Orka on AWS: Initial Configuration Guide
MacStadium will configure your Orka cluster in AWS for you. During this process, you will be prompted to provide additional information and configure some manual steps in your own customer Amazon account and customer VPC.
Quick navigation
Time to read: 6 minutes, 28 seconds
Jump to: How does Orka on AWS work? | Setting up Orka on AWS
See also: Getting started | Known limitations | VNC and Screen Sharing to a VM | Accessing the Orka Web UI | Reporting issues
With Orka coming to AWS, you can now effortlessly integrate macOS development and macOS CI/CD into your AWS workflows and environments.
How does Orka on AWS work?
Your Orka cluster is a Virtual Private Cloud (VPC) within a MacStadium-owned and operated account, dedicated exclusively to you and your cluster. The resources from your own VPC (the customer VPC) and the Orka cluster connect to and access each other via VPC peering.
IMPORTANT
Your Orka cluster lives in an account created and configured exclusively for you. No resources are ever shared with other MacStadium customers.
Currently, your Orka cluster can connect to only one customer VPC.
After your Orka cluster is configured on AWS, you can use it as any regular Orka cluster (with a few known limitations). You will not be able to administer the account where the cluster lives and you will not be able to modify any Amazon services configured for the account. For any changes that you need to make to the Orka cluster and its related Amazon services, you need to submit a ticket in the MacStadium portal.
Setting up Orka on AWS
CAUTION
Do not use the customer account root user to complete any steps of the configuration.
MacStadium will configure your Orka cluster in AWS for you. During this process, you will be prompted to provide additional information and configure some manual steps in your own customer Amazon account and customer VPC.
-
When prompted, provide the following information to the MacStadium team. The team will use this information to configure your Orka cluster and the VPC peering between Orka and your customer VPC.
Information Description Comment Region The region of your customer VPC. The MacStadium team will use it to set the region for the Orka VPC. Both VPCs must reside in the same region. For example: US East (N. Virginia)
Account ID The account ID for your customer Amazon account. The MacStadium team will use this information to create the VPC peering request. To get your account ID, click your account name in the top right corner of the AWS Management Console. VPC ID The VPC ID of the customer VPC that you want to be able to access your Orka cluster. The MacStadium team will use this information to create the VPC peering request.
Currently, your Orka cluster can connect to only one customer VPC.To get your VPC ID, in the AWS Management Console, go to the VPC Dashboard > Virtual private cloud > Your VPCs and find your VPC in the list. Copy the VPC ID from the table. For example: vpc-12a345bc678d90123
Customer network CIDR The IPv4 CIDR notation for the customer VPC network. The MacStadium team will use this information to create the VPC peering request. Make sure there is no overlap between the customer network and the Orka network. To get the IPv4 CIDR notation for the customer VPC network, in the AWS Management Console, go to the VPC Dashboard > Virtual private cloud > Your VPCs and find your VPC in the list. Copy the IPv4 CIDR notation from the table. For example: 172.31.0.0/16
Orka network CIDR The IPv4 CIDR notation for the Orka VPC network that you want to use. The MacStadium team will use this information to configure the networking for the Orka VPC and to create the VPC peering request. Make sure there is no overlap between the customer network and the Orka network. For example: 154.2.0.0/16
Security groups The IDs of the security groups that you want to have access to the Orka cluster. These security groups are configured on the customer VPC. The MacStadium team will use this information to configure the networking and security for the Orka cluster. To get the security group ID, in the AWS Management Console, go to the VPC Dashboard > Security > Security Groups and find your security group in the list. Copy the name or the ID from the table. Make sure that you are referring to a security group in the customer VPC. For example: sg-0ab1234a5bc678def
-
The MacStadium team creates the AWS account for your Orka cluster.
- The MacStadium team owns and administers the account and all its related services.
- The account is dedicated exclusively to you and your cluster. No other customer has any access to this account, its resources, or services.
-
The MacStadium team creates the VPC peering request. When secure VPC peering is established, the Orka cluster and the resources in your customer VPC will be able to access each other.
TIP
After the MacStadium team creates the request successfully, you will see a request with a
Pending acceptance
status in the AWS Management Console > VPC Dashboard > Virtual private cloud > Peering connections.
-
The MacStadium team will provide you with the details for the VPC peering request. You will receive the following information:
Information Description Peering connection ID The ID of the peering request. You will use it to confirm the identity of the request before accepting it. Requester owner ID The account ID of the account hosting the Orka cluster. Requester VPC The VPC ID of the Orka VPC.
Time to complete
The MacStadium team will take up to 24 hours to configure the request and send back the details. You will have up to 7 days to accept the pending request, before it expires.
As soon as you confirm the VPC peering request, the peering connection instantly becomes live and active.
- Accept the VPC peering request and notify the MacStadium team that the peering connection is active.
- In the AWS Management Console, go to the VPC Dashboard > Virtual private cloud > Peering connections.
- From the list, select the peering request that matches the provided Peering connection ID, Requester owner ID, and Requester VPC.
- Select Actions > Accept request.
- In the Accept VPC peering connection request pop-up, review the request details and click Accept request.
TIP
After you accept the peering connection request, it appears in the list of peering connections with the status
Active
.
- Modify your route tables to enable communication between the instances in the customer VPC and the Orka VPC.
- In the AWS Management Console, go to the VPC Dashboard > Virtual private cloud > Route tables.
- From the list, select the route table that you want to use to handle the communication between the customer VPC and the Orka VPC, or create a new route table.
- Click Edit routes.
- Click Add route.
- For Destination, provide the Orka network range in the IPv4 CIDR notation. For example:
154.2.0.0/16
. - For Target, from the drop-down menu, select Peering connection. When the list refreshes, select the ID of the peering connection between the customer VPC and the Orka VPC.
- Click Save changes.
8. Repeat for all customer VPC public and private subnets that need to communicate with the Orka VPC. For example: the private subnets of your customer instances.
TIP
After you add the route successfully, it appears in the list of Routes of the routing table with the status
Active
.
-
The MacStadium team completes the security and traffic configuration of the Orka VPC by specifying which customer security groups can access it.
-
The MacStadium team notifies you that your Orka cluster is ready to use in AWS. They will also provide you with the following information (some of it might already be available throughout the communication with MacStadium):
Information Description Orka account ID The account ID of the account hosting the Orka cluster. Orka VPC ID The VPC ID of the Orka VPC. Peering connection ID The ID of the VPC peering connection. Orka endpoint The endpoint address for Orka cluster. You will run all Orka commands and API calls against this endpoint. Orka license key The license key that you need to provide for administrative Orka operations. Orka IPv4 CIDR The network range of the Orka cluster in the CIDR notation. The MacStadium team configures the network range based on your requirements. Orka SG ID The ID(s) of the security group(s) configured in the Orka VPC. You can use these IDs to further configure the connectivity between the Orka VPC and the customer VPC on the side of the customer VPC. -
You can start using your Orka cluster in AWS.
Reporting issues
MacStadium handles all issues with your Orka cluster and respective AWS account and services.
If you experience any issues, submit a ticket through the MacStadium portal.
For more information about the available support tiers, see here.
For more information about how MacStadium support works, see here and here.
See also
Updated about 1 year ago