Skip to main content

Data Privacy Platform AWS Deployment Guide

Pre-requisites for deploying Privitar AWS

This section details the pre-requisites to successfully deploy Privitar AWS in an AWS Cloud environment. There are two main areas:

  • Privacy Platform resources

  • AWS Cloud resources

Privacy Platform Resources

The following are needed for the deployment. Some of the items are provided as links to locations in the the private AWS Cloud environment that is hosted by the platform. Other resources will be sent to you directly by Privitar:

  • A launch-stack URL. This is a link to an AWS CloudFormation template that defines the resources used by Privitar AWS. Privitar will have granted you access to this location:

  • The Privitar AWS infrastructure binaries ( URL Privitar will have granted you access to this location:


  • A license key file. This key must be stored in AWS Secrets Manager. It is used to access Privitar AWS. Privitar will send you this information.

AWS Cloud Resources

The following items must be present in your AWS Cloud environment:

  • Amazon S3 bucket location to store the platform binaries.

    The Privitar AWS deployment uses AWS CodePipeline. This pipeline consumes a zip file provided by Privitar which contains Privitar AWS artifacts and an AWS Cloud Development Kit application. Subsequent installations and updates of Privitar AWS involve uploading a zip file (provided by Privitar) to a configured location in S3 that is consumed by the pipeline.

    To create an Amazon S3 bucket to store the Privitar AWS artifacts and AWS Cloud Development Kit application, see Amazon S3 User Guide - Creating a Bucket.


    The bucket that is created must be versioned. If it is not versioned, CodePipeline will raise an error. To remedy this, enable versioning for the S3 bucket and run CodePipeline again. See, Amazon S3 User Guide - Using versioning in S3 buckets.

  • Amazon S3 bucket location to store Privitar AWS Instrumentation Events.

    For more information about the Instrumentation system on the platform, refer to the Privitar User Guide.

  • AWS Secrets Manager to store the platform license key. The key should be stored in plaintext.

    To create a secret in AWS Secrets Manager to store the platform license key, see AWS Secrets Manager User Guide - Creating a Secret.

  • An Amazon Route53 registered domain and an Amazon Route53 public hosted zone.

    These resources are used to automatically create DNS A records to route traffic from the Route53 domain to platform services. This hosted zone also enables HTTPS by facilitating the automatic issuing of publicly signed certificates in AWS Certificate Manager. As part of this process, ownership of the domain is automatically confirmed by writing CNAME records which AWS Certificate Manager verifies.

    To setup Amazon Route53, see Amazon Route53 Developer Guide.

  • A mutual TLS certificate authority file stored in S3. (Optional)

    Note that this is only necessary if mutual TLS is required. Mutual TLS enables the use of Privitar On Demand, the Privitar SDK and Privitar Policy Manager REST APIs. If this option is specified, an AWS API Gateway will be created which provides mutual TLS connectivity using the configured certificate authority.

    To setup Mutual TLS to enable the use of Privitar On Demand, the Privitar SDK and Privitar Policy Manager REST APIs, see Amazon API Gateway Developer Guide.