Control Plane on AWS EKS (CloudFormation)
Provision the Aurva Control Plane on Amazon EKS using AWS CloudFormation.
Overview
The Aurva Control Plane stores telemetry from Data Planes, runs analysis pipelines, and serves the Aurva console. This guide covers a self-hosted Control Plane deployment on Amazon EKS using the Aurva-provided CloudFormation templates plus Helm charts.
For the Terraform variant, see Control Plane on AWS EKS (Terraform).
Infrastructure Components
The CloudFormation stack provisions the same resources as the Terraform variant:
EKS
| Component | Configuration |
|---|---|
| Architecture | x86_64 |
| Node OS | Amazon EKS-Optimized Linux |
| Instance size | c5a.xlarge (varies with scale) |
| Storage | 100 GB minimum |
RDS (PostgreSQL)
| Component | Configuration |
|---|---|
| Engine version | PostgreSQL 18 |
| Instance class | db.t4g.medium (varies with scale) |
| Storage | 128 GB minimum |
OpenSearch
| Component | Configuration |
|---|---|
| Engine version | OpenSearch 2.19 |
| Instance class | c7g.large.search (varies with scale) |
| Nodes | 3 minimum |
| Volume | Sized based on QPS |
Storage
| Bucket | Configuration |
|---|---|
| Alerts & Reports | Standard, lifetime retention |
| OpenSearch snapshots | Glacier (first 120 days), then Deep Archive |
All buckets use SSE-S3 encryption, block public access, and restrict access to the Control Plane IAM role.
Networking & IAM
| Component | Notes |
|---|---|
| Load balancers | 1 ALB and 1 NLB |
| IAM | Read/write/delete for S3 and OpenSearch (managed by the stack) |
Deployment Prerequisites
VPC
- A VPC with at least 2 private subnets.
- Each subnet must have at least 96 available IPv4 addresses.
ACM Certificate
An ACM certificate matching your company domain (e.g. *.aurva.com) must already exist in the AWS account. The stack attaches it to the load balancers.
Jump Server
A Linux jump server inside the same VPC, with the following CLIs installed:
| CLI | Verify |
|---|---|
| AWS CLI | aws --version |
| Helm | helm version |
| kubectl | kubectl version |
| curl | curl --version |
Networking Prerequisites
| Source | Destination | Port | Purpose |
|---|---|---|---|
| VPC | resources.deployment.aurva.io | 443 | Download deployment scripts and resources |
| VPC | bifrost.aurva.io | 443 | License validation |
Deployment Workflow
The deployment is split into two phases: infrastructure (CloudFormation) and application (Helm).
Infrastructure — Step 1: Download the bundle
mkdir -p /opt/aurva-controlplane
cd /opt/aurva-controlplane
curl -O https://resources.deployment.aurva.io/manifests/main/install-controlplane-aws-kube-cfn.tar.gz
tar -xzvf install-controlplane-aws-kube-cfn.tar.gz
After extraction:
install-controlplane-aws-kube-cfn/
├── cloudformation/
└── helm/
Infrastructure — Step 2: Configure stack parameters
cd install-controlplane-aws-kube-cfn/cloudformation
cp parameters.json.example parameters.json
vi parameters.json
Key parameters:
| Parameter | Description | Example |
|---|---|---|
VpcId | Existing VPC ID | vpc-0c1e176679c6f5778 |
PrivateSubnetIds | Comma-separated private subnet IDs | subnet-02b70317d0fa1b5d7,subnet-06aa8777e1dab9cb8 |
PublicSubnetIds | Comma-separated public subnet IDs | subnet-03c901a039a89e31b,subnet-0fcdac58aeef4329e |
AcmCertificateArn | ARN of the ACM certificate | arn:aws:acm:ap-south-1:...:certificate/... |
EksNodeInstanceType | EKS node group instance type | c5a.xlarge |
RdsInstanceClass | RDS instance class | db.t4g.medium |
RdsStorageSize | RDS allocated storage (GB) | 256 |
OsInstanceType | OpenSearch instance type | c7g.large.search |
OsNodeCount | OpenSearch data node count | 3 |
OsVolumeSize | OpenSearch EBS volume size (GB) | 100 |
Infrastructure — Step 3: Deploy the CloudFormation stack
aws cloudformation create-stack \
--stack-name aurva-controlplane \
--template-body file://template.yaml \
--parameters file://parameters.json \
--capabilities CAPABILITY_NAMED_IAM \
--region ap-south-1
# Wait for completion
aws cloudformation wait stack-create-complete \
--stack-name aurva-controlplane \
--region ap-south-1
Stack creation typically takes 15–25 minutes.
Infrastructure — Step 4: Get stack outputs
aws cloudformation describe-stacks \
--stack-name aurva-controlplane \
--query 'Stacks[0].Outputs' \
--output table \
--region ap-south-1
Application — Step 1: Export Helm values
The stack outputs include a Helm values snippet:
aws cloudformation describe-stacks \
--stack-name aurva-controlplane \
--query "Stacks[0].Outputs[?OutputKey=='HelmValuesSnippet'].OutputValue" \
--output text \
--region ap-south-1 > ../helm/env/production.yaml
Application — Step 2: Set the Kubernetes context
aws eks update-kubeconfig \
--name $(aws cloudformation describe-stacks \
--stack-name aurva-controlplane \
--query "Stacks[0].Outputs[?OutputKey=='ClusterName'].OutputValue" \
--output text --region ap-south-1) \
--region ap-south-1
Application — Step 3: Install the Helm chart
cd ../helm
helm upgrade --install aurva-controlplane . \
-f values.yaml \
-f env/production.yaml \
-n aurva-controlplane \
--create-namespace
Verification
kubectl -n aurva-controlplane get pods
All pods should reach Running. Once the load balancers are healthy, the Aurva console becomes reachable at the configured domain.
Updating the Stack
aws cloudformation update-stack \
--stack-name aurva-controlplane \
--template-body file://template.yaml \
--parameters file://parameters.json \
--capabilities CAPABILITY_NAMED_IAM \
--region ap-south-1
Next Steps
- Deploy a Data Plane to start collecting telemetry.
- Configure Monitoring for your first data asset.