Prisme.ai can be effectively deployed on AWS, leveraging managed services to ensure scalability, high availability, and operational simplicity. This guide provides step-by-step instructions and best practices to deploy Prisme.ai on AWS infrastructure.


Prerequisites

Before you begin deploying Prisme.ai on AWS, ensure you have the following:

  • AWS Account with sufficient permissions to create and manage cloud resources.
  • AWS CLI installed and configured on your local machine.
  • Basic familiarity with Kubernetes and AWS services (EKS, RDS, S3, Elasticache).

AWS Resources Setup

Deploy Prisme.ai using the following recommended AWS-managed resources:


Step-by-Step Deployment Guide

1

Set up EKS Cluster

Set up a Kubernetes cluster using the EKS CLI or AWS Management Console:

eksctl create cluster --name=prisme-ai --region=eu-west-1
2

Deploy Managed Databases

Provision databases and storage:

  • RDS (DocumentDB or self-managed MongoDB)
  • OpenSearch Cluster
  • Redis via ElastiCache
  • S3 buckets and EFS volumes
3

Configure DNS and Networking

Configure your Route 53 domains for the following:

  • API: api.yourdomain.com
  • Console: studio.yourdomain.com
  • Pages: *.pages.yourdomain.com
4

Deploy Prisme.ai via Helm

Use Helm to deploy Prisme.ai into your Kubernetes cluster:

helm repo add prismeai https://helm.prisme.ai/charts
helm install prisme-core prismeai/prismeai-core --namespace prisme -f values.yaml

Ensure your values.yaml is correctly updated with your AWS resources’ endpoints and credentials.

5

Configure Ingress and TLS

Use AWS Load Balancer Controller and ACM for SSL/TLS certificates to secure your deployment and route external traffic:

kubectl apply -f ingress.yaml
6

Test and Validate

Perform initial health checks:

kubectl get pods -n prisme
kubectl logs <pod-name> -n prisme

Security Best Practices

IAM Role Management

  • Use IAM roles for service accounts (IRSA) for secure, fine-grained Kubernetes-to-AWS permissions.
  • Regularly audit roles and permissions.

Network Isolation

  • Deploy within private subnets and secure via VPC and security groups.
  • Use NAT gateways for controlled internet access from private networks.

Secrets Management

  • Leverage AWS Secrets Manager or HashiCorp Vault for managing sensitive configuration.
  • Regular rotation of database passwords and API keys.

Monitoring and Auditing

  • Enable AWS CloudTrail, Amazon CloudWatch, and Prometheus/Grafana for comprehensive monitoring.
  • Set up alerts for unusual activities or resource consumption.

Next Steps

Prisme.ai can be effectively deployed on AWS, leveraging managed services to ensure scalability, high availability, and operational simplicity. This guide provides step-by-step instructions and best practices to deploy Prisme.ai on AWS infrastructure.


Prerequisites

Before you begin deploying Prisme.ai on AWS, ensure you have the following:

  • AWS Account with sufficient permissions to create and manage cloud resources.
  • AWS CLI installed and configured on your local machine.
  • Basic familiarity with Kubernetes and AWS services (EKS, RDS, S3, Elasticache).

AWS Resources Setup

Deploy Prisme.ai using the following recommended AWS-managed resources:


Step-by-Step Deployment Guide

1

Set up EKS Cluster

Set up a Kubernetes cluster using the EKS CLI or AWS Management Console:

eksctl create cluster --name=prisme-ai --region=eu-west-1
2

Deploy Managed Databases

Provision databases and storage:

  • RDS (DocumentDB or self-managed MongoDB)
  • OpenSearch Cluster
  • Redis via ElastiCache
  • S3 buckets and EFS volumes
3

Configure DNS and Networking

Configure your Route 53 domains for the following:

  • API: api.yourdomain.com
  • Console: studio.yourdomain.com
  • Pages: *.pages.yourdomain.com
4

Deploy Prisme.ai via Helm

Use Helm to deploy Prisme.ai into your Kubernetes cluster:

helm repo add prismeai https://helm.prisme.ai/charts
helm install prisme-core prismeai/prismeai-core --namespace prisme -f values.yaml

Ensure your values.yaml is correctly updated with your AWS resources’ endpoints and credentials.

5

Configure Ingress and TLS

Use AWS Load Balancer Controller and ACM for SSL/TLS certificates to secure your deployment and route external traffic:

kubectl apply -f ingress.yaml
6

Test and Validate

Perform initial health checks:

kubectl get pods -n prisme
kubectl logs <pod-name> -n prisme

Security Best Practices

IAM Role Management

  • Use IAM roles for service accounts (IRSA) for secure, fine-grained Kubernetes-to-AWS permissions.
  • Regularly audit roles and permissions.

Network Isolation

  • Deploy within private subnets and secure via VPC and security groups.
  • Use NAT gateways for controlled internet access from private networks.

Secrets Management

  • Leverage AWS Secrets Manager or HashiCorp Vault for managing sensitive configuration.
  • Regular rotation of database passwords and API keys.

Monitoring and Auditing

  • Enable AWS CloudTrail, Amazon CloudWatch, and Prometheus/Grafana for comprehensive monitoring.
  • Set up alerts for unusual activities or resource consumption.

Next Steps