master node and 2 data nodes
- Each data node has an EBS volume of 20GiB attached to it |
-|Lambda function |true| - Lambda functions are configured with more memory|
-|Lambda function |false| - Lambda functions are configured with less memory|
+|-----------------|-----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|Aurora |true | - Deletion protection enabled
- Backup retention of 30 days
- Paused after 1 day of inactivity
- Max capacity unit of 16 ACU
- Min capacity unit of 4 ACU |
+|Aurora |false | - Deletion protection disabled
- No backup retention
- Paused after 10 mintes of inactivity
- Max capacity unit of 8 ACU
- Min capacity unit of 2 ACU |
+|OpenSearch |true | - The KMS key of the OpenSearch cluster is kept when the CloudFormation stack is deleted
- Cluster configured with 3 master node and 2 data nodes
- Each data node has an EBS volume of 30GiB attached to it |
+|OpenSearch |false | - The KMS key of the OpenSearch cluster gets deleted when the CloudFormation stack is deleted
- Cluster configured with 0 master node and 2 data nodes
- Each data node has an EBS volume of 20GiB attached to it |
+|Lambda function |true | - Lambda functions are configured with more memory |
+|Lambda function |false | - Lambda functions are configured with less memory |
### I used the wrong accounts or made another mistake in the deployment. How do I un-deploy data.all?
In the above steps we are only deploying data.all tooling resources. Hence, if the CI/CD CodePipeline pipeline has not
diff --git a/pages/deploy/deploy_locally.md b/pages/deploy/deploy_locally.md
index fde63cabb..6132bd816 100644
--- a/pages/deploy/deploy_locally.md
+++ b/pages/deploy/deploy_locally.md
@@ -80,9 +80,6 @@ aws ssm put-parameter \
--type String \
```
-After that, you can go ahead and use the CloudFormation YAML template for the pivotRole and introduce the parameters (externalId and pivotRoleName)
-that you can copy from the UI.
-
## 4. Linking environments
diff --git a/pages/img/architecture_backend.drawio.png b/pages/img/architecture_backend.drawio.png
deleted file mode 100644
index 71f623500..000000000
Binary files a/pages/img/architecture_backend.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_backend_2023new.drawio.png b/pages/img/architecture_backend_2023new.drawio.png
new file mode 100644
index 000000000..418bf6cd7
Binary files /dev/null and b/pages/img/architecture_backend_2023new.drawio.png differ
diff --git a/pages/img/architecture_backend_nobackground.drawio.png b/pages/img/architecture_backend_nobackground.drawio.png
deleted file mode 100644
index 31bc45ee5..000000000
Binary files a/pages/img/architecture_backend_nobackground.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_complete.drawio.png b/pages/img/architecture_complete.drawio.png
deleted file mode 100644
index e0b04eb14..000000000
Binary files a/pages/img/architecture_complete.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_complete_2023new.drawio.png b/pages/img/architecture_complete_2023new.drawio.png
new file mode 100644
index 000000000..73f5536d1
Binary files /dev/null and b/pages/img/architecture_complete_2023new.drawio.png differ
diff --git a/pages/img/architecture_complete_nobackground.drawio.png b/pages/img/architecture_complete_nobackground.drawio.png
deleted file mode 100644
index 10a748cfe..000000000
Binary files a/pages/img/architecture_complete_nobackground.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_frontend_internet_nobackground.drawio.png b/pages/img/architecture_frontend_internet_nobackground.drawio.png
deleted file mode 100644
index 93e5be53f..000000000
Binary files a/pages/img/architecture_frontend_internet_nobackground.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_frontend_vpc_nobackground.drawio.png b/pages/img/architecture_frontend_vpc_nobackground.drawio.png
deleted file mode 100644
index bc2d47780..000000000
Binary files a/pages/img/architecture_frontend_vpc_nobackground.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_infrastructure.drawio.png b/pages/img/architecture_infrastructure.drawio.png
deleted file mode 100644
index 1593c9362..000000000
Binary files a/pages/img/architecture_infrastructure.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_infrastructure_2023new.drawio.png b/pages/img/architecture_infrastructure_2023new.drawio.png
new file mode 100644
index 000000000..f0124d3e2
Binary files /dev/null and b/pages/img/architecture_infrastructure_2023new.drawio.png differ
diff --git a/pages/img/architecture_sharing_nobackground.drawio.png b/pages/img/architecture_sharing_nobackground.drawio.png
deleted file mode 100644
index 459beaf00..000000000
Binary files a/pages/img/architecture_sharing_nobackground.drawio.png and /dev/null differ
diff --git a/pages/img/architecture_tooling_nobackground.drawio.png b/pages/img/architecture_tooling_nobackground.drawio.png
deleted file mode 100644
index 5120e74a2..000000000
Binary files a/pages/img/architecture_tooling_nobackground.drawio.png and /dev/null differ