# AWS Deployment

## Prerequisites

1. On a workstation with access to your AWS cloud, install the following tools if you don’t already have them available:
   * AWS CLI: <https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html>
   * Helm: <https://helm.sh/docs/intro/install/>
   * Kubectl: <https://kubernetes.io/docs/tasks/tools/>
2. Create a new EKS cluster:
   1. Select Custom Configuration and disable EKS Auto Mode:

      <figure><img src="https://2091741164-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvrraExym8pNEUvBDoima%2Fuploads%2FwrhoeGpLInLc4cwHjwRM%2FScreenshot%202025-05-16%20at%208.15.01%E2%80%AFAM.png?alt=media&#x26;token=c67e5a48-03a3-40b7-b403-ba7b42275fa7" alt=""><figcaption></figcaption></figure>

      <figure><img src="https://2091741164-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvrraExym8pNEUvBDoima%2Fuploads%2FTE8f4vZVK98JcYCOWtOh%2FScreenshot%202025-05-16%20at%208.16.56%E2%80%AFAM.png?alt=media&#x26;token=b18f229b-f137-4a11-9de8-c1760bba5422" alt=""><figcaption></figcaption></figure>
   2. Create a new Cluster IAM role with the default settings and select it.
   3. On the next screen, make sure to select the VPC and subnets where you want to install the app
   4. On the add-ons screen (Step 4), add the EBS CSI Driver addon:\
      \
      ![](https://2091741164-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvrraExym8pNEUvBDoima%2Fuploads%2F7X7mTFuydjabNGmBAfnf%2FScreenshot%202025-05-16%20at%205.57.15%E2%80%AFPM.png?alt=media\&token=e39f999a-d5ce-4225-86ba-610f0a505937)
   5. Create the cluster, wait for it to finish initializing. Once it is ready, go to the Compute Tab and click Add a Node Group.
   6. Create a new IAM Role for the node group. In addition to the default policies, attach the `AmazonEBSCSIDriverPolicy` \
      \ <img src="https://2091741164-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvrraExym8pNEUvBDoima%2Fuploads%2Fgqnsfzw4Dh02Kxp1zw8J%2FScreenshot%202025-05-16%20at%205.59.39%E2%80%AFPM.png?alt=media&#x26;token=c33a75c4-76b8-4192-8eb0-51cbd1c029ba" alt="" data-size="original">
   7. Choose Amazon Linux 2 as the AMI Type<br>

      <figure><img src="https://2091741164-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FvrraExym8pNEUvBDoima%2Fuploads%2Fsn53vWS3gSdZ9fPINkkZ%2FScreenshot%202025-05-19%20at%207.36.28%E2%80%AFAM.png?alt=media&#x26;token=aad5c384-3b23-420d-9afe-4529001ea603" alt=""><figcaption></figcaption></figure>
   8. Select an instance type with at least 16GB of RAM. m6i.xlarge or bigger is a good choice.
   9. Set the Disk Size to 100GiB
   10. Set the Desired Size and Maximum Size to at least 3 nodes
3. Connect your workstation kubectl to the new EKS cluster. Substitute `<eks-cluster-name>` with your new EKS cluster in the following:

```bash
aws eks update-kubeconfig --name <eks-cluster-name>
```

## Violet Helm Chart Installation

1. Add a new profile containing the Violet AWS Credentials to your workstation. These values are provided by Violet Labs and are specific to your installation:

```bash
aws configure --profile violet-external

AWS Access Key ID [None]: <your-violet-access-key>
AWS Secret Access Key [None]: <your-violet-access-key-secret>
Default region name [None]: us-west-1
```

