# Enterprise Deployment Guide for AWS

Deploying RagaAI Prism on your AWS infrastructure ensures that your data remains secure and within your control. Follow these steps to set up RagaAI Prism in your AWS account.

1. [Provision Base Infrastructure](#provision-base-infrastructure)
2. [Installation Execution](#install-raga-prism)
3. [Verify Installation](#access-raga-prism)

## Provision Base Infrastructure

To get started quickly, you can use the Terraform Templates and scripts provided by the Raga team:

### Pre-Requirements

* **Set Up the AWS User:** The user running the installation is assumed to have administrator privileges. Alternatively, create a dedicated [IAM policy](https://raga-catalyst-aws.s3.ap-south-1.amazonaws.com/aws_iam_user_policy.json) with a specific set of permissions.
* **Service Quotas:** Ensure that the Service Quotas minimum is set to 32 vCPUs at the account level for compute-optimized (C) instance types for EKS worker node groups.
* Ensure that your system supports Bash commands
* The following CLI tools should be installed
  * [terraform](https://developer.hashicorp.com/terraform/install)
  * [aws cli](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
  * [python](https://www.python.org/downloads/)

### AWS login using CLI

<details>

<summary>Option A: Using aws configure</summary>

```bash
aws configure
```

Provide:

* Access Key ID
* Secret Access Key
* Default Region (e.g., us-east-1)
* Output Format (json, text, table)

</details>

<details>

<summary>Option B: Using AWS Keys Export</summary>

```bash
export AWS_ACCESS_KEY_ID=your-access-key-id
export AWS_SECRET_ACCESS_KEY=your-secret-access-key
```

</details>

**Validate aws cli Login:**

```bash
aws sts get-caller-identity
```

### Execute the following command to Provision the Environment:

#### Extract the TAR file provided by the RagaAI team:

```bash
tar -zxvf raga-prism-terraform-<version>.tar

```

#### Create S3 Bucket:

```
aws s3api create-bucket --bucket <bucket-name> --region <region>
```

Replace placeholders:

* `<region>`: Deployment region
* `<bucket-name>`: S3 Bucket Name
* Update Terraform Variables:

#### Update Terraform Variables

Update the `terraform.tfvars` with the required values

* customer\_name: This will be the prefix for all AWS resources
* region: Deployment region
* vpc\_cidr: your preferred CIDR range
* s3\_bucket\_name: s3 bucket name that you created in the above step

#### Terraform Initialization

Execute the following command for terraform init:

```bash
  terraform init \
    -backend-config="bucket=<s3_bucket_name>" \
    -backend-config="region=<region>" \
    -backend-config="key=tf/raga/terraform.tfstate" \
    -var-file=terraform.tfvars
```

#### Terraform Apply

Execute the following command for provision the infra with terraform:

```bash
terraform apply -var-file=terraform.tfvars -auto-approve
```

#### Terraform Output

Get the required details to install Raga Prism in the next step:

```bash
terraform output infrastructure_summary
```

#### List of AWS Resources Provisioned by RagaAI Terraform Infrastructure

> Note: You can also set up your cloud environment using the following requirements as an Alternative to the RagaAI Terraform templates

<details>

<summary>S3 Bucket</summary>

Create S3 bucket and Configure CORS with the following settings:

* Allowed Methods: GET, PUT
* Allowed Origins: \* (all origins)
* Allowed Headers: \* (all headers)
* Exposed Headers: none
* Max Age: 3000 seconds

</details>

<details>

<summary>EKS Cluster</summary>

* Kubernetes v1.24+ (Recommend containerd runtime)
* Ensure that the Service Quotas minimum is set to 32 vCPUs at the account level for compute-optimized (C) instance types
* **Worker Node Groups Configuration**

  | **Worker Node Group** | **Instance Type** | **vCPU & Memory** | **Min Size** | **Root Volume** | **Architecture** | **Taints** | **Labels** |
  | --------------------- | ----------------- | ----------------- | ------------ | --------------- | ---------------- | ---------- | ---------- |
  | **AMD Node Group**    | C5.2xlarge        | 8vCPU & 16GB      | 3 nodes      | 64 GB           | x86\_64          | N/A        | N/A        |
* **Cluster Add-ons**
  * AWS EBS CSI Driver must be enabled
* **IRSA Setup**
  * Role Name: raga-role
  * Required Permissions:
    * Access to the S3 bucket created above
    * Trust relationship with EKS OIDC provider
    * Service account should be `system:serviceaccount:raga:raga-role`
* **Cluster Autoscaler**
  * Deploy Cluster autoscaler

</details>

<details>

<summary>RDS Instance</summary>

* Instance Class: `db.r5.large` (2 vCPU & 16 GiB Memory)
* Storage Allocation: `50 GB`
* Engine: `mysql`

</details>

<details>

<summary>EC2 Instance</summary>

* Create an EC2 instance in a public subnet to act as a bastion/jump box.
  * Instance type: `t2.micro` (1 vCPU and 1 GB Memory)
  * EBS: `8 GB`
* Security group for bastion/jump box.
  * Inbound Rules:
    * Allows HTTP traffic on port 22.
  * Outbound Rules:
    * Permits all outbound traffic within the VPC
* Security group for an internal load balancer within a VPC
  * Inbound Rules:
    * Allows HTTP traffic on port 80 from within the VPC.
    * Allows HTTPS traffic on port 443 from within the VPC
  * Outbound Rules:
    * Permits all outbound traffic within the VPC

</details>

<details>

<summary>VPC</summary>

* VPC (Virtual Private Cloud)
* 2 Public and 2 private subnets
* 1 Internet Gateway (IGW)
* 1 NAT Gateway

</details>

## Install Raga Prism

#### Install Raga Prism:

* SSH into the instance and run the installation command.
* [Configure aws cli](#aws-login-using-cli)
* Configure kubectl to interact with your Amazon EKS (Elastic Kubernetes Service) cluster
* Copy the TAR file provided by the RagaAI team into he instance & extract the file
* Update the `.env` file with the values that you get when you execute the terraform output command

Execute the following command to deploy Prism:

```bash
python3 aws-prism.py
```

Run the Database Migration

```bash
helm install db-migration helm/db-migration -n raga \
  --set ReleaseTag=<ReleaseTag> 
```

Install Raga Services

```bash
helm install raga helm/raga -n raga \
  --set ReleaseTag=<ReleaseTag> 
```

## Access Raga Prism

Access Prism UI with the private loadbalancer Endpoint

* Portal: `http://<Load_Balancer_EndPoint>`
* API: `http://<Load_Balancer_EndPoint>/api`

***

For any issues during the deployment process or additional assistance, please contact our support team at <contact@raga.ai>.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.raga.ai/ragaai-prism/on-premise-deployment/on-premise-deployment-for-aws.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.