Bring Your Own AWS Account

Introduction

This document will guide you through the process of connecting your ScaleX Enterprise account to your AWS account. Once this is configured, you will be able to utilize your AWS account through the Rescale platform.

This process will accomplish two steps: the creation of a computational resource framework and the granting of proper access to your AWS account. The first will involve the creation of a Virtual Private Cloud (VPC) in the AWS environment. The second will require the creation of a role for Rescale to access your AWS resources.

VPC

To develop a flexible and secure framework to deploy computational resources, we will create a Virtual Private Cloud (VPC) within your existing AWS account. Using a new VPC in your AWS account ensures that the resources provisioned by Rescale are by default isolated from any other VPCs you have in your account. Rescale will utilize this VPC to provision requested computational resources through the ScaleX platform. Rescale will connect to this VPC through a VPC Peering connection.

This new VPC will have outbound internet access to enable you to connect to other systems. Rescale offers the ability to block outbound internet access in the event you wish to further control the environment. Contact Rescale support to find out more. A schematic of this new environment is shown below:

BYO AWS VPC Schematic

Rescale IAM Role

In order to enable the ScaleX platform to utilize your AWS resources, an Identity and Access Management (IAM) role for Rescale in AWS needs to be created. This role will allow for cross-account access to your AWS EC2 resources without the need to create any IAM user accounts.

This entire process will involve various steps and requires that certain parameters be passed to and from Rescale support.

Contents

Initial Setup

In order to enable Rescale to provision resources from your AWS account, you will first need to contact Rescale support to exchange some information.

Please provide Rescale with:

  1. Suggested VPC CIDR ranges

    This is to prevent any potential conflicts with existing Rescale infrastructure.

Rescale will then provide you with:

  1. Your company code or External ID
  2. Rescale AWS Account ID
  3. A CloudFormation script to create the stack
  4. The region to run the CloudFormation script

Rescale's CloudFormation script will build the stack and configure all of the initial VPC settings and create the proper IAM role for Rescale.

CloudFormation Stack Script

The CloudFormation script provided by Rescale, when run in the desired region, will create all of the resources required (role, VPC, subnets, Internet Gateway) and return the role ARN and VPC ID.

Note, the CIDR ranges will need to be updated with the selected range.

Please return this information to Rescale.

Information to Rescale

Once the role and VPC(s) have been created by the script, please provide the following pieces of information to Rescale support:

  1. The Amazon Resource Name (ARN) of the role you just created

    The ARN can be retrieved by selecting the new role in the Roles panel:

    BYO AWS ARN Role

  2. The agreed upon CIDR block of this VPC

VPC Peering and Route Table Update

Once this information is returned to Rescale, we will initialize a VPC peering connection. You will then need to accept this VPC peering connection in the AWS console. You will also have to add a route table entry pointing to the Rescale infrastructure VPC CIDR. Rescale will also do the same, adding a route to your VPC.

When completed, you should then be able to run on Rescale's ScaleX platform with your own AWS account.