2. Create a new file, `violet-values.yml` containing your AWS credentials and specific application configuration:

```yaml
domain: # The domain where Violet will be served. Subdomain must be "violet": violet.mydomain.com
customerName: # The customer name of your license. Provided by Violet
licenseKey: # Your license key. Provided by Violet
adminEmail: #admin user email for the customer
adminName: #admin user full name ("Firstname Lastname") for the customer

aws:
  accessKeyId: # Your Violet AWS Access key, provided by Violet
  accessKeySecret: # Your Violet AWS secret, provided by Violet

neo4j:
  volumes:
    data:
      dynamic:
        storageClassName: gp2
global:
  storageClass: gp2
  
# optional: This is required if you wish to use an external database instead of an internal postgres db automatically spun up by the helm chart
postgresql:
  enabled: false # This disables the internal postgresql db
  auth:
    host: # hostname for external db (e.g. '[db_name].postgres.database.azure.com')
    password: # password for application db user, used by app
    username: # username for application db user, used by app
    adminPassword: # username for db, with migrations & seed permissions
    adminUsername: # password for db, with migrations & seed permissions
```

<details>

<summary>Deploying or Updating Version-Locked Violet [OPTIONAL]</summary>

If you would like to lock the version of Violet that you are using and not automatically pull the latest version, add the following entry to your `violet-values.yml` file:

```yaml
image:
  versionTag: # use correct version tag to lock a version and not always pull latest. Provided by Violet for initial deployment.
```

Violet changelog (& version tags) can be found here [VioletLabs changelog | Productlane](https://changelog.violetlabs.com/changelog)

If you are deploying Violet in this environment for the first time, continue to step 3.

If you have already deployed Violet and are just locking the version or updating to a specific version of Violet, enter that versionTag in the `violet-values.yml` file and then skip to step 8.

</details>

3. Create a new kubernetes namespace for the Violet installation:

```bash
kubectl create namespace violet
```

4. Install the nginx ingress controller chart which allows EKS to set up a load balancer to route traffic from the internet to the new Violet deployment:

```bash
helm install --namespace kube-system nginx ingress-nginx --repo https://kubernetes.github.io/ingress-nginx
```

5. Install the mezmo logging agent. This streams logs from your cluster to the violet team for troubleshooting and monitoring assistance.

```
kubectl apply -f https://assets.logdna.com/clients/logdna-agent/3/agent-namespace.yaml

# Get <mezmo-ingestion-key> from your 1Pass entry
kubectl create secret generic logdna-agent-key -n logdna-agent --from-literal=logdna-agent-key=<mezmo-ingestion-key> 

kubectl apply -f https://assets.logdna.com/clients/logdna-agent/3/agent-resources.yaml
```

6. Install the external-secrets chart. This is used to load some customer-specific secrets from AWS into the Violet deployment:

```bash
helm repo add external-secrets https://charts.external-secrets.io
helm repo update
helm upgrade --namespace external-secrets --create-namespace --install --version 0.16.2 --wait external-secrets external-secrets/external-secrets
```

7. Create a secret that allows Kubernetes to access the Violet Helm Chart repository:

```bash
kubectl create secret docker-registry --namespace violet ecr-creds --docker-server=911167899009.dkr.ecr.us-west-1.amazonaws.com --docker-username=AWS --docker-password=$(aws ecr --profile violet-external get-login-password)
```

8. Login to the Helm repository:

```bash
aws ecr --profile violet-external get-login-password | helm registry login --username AWS --password-stdin 911167899009.dkr.ecr.us-west-1.amazonaws.com
```

9. Install the Violet Helm Chart:

```bash
helm upgrade --namespace violet --create-namespace --install myviolet oci://911167899009.dkr.ecr.us-west-1.amazonaws.com/violet-helm --version 1.0.0-main -f violet-values.yml
```

Note that it may take up to 5 minutes to run the database provisioning scripts. You can check the status of the deployment by looking at the pods:

```bash
kubectl get pods -n violet
```

After installation is complete the helm chart will print our some information and commands including the URL to access your new deployment, how to get the DNS Name of the ingress load balancer that the deployment is served at (for setting up DNS rules) and how to obtain the auto-generated password for the `violet_admin@violetlabs.com` account.