Set up AWS resources for ThoughtSpot
After you determine your configuration options, you must set up your virtual machines (VMs) in AWS using a ThoughtSpot Amazon Machine Image (AMI).
ThoughtSpot Training
For best results in setting up ThoughtSpot in AWS, we recommend that you take the following ThoughtSpot U course: Node Configuration: AWS.
See other training resources at ThoughtSpot U.
Overview of ThoughtSpot setup in AWS
Follow these steps to set up your ThoughtSpot VMs in AWS.
❏ |
|
❏ |
2. Choose a VM instance configuration recommended by ThoughtSpot. |
❏ |
|
❏ |
|
❏ |
|
❏ |
6. Open the required network ports for communication for the nodes in your cluster and end users. |
❏ |
After you launch a VM using a ThoughtSpot marketplace AMI, and the EC2 instance is up and running, it takes 20-30 mins for the services to be ready for use. |
Following AWS best practices, we strongly recommend that you do not use the AWS root user for deploying ThoughtSpot. For details, see AWS account root user in Amazon’s AWS documentation. |
About the ThoughtSpot AMI
An Amazon Machine image (AMI) is a preconfigured template that provides the information required to launch an instance. You must specify an AMI when you launch an instance in AWS.
To make deployment easy, the ThoughtSpot AMI includes a custom ThoughtSpot image, with the following components:
-
A template for the boot volume for the instance, such as an operating system, an appliance server, and applications.
-
Launch permissions that control which AWS accounts can use the AMI to launch instances.
-
A block device mapping that specifies the volumes to attach to the instance when it launches.
The ThoughtSpot AMI has specific applications on a CentOS-based image. The AMI includes the EBS volumes necessary to install ThoughtSpot in AWS. When you launch an EC2 instance from this image, it automatically sizes and provisions the EBS volumes. The base AMI includes 200 GB (xvda), 2X400 GB (xvdb), and SSD (gp2). It contains the maximum number of disks to handle a fully loaded VM.
RHEL or OEL AMI
This guide explains how to deploy ThoughtSpot on AWS, using ThoughtSpot’s CentOS-based image. You can also deploy ThoughtSpot on AWS using Red Hat Enterprise Linux (RHEL) or Oracle Enterprise Linux (OEL), allowing you to run ThoughtSpot on an RHEL version 7.8, 7.9, 8.1, 8.2, 8.3, 8.4, 8.5, 8.6, 8.7, or 8.8 or OEL version 7.9 image that your organization manages internally. To install ThoughtSpot using RHEL or OEL, choose your own RHEL- or OEL-based image on the AWS console, instead of ThoughtSpot’s image, and refer to the RHEL and OEL deployment guide after you launch your virtual machines.
Amazon Linux 2 AMI
This guide explains how to deploy ThoughtSpot on AWS, using ThoughtSpot’s CentOS-based image. You can also deploy ThoughtSpot on AWS using Amazon Linux 2, allowing you to run ThoughtSpot on an Amazon Linux 2 image that your organization manages internally. To install ThoughtSpot using Amazon Linux 2, choose your own Amazon Linux 2-based image on the AWS console, instead of ThoughtSpot’s image, and refer to the Amazon Linux 2 deployment guide after you launch your virtual machines.
Prerequisites
To install and launch ThoughtSpot, you must have the following:
❏ |
Familiarity with Linux administration, and a general understanding of cloud deployment models. |
❏ |
The necessary AWS Identity and Access Management (IAM) users and roles assigned to you to access and deploy the various AWS resources and services as defined in the Required AWS components section that follows. |
❏ |
Networking information: Download and fill out the ThoughtSpot site survey to have a quick reference point. Ask your network administrator if you need help filling out the site survey. |
ThoughtSpot recommends SSH and web access to the EC2 instance for installation, maintenance and access to the ThoughtSpot application. For more on SSH-key-rotation best practices, please review Rotating AWS KMS keys in the AWS documentation. |
For more information about IAM, see: What Is IAM? in Amazon’s AWS documentation.
Required AWS components
You require the following AWS components:
❏ |
An AWS Virtual Private Cloud (VPC). An AWS VPC is a virtual network specifically for your AWS account. It exists in all availability zones in your region, but you can specify a local zone for even lower latency. For more details, see VPCs and Subnets in Amazon’s AWS documentation. |
❏ |
A ThoughtSpot AMI. For details, see Choose VM instances. |
❏ |
AWS security groups. For required open ports, see Network ports. |
❏ |
An AWS VM instances. For instance type recommendations, see ThoughtSpot AWS instance types. |
❏ |
EBS volumes for data storage. |
❏ |
If deploying with S3 persistent storage, you must have one S3 bucket for each ThoughtSpot cluster. |
Get access to ThoughtSpot AMI
-
Sign in to your AWS account.
-
Copy the correct ThoughtSpot public AMI to your AWS region. Refer to the following information to find the AMI you should use, depending on your release version and when your cluster was created.
AMI for clusters created after November 19, 2021
- Release Version
-
8.4.0.sw [LA] and 8.4.1.sw
- AMI Name
-
thoughtspot-image-20210405-ec1319de70e-prod
- AMI ID
-
ami-03767ea7551010ce6
- Region
-
Oregon
- Notes
-
The AMI is based in the Oregon region. You may have to temporarily switch to the Oregon region on the AWS website to initiate copying the AMI to the region of your choice. After the copy completes, you can return to your own region.
