Pipelines for Applications

Pipelines AWS Hybrid installation is a secenario where Pipelines is installed on a server that is not in the AWS cloud, but still relies on AWS resources to operate. These AWS services include:

  • S3 Bucket
  • Dynamo DB

Create an S3 Bucket

Before you can start, you will need to setup an S3 bucket in AWS. As an option, you can run the CloudFormation S3 Bucket Creation Script.

If creating the bucket manually, ensure you know the region you are creating it in. This is important.

Create an IAM User

For the server to have access to AWS resources, including S3 and DynamoDB, it will need IAM security credentials.

IAM User S3 Policy

The IAM user must have access to the S3 bucket in its region. This Allow access must include:

ActionResource
s3:ListBucketarn:aws:s3:::BUCKET
s3:GetBucketLocationarn:aws:s3:::BUCKET
s3:GetObjectarn:aws:s3:::BUCKET/*
s3:PutObjectarn:aws:s3:::BUCKET/*
s3:DeleteObjectarn:aws:s3:::BUCKET/*

Here is an example IAM Policy, in this example BUCKET is named distelli-onprem:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::distelli-onprem"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::distelli-onprem/*"
        }
    ]
}

IAM User DynamoDB Policy

When running the Pipelines install script, you can specify a prefix for you DynamoDB tables. This can provide you a mechanism to lock down Pipelines’s access to your DynamoDB to only tables with this prefix. Here is an example policy, note the PREFIX followed by an asterisk.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1465427217000",
            "Effect": "Allow",
            "Action": [
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem",
                "dynamodb:CreateTable",
                "dynamodb:DeleteItem",
                "dynamodb:DeleteTable",
                "dynamodb:DescribeReservedCapacity",
                "dynamodb:DescribeReservedCapacityOfferings",
                "dynamodb:DescribeStream",
                "dynamodb:DescribeTable",
                "dynamodb:GetItem",
                "dynamodb:GetRecords",
                "dynamodb:GetShardIterator",
                "dynamodb:ListStreams",
                "dynamodb:ListTables",
                "dynamodb:PurchaseReservedCapacityOfferings",
                "dynamodb:PutItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:UpdateItem",
                "dynamodb:UpdateTable"
            ],
            "Resource": [
                "arn:aws:dynamodb:eu-west-1:708141427824:table/<b>PREFIX</b>*"
            ]
        }
    ]
}

Obtain the Pipelines on premises Install Script

Please contact our sales team to obtain the Pipelines on premises install script.

Back to top
The page rank or the 1 our of 5 rating a user has given the page.
The email address of the user submitting feedback.
The URL of the page being ranked/rated.