Deploying Prisme.ai on AWS
Step-by-step guide and best practices for deploying Prisme.ai in a self-hosted environment using AWS.
Prisme.ai can be effectively deployed on AWS, leveraging managed services to ensure scalability, high availability, and operational simplicity. This guide provides step-by-step instructions and best practices to deploy Prisme.ai on AWS infrastructure.
Prerequisites
Before you begin deploying Prisme.ai on AWS, ensure you have the following:
- AWS Account with sufficient permissions to create and manage cloud resources.
- AWS CLI installed and configured on your local machine.
- Basic familiarity with Kubernetes and AWS services (EKS, RDS, S3, Elasticache).
AWS Resources Setup
Deploy Prisme.ai using the following recommended AWS-managed resources:
Kubernetes (EKS)
Kubernetes (EKS)
- Service: Amazon Elastic Kubernetes Service (EKS)
- Recommended Configuration:
- 3-5 nodes, each with at least 4 vCPUs and 16GB RAM
- Autoscaling enabled for peak load management
- Best Practices:
- Use managed node groups for automated scaling and updates
- Ensure that your EKS cluster spans at least two availability zones for high availability
- Deployment:
Database (Amazon RDS)
Database (Amazon RDS)
- Service: Amazon RDS for MongoDB-compatible (DocumentDB) or self-managed MongoDB via EC2/EKS
- Recommended Configuration:
- 3-node cluster for high availability
- Instance type:
db.m5.largeminimum
- Best Practices:
- Enable automated backups and Multi-AZ deployments
- Secure access via VPC security groups
- Note: DocumentDB is AWS’s fully-managed MongoDB-compatible service. If your workload strictly requires MongoDB features unsupported by DocumentDB, deploy MongoDB manually or use AWS Marketplace AMIs.
Elasticsearch / OpenSearch
Elasticsearch / OpenSearch
- Service: Amazon OpenSearch Service
- Recommended Configuration:
- 3 nodes, instance type:
m6g.large.search - Dedicated master nodes for stability
- 3 nodes, instance type:
- Best Practices:
- Enable encryption at rest and node-to-node encryption
- Regularly snapshot your data to Amazon S3
Redis (ElastiCache)
Redis (ElastiCache)
- Service: Amazon ElastiCache for Redis
- Recommended Configuration:
- 3-node Redis Cluster (
cache.m6g.largerecommended) - Multi-AZ for failover
- 3-node Redis Cluster (
- Best Practices:
- Regular maintenance windows for upgrades
- Use Redis with JSON and Search modules if required by your deployment (via Redis Stack on EKS if needed)
Object Storage (Amazon S3)
Object Storage (Amazon S3)
- Service: Amazon S3
- Configuration:
- Create buckets for model storage, user uploads, and public assets
- Use AWS CloudFront CDN for public assets
- Best Practices:
- Enforce bucket versioning and lifecycle policies
- Apply least-privilege bucket policies
File System (Amazon EFS)
File System (Amazon EFS)
- Service: Amazon Elastic File System (EFS)
- Recommended Configuration:
- Use for shared file storage in Kubernetes workloads (e.g., PVCs)
- Performance mode: General Purpose
- Best Practices:
- Regular backups via AWS Backup
- Security groups limiting access to your Kubernetes cluster nodes only
Step-by-Step Deployment Guide
Set up EKS Cluster
Set up a Kubernetes cluster using the EKS CLI or AWS Management Console:
Deploy Managed Databases
Provision databases and storage:
- RDS (DocumentDB or self-managed MongoDB)
- OpenSearch Cluster
- Redis via ElastiCache
- S3 buckets and EFS volumes
Configure DNS and Networking
Configure your Route 53 domains for the following:
- API:
api.yourdomain.com - Console:
studio.yourdomain.com - Pages:
*.pages.yourdomain.com
Deploy Prisme.ai via Helm
Use Helm to deploy Prisme.ai into your Kubernetes cluster:
Ensure your values.yaml is correctly updated with your AWS resources’ endpoints and credentials.
Configure Ingress and TLS
Use AWS Load Balancer Controller and ACM for SSL/TLS certificates to secure your deployment and route external traffic:
Test and Validate
Perform initial health checks:
Security Best Practices
IAM Role Management
- Use IAM roles for service accounts (IRSA) for secure, fine-grained Kubernetes-to-AWS permissions.
- Regularly audit roles and permissions.
Network Isolation
- Deploy within private subnets and secure via VPC and security groups.
- Use NAT gateways for controlled internet access from private networks.
Secrets Management
- Leverage AWS Secrets Manager or HashiCorp Vault for managing sensitive configuration.
- Regular rotation of database passwords and API keys.
Monitoring and Auditing
- Enable AWS CloudTrail, Amazon CloudWatch, and Prometheus/Grafana for comprehensive monitoring.
- Set up alerts for unusual activities or resource consumption.
Next Steps
Kubernetes with Helm
Deploy Prisme.ai with Helm on Kubernetes
Products Configuration
Configure Prisme.ai AI products
Operations
Learn how to manage operations efficiently
Deploying Prisme.ai on AWS
Step-by-step guide and best practices for deploying Prisme.ai in a self-hosted environment using AWS.
