Overview of ThoughtSpot setup in AWS
Follow these steps to set up your ThoughtSpot VMs in AWS.
About the ThoughtSpot AMI
An Amazon Machine image (AMI) is a preconfigured template that provides the information required to launch an instance. You must specify an AMI when you launch an instance in AWS.
To make deployment easy, the ThoughtSpot AMI includes a custom ThoughtSpot image, with the following components:
- A template for the root volume for the instance, such as an operating system, an appliance server, and applications.
- Launch permissions that control which AWS accounts can use the AMI to launch instances.
- A block device mapping that specifies the volumes to attach to the instance when it launches.
The ThoughtSpot AMI has specific applications on a base image. The AMI includes the EBS volumes necessary to install ThoughtSpot in AWS. When you launch an EC2 instance from this image, it automatically sizes and provisions the EBS volumes. The base AMI includes 200 GB (xvda), 2X400 GB (xvdb), and SSD (gp2). It contains the maximum number of disks to handle a fully loaded VM.
To install and launch ThoughtSpot, you must have the following:
|❏||Familiarity with Linux administration, and a general understanding of cloud deployment models.|
|❏||The necessary AWS Identity and Access Management (IAM) users and roles assigned to you to access and deploy the various AWS resources and services as defined in the Required AWS components section that follows.|
For more information about IAM, see: What Is IAM? in Amazon’s AWS documentation.
Required AWS components
|❏||An AWS Virtual Private Cloud (VPC). An AWS VPC is a virtual network specifically for your AWS account. It exists in all availability zones in your region, but you can specify a local zone for even lower latency. For more details, see VPCs and Subnets in Amazon's AWS documentation.|
|❏||A ThoughtSpot AMI. For details, see Setting up your EC2 instances.|
|❏||AWS security groups. For required open ports, see Network Policies.|
|❏||AWS VM instances. For instance type recommendations, see ThoughtSpot AWS instance types.|
|❏||EBS volumes for data storage.|
|❏||(Optional) If deploying with S3 persistent storage, you need one S3 bucket for each ThoughtSpot cluster.|
Setting up your EC2 instances
- Sign into your AWS account.
- Copy the following ThoughtSpot public AMI to your AWS region:
AMI Name: thoughtspot-image-20191031-8ae15008336-prod
AMI ID: ami-06276ece42ed96994
Region: N. CaliforniaNote: The AMI is based in the N. California region. You may have to temporarily switch to the N. California region on the AWS website to access it. Then you can return to your own region.Note: The AMI is backward-compatible with ThoughtSpot releases 5.1.x - 6.0.x.
- Choose the appropriate EC2 instance type: See ThoughtSpot AWS instance types for help choosing the correct instance type for your cluster.
- Networking requirements: 10 GbE network bandwidth is needed between the VMs. Ensure that you have this bandwidth.
- Ensure that all your VMs are on the same Amazon Virtual Private Cloud (VPC) and subnetwork. This is necessary because VMs that are part of a cluster need to be accessible by each other. Additional external access may be required to bring data in/out of the VMs to your network. Add all nodes in the same placement group.
- Determine the number of EC2 instances you need: Based on the datasets, this number will vary. Refer to ThoughtSpot AWS instance types for recommended nodes for a given data size.
Setting up your Amazon S3 bucket (recommended)
If you are going to deploy your cluster using the S3-storage option, you must set up that bucket before you set up your cluster. Contact ThoughtSpot Support to find out if your specific cluster size can benefit from the S3 storage option.
Follow these steps to set up an S3 bucket in AWS.
On the AWS website, navigate to the S3 service dashboard by clicking Services, then S3.
Make sure the selected region in the top-right corner of the dashboard is the same region in which you plan to set up your cluster.
Click Create bucket.
In the Name and region page, enter a name for your bucket.
Select your region.
On the Properties page, click Next.
On the Configure options page, ensure that Block all public access is selected.
On the Set permissions page, click Create bucket.
Encrypting your data at rest
ThoughtSpot makes use of EBS for the data volumes to store persistent data (in the EBS deployment model) and the boot volume (in the EBS and S3 deployment models). ThoughtSpot recommends that you encrypt your data volumes prior to setting up your ThoughtSpot cluster. If you are using the S3 persistent storage model, you can encrypt the S3 buckets using SSE-S3 or AWS KMS.
For more information on encryption supported with AWS:
- For EBS, see Amazon EBS Encryption in Amazon’s AWS documentation.
- For S3, see Amazon S3 Default Encryption for S3 Buckets in Amazon’s AWS documentation.
Setting up your ThoughtSpot cluster
To set up a ThoughtSpot cluster in AWS, follow these steps:
On the AWS website, navigate to the EC2 service dashboard by clicking Services, then EC2.
Make sure your selected region is correct in the top-right corner of the dashboard. If not, select your region. Let ThoughtSpot support know if you change your region.
Start the process of launching a VM by clicking Launch Instance.
Click the My AMIs tab and search ThoughtSpot to find the ThoughtSpot AMI.
On the Choose an Instance Type page, select a ThoughtSpot-supported instance type. (See ThoughtSpot AWS instance types.)
Click Next: Configure Instance Details.
Configure the instances by choosing the number of EC2 instances you need. The instances must be on the same VPC and subnetwork. ThoughtSpot sets up the instances to be in the same ThoughtSpot cluster.
S3 storage setting: If you are going to use the S3 storage option, ThoughtSpot recommends that you restrict access to a specific S3 bucket. Create a new IAM role that provides read/write access to the specific bucket, and select it. For details on that, click Create new IAM role.
Click Next: Add Storage. Add the required storage based on your instance type (either EBS volumes or S3), and the amount of data you are deploying. For specific storage requirements, refer to ThoughtSpot AWS instance types.
When you are done modifying the storage size, click Next: Add Tags.
Set a name for tagging your instances. This tag allows you to identify your instance more easily.
Configure security groups
Click Next: Configure Security Group.
Select an existing security group to attach new security groups to so that it meets the security requirements for ThoughtSpot.Tip: Security setting for ThoughtSpot
- The VMs need intragroup security, i.e. every VM in a cluster must be accessible from one another. For easier configuration, ThoughtSpot recommends that you enable full access between VMs in a cluster.
- Additionally, more ports must be opened on the VM to provide data staging capabilities to your network. Check Network policies to determine the minimum required ports you must open for your ThoughtSpot appliance.
Click Review and Launch.
After you have reviewed your instance launch details, click Launch.
Choose a key pair. A key pair consists of a public and private key used to encrypt and decrypt login information. If you don’t have a key pair, you must create one. Without a key pair, you cannot SSH into the AWS instance later on.
Click Launch Instances. Wait a few minutes for it to fully start up. After it starts, it appears on the EC2 console.
Prepare the VMs
Before installing a ThoughtSpot cluster, an administrator must prepare the VMs.