AWS Deployment

Deploy Optimal Platform on Amazon Web Services using EKS (Elastic Kubernetes Service).

Architecture Overview

┌─────────────────────────────────────────────────────────────────────────────┐
│                              AWS Cloud                                       │
│  ┌─────────────────────────────────────────────────────────────────────┐   │
│  │                           VPC (10.0.0.0/16)                          │   │
│  │  ┌───────────────────┐  ┌───────────────────┐  ┌─────────────────┐  │   │
│  │  │   Public Subnet   │  │   Public Subnet   │  │  Public Subnet  │  │   │
│  │  │    (us-east-1a)   │  │    (us-east-1b)   │  │   (us-east-1c)  │  │   │
│  │  │   ┌───────────┐   │  │   ┌───────────┐   │  │  ┌───────────┐  │  │   │
│  │  │   │    NAT    │   │  │   │    NAT    │   │  │  │    NAT    │  │  │   │
│  │  │   │  Gateway  │   │  │   │  Gateway  │   │  │  │  Gateway  │  │  │   │
│  │  │   └───────────┘   │  │   └───────────┘   │  │  └───────────┘  │  │   │
│  │  └───────────────────┘  └───────────────────┘  └─────────────────┘  │   │
│  │                                                                      │   │
│  │  ┌───────────────────┐  ┌───────────────────┐  ┌─────────────────┐  │   │
│  │  │  Private Subnet   │  │  Private Subnet   │  │ Private Subnet  │  │   │
│  │  │    (us-east-1a)   │  │    (us-east-1b)   │  │  (us-east-1c)   │  │   │
│  │  │  ┌─────────────┐  │  │  ┌─────────────┐  │  │ ┌─────────────┐ │  │   │
│  │  │  │  EKS Node   │  │  │  │  EKS Node   │  │  │ │  EKS Node   │ │  │   │
│  │  │  │   Group     │  │  │  │   Group     │  │  │ │   Group     │ │  │   │
│  │  │  └─────────────┘  │  │  └─────────────┘  │  │ └─────────────┘ │  │   │
│  │  └───────────────────┘  └───────────────────┘  └─────────────────┘  │   │
│  │                                                                      │   │
│  │  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐  ┌────────────┐  │   │
│  │  │    RDS      │  │    EFS      │  │    ECR      │  │    S3      │  │   │
│  │  │ PostgreSQL  │  │  Storage    │  │  Registry   │  │  Backups   │  │   │
│  │  └─────────────┘  └─────────────┘  └─────────────┘  └────────────┘  │   │
│  └─────────────────────────────────────────────────────────────────────┘   │
│                                                                             │
│  ┌────────────────┐  ┌────────────────┐  ┌────────────────┐                │
│  │  Route 53      │  │    ACM         │  │    WAF         │                │
│  │  DNS           │  │  Certificates  │  │  Firewall      │                │
│  └────────────────┘  └────────────────┘  └────────────────┘                │
└─────────────────────────────────────────────────────────────────────────────┘

Prerequisites

Requirement	Description
AWS Account	With appropriate IAM permissions
AWS CLI	v2.0+ installed and configured
Terraform	v1.6+
kubectl	v1.28+
Helm	v3.13+

Required IAM Permissions

Your IAM user/role needs permissions for:

• EKS (create/manage clusters)
• EC2 (VPC, subnets, security groups)
• RDS (PostgreSQL)
• S3 (state storage, backups)
• ECR (container registry)
• Route 53 (optional, for DNS)
• ACM (SSL certificates)

Step 1: Configure AWS CLI

# Configure credentials
aws configure

# Or use SSO
aws sso login --profile your-profile
export AWS_PROFILE=your-profile

# Verify access
aws sts get-caller-identity

Step 2: Prepare Terraform Variables

cd infra/terraform/aws

# Copy example configuration
cp terraform.tfvars.example terraform.tfvars

Edit terraform.tfvars:

# Required
aws_region  = "us-east-1"
environment = "production"

# Cluster Configuration
cluster_name           = "optimal-platform"
kubernetes_version     = "1.29"
node_instance_types    = ["m5.xlarge"]
node_min_size          = 3
node_max_size          = 10
node_desired_size      = 3

