Skip to main content

Data Privacy Platform AWS Deployment Guide

Deploy Privitar AWS

The Privitar AWS Stack contains all the resources that are required to deploy Privitar AWS in your AWS Cloud environment. Once the stack has been configured and successfully created, CodePipeline will then automatically deploy Privitar AWS.

To create the stack and configure the resources that are included in the stack, Privitar provides a launch stack URL that links to an AWS CloudFormation template that defines the resources used by Privitar AWS.

To create the stack, click on the Privitar launch stack URL. (This URL will have been sent to you from Privitar. See, Pre-requisites for deploying Privitar AWS).

The AWS Quick create stack page is displayed:

quick-create-stack.png

This page lists the configuration parameters that are available for the Privitar AWS stack. Many of the parameters contain sensible default values, but others must be completed to set up the stack for your particular AWS Cloud environment.

To create and configure the Privitar AWS stack:

  1. Enter a name for the stack in the Stack name field.

    The default name is Privitar. You can change this name to one that is more suitable for your AWS Cloud environment. A stack name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and can't be longer than 128 characters.

  2. Enter new values to configure the Privitar AWS stack in the Parameters section.

    The following table describes the parameters that must be completed to create a Privitar AWS stack. (For more information about the optional parameters available in this section, see Stack Parameters.)

    Parameter

    Description

    CdkInfrastructureZipBucket

    The Amazon S3 bucket name of the S3 bucket containing the Privitar AWS infrastructure zip file. The AWS CodePipeline deployed by the CloudFormation template will look for the Privacy Platform infrastructure zip file in this bucket.

    For example, if the full path to the infrastructure zip file is:

    s3://a-bucket/a-folder/infra.zip

    then set this parameter to:

    a-bucket

    CdkInfrastructureZipKey

    The Amazon S3 key for the S3 object that is the Privitar AWS infrastructure zip file.

    For example, if the full path to the infrastructure zip file is:

    s3://a-bucket/a-folder/infra.zip

    then set this parameter to:

    a-folder/infra.zip

    CreateTenantInstrumentationBucket

    Whether or not to create a separate S3 bucket for storing the Privitar AWS instrumentation events.

    This can be set to True or False. The default setting is: False.

    If set to True, you must provide an S3 bucket location to store the events. The location is provided by Privitar and can be set using the PrivitarInstrumentationBucket parameter.

    The name of the bucket created is of the format:

    privitar-${deploymentId}-instrumentation-bucket

    where ${deploymentId} is substituted with the setting of the DeploymentID parameter of this template.

    DeploymentID

    A unique identifier for the Privitar AWS deployment.

    Resources created by Privitar AWS CloudFormation will include the value of this parameter in their identifier and name. This helps AWS users to understand the resource, and enables running multiple platform deployments in the same AWS account.

    The deployment ID can contain only alphanumeric characters (lower-case alphabetic characters only) and hyphens. It must start with an alphabetic character and can’t be longer than 128 characters.

    For example:

    data1234

    HostedZoneID

    The AWS Route 53 public hosted zone ID to use to generate a domain name and certificate that can be used by Privitar AWS.

    AWS Route 53 is used to automatically create DNS A records to route traffic from the Route53 domain to Privacy Platform services. This hosted zone also enables HTTPS by facilitating the automatic issuing of publicly signed certificates in AWS Certificate Manager.

    As part of this process, ownership of the domain is automatically confirmed by writing CNAME records which AWS Certificate Manager verifies.

    For example:

    Z053459332BOI952MZ6ZK

    HostedZoneName

    The AWS Route 53 hosted zone domain name of the public hosted zone specified in the HostedZoneID parameter.

    For example:

    privitar-aws.com

    LicenceKeySecret

    (Provided by Privitar)

    The ARN of a plaintext AWS Secrets Manager secret that contains the platform license key file contents.

    This license key may need to be periodically updated.

    For example:

    arn:aws:secretsmanager:eu-west-1:423009687000:secret:license-key

    PrivitarInstrumentationBucket

    (Provided by Privitar)

    The name of the S3 bucket location to store Privitar AWS instrumentation events.

    The events are non-sensitive data events that describe how Privitar AWS is being used.

    Typically, the S3 bucket location will reside in the platform's AWS account.

  3. Click the check box in the Capabilities section to agree to the changes that will be made to your AWS account by creating the Privitar AWS stack.

  4. Select Create stack to create the Privitar AWS stack.

    If the stack is created successfully, it will appear in the AWS CloudFormation stack list:

    CloudFormation > Stacks > <stack-name>

    where <stack-name> is the name of the stack that you defined in the Stack name field. By default, the name will be Privitar.

    CloudFormation will report CREATE COMPLETE in the Status column to indicate that the stack has been successfully created.

    The successful completion of the stack by CloudFormation will automatically trigger CodePipeline to deploy Privitar AWS.

  5. Navigate to Developer Tools > CodePipeline > Pipelines > <stack-name>

    From this location you can observe each stage of the deployment taking place. For example:

    codepipeline.png
  6. In the CodePipeline interface, look for the Review stage to manually approve the changes before they are deployed. When the change set is ready to be reviewed, click the Review button in the ManualApproval action, then click Accept to accept the changes and continue the deployment.

  7. If the deployment is successful, a new deployment will be created in CloudFormation > Stacks. The new stack will have -deployed appended to the stack name. So, in the above example, the Privitar AWS deployment created would be:

    Privitar-deployed

  8. To confirm that Privitar AWS has been deployed, enter the URL of the deployment.

    The URL is derived from the DeploymentID parameter together with the HostedZoneName that were defined when the Privitar AWS stack was created. For example, if these two parameters were defined as:

    • DeploymentID - data1234

    • HostedZoneName - privitar-aws.com

    The URL for Privitar AWS would be:

    https://data1234.privitar-aws.com

    Enter the URL in a browser, the Privitar AWS login screen is displayed:

    login-screen.png
  9. A one-time-use password has been randomly generated and stored as a secret in AWS Secrets Manager, under the name of privitar/DeploymentID/one-time-password, where DeploymentID is the value of the parameter defined in the Privitar AWS Stack. To retrieve the one-time password in the AWS Secret Manager service, go to the AWS Console and navigate to AWS Secrets Manager > Secrets, click on the secret with the name defined above and click Retrieve Secret Value to show the password value.

  10. Go back to the URL for Privitar AWS, use the username admin and the one-time password retrieved in the step above to log-in. The Privitar AWS dashboard is displayed.

    Refer to Using Privitar AWS for more information on how to setup and begin using Privitar AWS.