AWS Cloud

Launch an EC2 instance from the Marketplace

Step 1: Go to the AWS Marketplace website and search for the N3uron IIoT Platform product or access it directly through this link.
Step 2: Click on Continue to Subscribe.

Step 3: Review and accept the End User License Agreement (EULA) of N3uron.

Step 4: Wait for AWS to process your request and click on Continue to Configuration.

Step 5: Select the desired N3uron version and AWS Region to deploy this solution. Then, click on Continue to Launch.

Step 7: At the EC2 console, proceed to configure a name for the instance, a security group to allow SSH access and inbound HTTP to port 8003 (N3uron WebUI).

Configure the storage capacity and click on Launch instance.

Step 8: Once the instance is launched, click on it’s ID to view the instance details at the EC2 console.

Step 9: Access the N3uron WebUI using the public IPv4 address or public DNS name at port 8003.

Step 10: Login to the N3uron WebUI using the default admin username and the EC2 instance ID (see previous screenshot) as password. We strongly recommend changing the password after the first login.

Now you have full access to the N3uron IIoT Platform running in AWS cloud. Take a look at our data acquisition, data delivery and edge computing, data historian and visualization modules.

Deploy with CloudFormation templates

Our AWS Marketplace solution provides two CloudFormation templates to deploy a standalone or redundant N3uron with a MongoDB Atlas cluster as the data historian database.

Getting Started

Before deploying the architectures outlined below you need to configure the API keys in AWS Secrets Manager to access MongoDB Atlas and enable the MongoDB Atlas resources available in CloudFormation.

Configure your MongoDB Atlas API Keys

Step 1: Generate an API key pair (public and private keys) for your Atlas organization and configure them to grant CloudFormation access to your Atlas project. Refer to the Atlas documentation for detailed instructions.

Step 2: Create a new secret in AWS Secrets Manager (in the same region you want to deploy the solution) to store the Atlas “profile”.

The secret should follow this format:

SecretName: cfn/atlas/profile/{ProfileName}
SecretValue: {"PublicKey": "YourPublicKey", "PrivateKey": "YourPrivateKey"}

Example:

  ProfileName: default
  SecretName: cfn/atlas/profile/default
  SecretValue = {"PublicKey": "YourPublicKey", "PrivateKey": "YourPrivateKey"}

Alternatively, you can use this simple CloudFormation template to create a “default” profile.

Create an IAM execution role for Atlas

To activate and use the MongoDB cloudformation resources you need to create and configure an IAM role in the target region with the following permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "secretsmanager:CreateSecret",
                "secretsmanager:CreateSecretInput",
                "secretsmanager:DescribeSecret",
                "secretsmanager:GetSecretValue",
                "secretsmanager:PutSecretValue",
                "secretsmanager:UpdateSecretVersionStage",
                "ec2:CreateVpcEndpoint",
                "ec2:DeleteVpcEndpoints",
                "cloudformation:CreateResource",
                "cloudformation:DeleteResource",
                "cloudformation:GetResource",
                "cloudformation:GetResourceRequestStatus",
                "cloudformation:ListResources",
                "cloudformation:UpdateResource",
                "iam:AttachRolePolicy",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:GetRole",
                "iam:GetRolePolicy",
                "iam:ListAttachedRolePolicies",
                "iam:ListRolePolicies",
                "iam:PutRolePolicy"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

And the following trust policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "lambda.amazonaws.com",
                    "cloudformation.amazonaws.com",
                    "resources.cloudformation.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Recommended: You can use this cloudformation template to automatically create the IAM role in the desired region.

Activate the MongoDB Atlas resources in CloudFormation

To use the deployment templates provided in this solution you need to enable the following resources in the target region:

• MongoDB::Atlas::Project

• MongoDB::Atlas::Cluster

• MongoDB::Atlas::DatabaseUser

• MongoDB::Atlas::PrivateEndpointService

• MongoDB::Atlas::PrivateEndpointAWS

Step 1: In the AWS CloudFormation console of the target region, go to Registry and select Third party.

Step 2: Search for the specific resource by it’s name.

Step 3: Click on Activate, set the ARN identifier of the IAM role created in the previous section and click on Activate extension.

Repeat the steps 2-3 to enable all the required resources.

Architectures

Standalone

This template deploys a standalone N3uron node and a MongoDB Atlas cluster securely connected using an AWS PrivateLink endpoint.

We provide two deployment options:

• Deploy N3uron into a new VPC: This template creates a new VPC with the subnets, security groups, private endpoints… and deploys N3uron in an EC2 instance.

• Deploy N3uron into an existing VPC: This template deploys the solution into an existing VPC in your infrastructure.

Redundant

This option template deploys a redundant pair of N3uron nodes, each in a different availability zone and a highly-available MongoDB Atlas cluster securely connected using an AWS PrivateLink endpoint.

We provide two deployment options:

• Deploy N3uron into a new VPC: This template creates a new VPC with the subnets, security groups, private endpoints… and deploys each N3uron in an EC2 instance in different availability zones.

• Deploy N3uron into an existing VPC: This template deploys the solution into an existing VPC in your infrastructure.