# Networking
vpc_cidr              = "10.0.0.0/16"
availability_zones    = ["us-east-1a", "us-east-1b", "us-east-1c"]

# Database
db_instance_class     = "db.r6g.large"
db_allocated_storage  = 100
db_multi_az           = true

# Domain (optional)
domain_name           = "platform.yourdomain.com"
create_dns_records    = true

# Tags
tags = {
  Project     = "optimal-platform"
  ManagedBy   = "terraform"
  Environment = "production"
}

Step 3: Deploy Infrastructure

# Initialize Terraform
terraform init

# Review the plan
terraform plan -out=tfplan

# Apply (takes 15-20 minutes)
terraform apply tfplan

What Gets Created

Resource	Description
VPC	Isolated network with public/private subnets
EKS Cluster	Managed Kubernetes control plane
Node Groups	EC2 instances for workloads
RDS PostgreSQL	Managed database (Multi-AZ optional)
EFS	Persistent storage for pods
ECR	Private container registry
ALB	Application Load Balancer
S3 Buckets	For Velero backups and artifacts

Step 4: Configure kubectl

# Update kubeconfig
aws eks update-kubeconfig \
  --region us-east-1 \
  --name optimal-platform

# Verify connection
kubectl get nodes

Step 5: Deploy Platform

# Return to repository root
cd ../../..

# Add Helm repositories
make helm-deps

# Deploy with production values
helm upgrade --install optimal-platform k8s/helm-charts/optimal-platform \
  --namespace optimal-system \
  --create-namespace \
  -f k8s/helm-charts/optimal-platform/values-production.yaml \
  --set global.cloud.provider=aws \
  --set global.cloud.region=us-east-1

Configure AWS-Specific Settings

# Additional Helm values for AWS
global:
  cloud:
    provider: aws
    region: us-east-1

ingress:
  annotations:
    kubernetes.io/ingress.class: alb
    alb.ingress.kubernetes.io/scheme: internet-facing
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:...

postgresql:
  enabled: false  # Using RDS
  external:
    host: optimal-db.xxx.us-east-1.rds.amazonaws.com
    port: 5432
    database: optimal_platform

velero:
  configuration:
    provider: aws
    backupStorageLocation:
      bucket: optimal-backups-xxx
      config:
        region: us-east-1

Step 6: Verify Deployment

# Check all pods
kubectl get pods -n optimal-system

# Get load balancer URL
kubectl get ingress -n optimal-system

# Or via Terraform output
cd infra/terraform/aws
terraform output platform_url

Step 7: Configure DNS (Optional)

If using Route 53:

# Get ALB hostname
ALB_HOST=$(kubectl get ingress optimal-platform-ingress -n optimal-system \
  -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')

echo "Point your domain to: $ALB_HOST"

Production Checklist

• Enable RDS Multi-AZ for high availability
• Configure backup retention policies
• Set up CloudWatch alarms
• Enable VPC Flow Logs
• Configure WAF rules
• Set up AWS Secrets Manager integration
• Enable EKS audit logging
• Configure pod security policies

Cost Optimization

Resource	Cost Reduction Strategy
EKS	Use Spot instances for non-critical workloads
RDS	Right-size based on actual usage
NAT Gateway	Consider NAT instances for dev/staging
S3	Enable lifecycle policies
EC2	Use Savings Plans or Reserved Instances

Cleanup

# Remove platform
helm uninstall optimal-platform -n optimal-system

# Destroy infrastructure
cd infra/terraform/aws
terraform destroy

Troubleshooting

EKS nodes not joining

# Check node group status
aws eks describe-nodegroup \
  --cluster-name optimal-platform \
  --nodegroup-name optimal-nodes

ALB not provisioning

# Check ALB ingress controller logs
kubectl logs -n kube-system -l app.kubernetes.io/name=aws-load-balancer-controller

RDS connection issues

# Verify security group allows traffic from EKS
aws ec2 describe-security-groups --group-ids sg-xxx

Next Steps

• Security Configuration
• Kyverno Policies
• Airgap Deployment