Prisme.ai can be effectively deployed on AWS, leveraging managed services to ensure scalability, high availability, and operational simplicity. This guide provides step-by-step instructions and best practices to deploy Prisme.ai on AWS infrastructure.
Prerequisites
Before you begin deploying Prisme.ai on AWS, ensure you have the following:
- AWS Account with sufficient permissions to create and manage cloud resources.
- AWS CLI installed and configured on your local machine.
- Basic familiarity with Kubernetes and AWS services (EKS, RDS, S3, Elasticache).
AWS Resources Setup
Deploy Prisme.ai using the following recommended AWS-managed resources:
Kubernetes (EKS)
Kubernetes (EKS)
- Service: Amazon Elastic Kubernetes Service (EKS)
- Recommended Configuration:
- 3-5 nodes, each with at least 4 vCPUs and 16GB RAM
- Autoscaling enabled for peak load management
- Best Practices:
- Use managed node groups for automated scaling and updates
- Ensure that your EKS cluster spans at least two availability zones for high availability
- Deployment:
Database (Amazon RDS)
Database (Amazon RDS)
- Service: Amazon RDS for MongoDB-compatible (DocumentDB) or self-managed MongoDB via EC2/EKS
- Recommended Configuration:
- 3-node cluster for high availability
- Instance type:
db.m5.largeminimum
- Best Practices:
- Enable automated backups and Multi-AZ deployments
- Secure access via VPC security groups
- Note: DocumentDB is AWS’s fully-managed MongoDB-compatible service. If your workload strictly requires MongoDB features unsupported by DocumentDB, deploy MongoDB manually or use AWS Marketplace AMIs.
Elasticsearch / OpenSearch
Elasticsearch / OpenSearch
- Service: Amazon OpenSearch Service
- Recommended Configuration:
- 3 nodes, instance type:
m6g.large.search - Dedicated master nodes for stability
- 3 nodes, instance type:
- Best Practices:
- Enable encryption at rest and node-to-node encryption
- Regularly snapshot your data to Amazon S3
Redis (ElastiCache)
Redis (ElastiCache)
- Service: Amazon ElastiCache for Redis
- Recommended Configuration:
- 3-node Redis Cluster (
cache.m6g.largerecommended) - Multi-AZ for failover
- 3-node Redis Cluster (
- Best Practices:
- Regular maintenance windows for upgrades
- Use Redis with JSON and Search modules if required by your deployment (via Redis Stack on EKS if needed)
Object Storage (Amazon S3)
Object Storage (Amazon S3)
- Service: Amazon S3
- Configuration:
- Create buckets for model storage, user uploads, and public assets
- Use AWS CloudFront CDN for public assets
- Best Practices:
- Enforce bucket versioning and lifecycle policies
- Apply least-privilege bucket policies
File System (Amazon EFS)
File System (Amazon EFS)
- Service: Amazon Elastic File System (EFS)
- Recommended Configuration:
- Use for shared file storage in Kubernetes workloads (e.g., PVCs)
- Performance mode: General Purpose
- Best Practices:
- Regular backups via AWS Backup
- Security groups limiting access to your Kubernetes cluster nodes only
Step-by-Step Deployment Guide
Set up EKS Cluster
Set up a Kubernetes cluster using the EKS CLI or AWS Management Console:
Deploy Managed Databases
Provision databases and storage:
- RDS (DocumentDB or self-managed MongoDB)
- OpenSearch Cluster
- Redis via ElastiCache
- S3 buckets and EFS volumes
Configure DNS and Networking
Configure your Route 53 domains for the following:
- API:
api.yourdomain.com - Console:
studio.yourdomain.com - Pages:
*.pages.yourdomain.com
Deploy Prisme.ai via Helm
Use Helm to deploy Prisme.ai into your Kubernetes cluster:
Ensure your values.yaml is correctly updated with your AWS resources’ endpoints and credentials.
Configure Ingress and TLS
Use AWS Load Balancer Controller and ACM for SSL/TLS certificates to secure your deployment and route external traffic:
Test and Validate
Perform initial health checks:
Security Best Practices
IAM Role Management
- Use IAM roles for service accounts (IRSA) for secure, fine-grained Kubernetes-to-AWS permissions.
- Regularly audit roles and permissions.
Network Isolation
- Deploy within private subnets and secure via VPC and security groups.
- Use NAT gateways for controlled internet access from private networks.
Secrets Management
- Leverage AWS Secrets Manager or HashiCorp Vault for managing sensitive configuration.
- Regular rotation of database passwords and API keys.
Monitoring and Auditing
- Enable AWS CloudTrail, Amazon CloudWatch, and Prometheus/Grafana for comprehensive monitoring.
- Set up alerts for unusual activities or resource consumption.
Next Steps
Kubernetes with Helm
Deploy Prisme.ai with Helm on Kubernetes
Products Configuration
Configure Prisme.ai AI products
Operations
Learn how to manage operations efficiently