Deploying Prisme.ai on AWS
Step-by-step guide and best practices for deploying Prisme.ai in a self-hosted environment using AWS.
Prisme.ai can be effectively deployed on AWS, leveraging managed services to ensure scalability, high availability, and operational simplicity. This guide provides step-by-step instructions and best practices to deploy Prisme.ai on AWS infrastructure.
Prerequisites
Before you begin deploying Prisme.ai on AWS, ensure you have the following:
- AWS Account with sufficient permissions to create and manage cloud resources.
- AWS CLI installed and configured on your local machine.
- Basic familiarity with Kubernetes and AWS services (EKS, RDS, S3, Elasticache).
AWS Resources Setup
Deploy Prisme.ai using the following recommended AWS-managed resources:
Kubernetes (EKS)
Kubernetes (EKS)
- Service: Amazon Elastic Kubernetes Service (EKS)
- Recommended Configuration:
- 3-5 nodes, each with at least 4 vCPUs and 16GB RAM
- Autoscaling enabled for peak load management
- Best Practices:
- Use managed node groups for automated scaling and updates
- Ensure that your EKS cluster spans at least two availability zones for high availability
- Deployment:
Database (Amazon RDS)
Database (Amazon RDS)
- Service: Amazon RDS for MongoDB-compatible (DocumentDB) or self-managed MongoDB via EC2/EKS
- Recommended Configuration:
- 3-node cluster for high availability
- Instance type:
db.m5.largeminimum
- Best Practices:
- Enable automated backups and Multi-AZ deployments
- Secure access via VPC security groups
- Note: DocumentDB is AWS’s fully-managed MongoDB-compatible service. If your workload strictly requires MongoDB features unsupported by DocumentDB, deploy MongoDB manually or use AWS Marketplace AMIs.
Elasticsearch / OpenSearch
Elasticsearch / OpenSearch
- Service: Amazon OpenSearch Service
- Recommended Configuration:
- 3 nodes, instance type:
m6g.large.search - Dedicated master nodes for stability
- 3 nodes, instance type:
- Best Practices:
- Enable encryption at rest and node-to-node encryption
- Regularly snapshot your data to Amazon S3
Redis (ElastiCache)
Redis (ElastiCache)
- Service: Amazon ElastiCache for Redis
- Recommended Configuration:
- 3-node Redis Cluster (
cache.m6g.largerecommended) - Multi-AZ for failover
- 3-node Redis Cluster (
- Best Practices:
- Regular maintenance windows for upgrades
- Use Redis with JSON and Search modules if required by your deployment (via Redis Stack on EKS if needed)
Object Storage (Amazon S3)
Object Storage (Amazon S3)
- Service: Amazon S3
- Configuration:
- Create buckets for model storage, user uploads, and public assets
- Use AWS CloudFront CDN for public assets
- Best Practices:
- Enforce bucket versioning and lifecycle policies
- Apply least-privilege bucket policies
File System (Amazon EFS)
File System (Amazon EFS)
- Service: Amazon Elastic File System (EFS)
- Recommended Configuration:
- Use for shared file storage in Kubernetes workloads (e.g., PVCs)
- Performance mode: General Purpose
- Best Practices:
- Regular backups via AWS Backup
- Security groups limiting access to your Kubernetes cluster nodes only
Step-by-Step Deployment Guide
Set up EKS Cluster
Set up a Kubernetes cluster using the EKS CLI or AWS Management Console:
Deploy Managed Databases
Provision databases and storage:
- RDS (DocumentDB or self-managed MongoDB)
- OpenSearch Cluster
- Redis via ElastiCache
- S3 buckets and EFS volumes
Configure DNS and Networking
Configure your Route 53 domains for the following:
- API:
api.yourdomain.com - Console:
studio.yourdomain.com - Pages:
*.pages.yourdomain.com
Deploy Prisme.ai via Helm
Use Helm to deploy Prisme.ai into your Kubernetes cluster:
Ensure your values.yaml is correctly updated with your AWS resources’ endpoints and credentials.
Configure Ingress and TLS
Use AWS Load Balancer Controller and ACM for SSL/TLS certificates to secure your deployment and route external traffic:
Test and Validate
Perform initial health checks:
Security Best Practices
IAM Role Management
- Use IAM roles for service accounts (IRSA) for secure, fine-grained Kubernetes-to-AWS permissions.
- Regularly audit roles and permissions.
Network Isolation
- Deploy within private subnets and secure via VPC and security groups.
- Use NAT gateways for controlled internet access from private networks.
Secrets Management
- Leverage AWS Secrets Manager or HashiCorp Vault for managing sensitive configuration.
- Regular rotation of database passwords and API keys.
Monitoring and Auditing
- Enable AWS CloudTrail, Amazon CloudWatch, and Prometheus/Grafana for comprehensive monitoring.
- Set up alerts for unusual activities or resource consumption.