AMI for clusters created before November 19, 2021
- Release Version
-
8.4.0.sw [LA] and 8.4.1.sw
- AMI Name
-
thoughtspot-image-20210405-ec1319de70e-prod
- AMI ID
-
ami-0590a6bd470448a21
- Region
-
N. California
- Notes
-
The AMI is based in the N. California region. You may have to temporarily switch to the N. California region on the AWS website to initiate copying the AMI to the region of your choice. After the copy completes, you can return to your own region.
Choose VM instances
-
Choose the appropriate EC2 instance type: See ThoughtSpot AWS instance types for help choosing the correct instance type for your cluster.
-
Networking requirements: 10 GbE network bandwidth is needed between the VMs.
Ensure that you have this bandwidth.
-
Ensure that all your VMs are on the same Amazon Virtual Private Cloud (VPC) and subnetwork.
This is necessary because VMs that are part of a cluster need to be accessible by each other.
Additional external access may be required to bring data in/out of the VMs to your network.
Add all nodes in the same placement group.
-
Determine the number of EC2 instances you need: Based on the datasets, this number will vary.
Refer to ThoughtSpot AWS instance types for recommended nodes for a given data size.
Staging larger datasets (> 50 GB per VM), may require provisioning additional attached EBS volumes that are SSD (gp2). |
Setting up your Amazon S3 bucket (recommended)
If you are going to deploy your cluster using the S3-storage option, you must set up that bucket before you set up your cluster. Contact ThoughtSpot Support to determine if your specific cluster size can benefit from the S3 storage option.
Follow these steps to set up an S3 bucket in AWS.
-
On the AWS website, navigate to the S3 service dashboard by selecting Services, then S3.
-
Make sure the selected region in the upper-right corner of the dashboard is the same region in which you plan to set up your cluster.
-
Select Create bucket.
-
In the Name and region page, enter a name for your bucket.
-
Select your region.
-
Select Next.
-
On the Properties page, select Next.
-
On the Configure options page, ensure that Block all public access is selected.
-
Select Next.
-
On the Set permissions page, select Create bucket.
Encrypting your data at rest
ThoughtSpot makes use of EBS for the data volumes to store persistent data (in the EBS deployment model) and the boot volume (in the EBS and S3 deployment models). ThoughtSpot recommends that you encrypt your data volumes prior to setting up your ThoughtSpot cluster. If you are using the S3 persistent storage model, you can encrypt the S3 buckets using SSE-S3 or AWS KMS.
For more information on encryption supported with AWS:
EBS |
See Amazon EBS Encryption in Amazon’s AWS documentation. |
S3 |
See Amazon S3 Default Encryption for S3 Buckets in Amazon’s AWS documentation. |
Setting up your ThoughtSpot cluster
To set up a ThoughtSpot cluster in AWS, follow these steps:
-
On the AWS website, navigate to the EC2 service dashboard by selecting Services, then EC2.
-
Make sure your selected region is correct in the upper-right corner of the dashboard. If not, select your region. Let ThoughtSpot Support know if you change your region.
-
Start the process of launching a VM by selecting Launch Instance.
-
In the My AMIs tab under 1. Choose AMI, search ThoughtSpot to find the ThoughtSpot AMI.
-
Click Select. Ensure that you select the ThoughtSpot AMI listed in Get access to ThoughtSpot AMI, which you entered earlier in this process.
-
On the Choose an Instance Type page, select a ThoughtSpot-supported instance type. See ThoughtSpot AWS instance types.
-
Select Next: Configure Instance Details.
-
Configure the instances by choosing the number of EC2 instances you need. The instances must be on the same VPC and subnetwork. ThoughtSpot sets up the instances to be in the same ThoughtSpot cluster.
S3 storage setting: If you are going to use the S3 storage option, ThoughtSpot recommends that you restrict access to a specific S3 bucket. Create a new IAM role that provides read/write access to the specific bucket, and select it. For details on that, select Create new IAM role.
AWS Systems Manager Agent: If you plan to use the AWS SSM agent as an alternative to SSH, create a new IAM role with an SSM policy to grant AWS SSM permission to perform actions on your instances. Refer to Create an IAM instance profile for Systems Manager.
-
Select Next: Add Storage. Add the required storage based on your instance type (either EBS volumes or S3), and the amount of data you are deploying. For specific storage requirements, refer to ThoughtSpot AWS instance types.
-
Select Add new volume.
-
Specify the type of storage, either EBS or S3.
-
Specify the size of the volume.
-
Ensure that you leave Delete on termination unchecked, to prevent potential loss of data if the VM is accidentally terminated.
-
-
When you are done modifying the storage size, select Next: Add Tags.
-
Set a name for tagging your instances. This tag allows you to identify your instance more easily.
Configure security groups
-
Select Next: Configure Security Group.
-
Select an existing security group to attach new security groups to so that it meets the security requirements for ThoughtSpot.
Security settings for ThoughtSpot -
The VMs must have intragroup security: every VM in a cluster must be accessible to all clusters. For easier configuration, ThoughtSpot recommends that you enable full access between VMs in a cluster.
-
You must open more ports on the VM to provide data staging capabilities to your network. Check ThoughtSpot’s Network ports documentation to determine the minimum required ports you must open for your ThoughtSpot appliance.
Refer to Network ports.
-
-
Select Review and Launch.
-
After you have reviewed your instance launch details, select Launch.
-
Choose a key pair. A key pair consists of a public and private key used to encrypt and decrypt login information. If you don’t have a key pair, you must create one. Without a key pair, you cannot SSH into the AWS instance later.
-
Select Launch Instances. Wait a few minutes for it to fully start up. After it starts, it appears on the EC2 console.
Prepare the VMs
Before installing a ThoughtSpot cluster, an administrator must prepare the VMs.