Skip to main content
Version: 9.1

Deployment on AWS

This page describes the process and requirements for deploying a new Qrvey MultiPlatform Environment in AWS.

For all V9 installations, please first contact Customer Support.

Requirements

  • Docker: The latest version of Docker should be installed.
  • The Docker Image for the desired version, found in the release notes.
  • The registry username and password provided by the Qrvey Support team.
  • IAM user with Admin access, an access key, and a secret key: This is needed to create the resources for deployment.
  • The VPC (or equivalent) that is being used to deploy the Qrvey Platform should have a minimum CIDR of /22.
  • An S3 Bucket to store the state file. It should be in the same region as the deployment.
  • SMTP configuration to send emails.
  • A DNS Hosted Zone (Optional): To generate valid SSL Certificates for the Qrvey Composer domain. If there is no domain setup, we will generate one with the following format: $deployment_id.mp.qrveyapp.com. To automatically set up a custom DNS, the Route 53 zone should be in the same account as the deployment, and credentials should have sufficient permissions.
  • If using an IAM user for deployment, here are the Minimum Required Permissions for Deployment:
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Effect": "Allow",
    "Action": [
    "ec2:*",
    "elasticloadbalancing:*",
    "autoscaling:*",
    "eks:*",
    "iam:*",
    "route53:*",
    "s3:*",
    "secretsmanager:*",
    "rds:*",
    "rds-db:*",
    "kms:*",
    "cloudwatch:*",
    "logs:*",
    "acm:*",
    "elasticfilesystem:*",
    "ecr:*",
    "ssm:*",
    "sts:*",
    "dynamodb:*",
    "vpce:*",
    "opensearch:*",
    "cloudfront:CreateCloudFrontOriginAccessIdentity",
    "athena:StartQueryExecution",
    "athena:GetQueryExecution",
    "athena:GetQueryResults",
    "athena:GetDatabase",
    "athena:CreateDataCatalog",
    "glue:CreateDatabase",
    "glue:GetDatabase",
    "glue:GetDatabases",
    "geo:*"
    ],
    "Resource": "*"
    }
    ]
    }

Installation

  1. To install Qrvey 9.0 (LTS) in your AWS account, you need to create the following file: config.json.
    For more details, please see the Configuration Variables section below.

    {
    "account_config": {
    "access_key_id": "<ACCESS_KEY>",
    "secret_access_key": "<SECRET_KEY>>",
    "region": "<REGION>",
    "bucket": "<S3_BUCKET_TO_STORE_THE_STATE_FILE>",
    "key": "<FILE_NAME>"
    },
    "variables": {
    "registry_user": "<REGISTRY_USER_PROVIDED_BY_QRVEY_SUPPORT>",
    "registry_key": "<REGISTRY_KEY_PROVIDED_BY_QRVEY_SUPPORT>",
    "qrvey_chart_version": "<QRVEY_VERSION>", // found at the end of the docker image provided above under pre-requisites
    "enable_location_services": true,
    "es_config": {
    "size": "large", // can be small, medium, or large
    "count": 1
    },
    "customer_info": {
    "firstname": "John",
    "lastname": "Smith",
    "email": "JS@qrvey.com",
    "company": "Qrvey"
    },
    "initial_admin_email": "JS@qrvey.com",
    "globalization": {
    "google_client_email": "", // optional
    "google_client_private_key": "", // optional
    "google_document_id": "", // optional
    "google_document_sheet_title": "" // optional
    },
    "enable_trino": false // optional
    }
    }

    Once the above prerequisites are ready, run the following commands to install Qrvey.

  2. From your terminal, navigate to the directory that contains the config file above.

  3. Use the following command to log in to the Qrvey Registry.

    docker login qrvey.azurecr.io --username $registry_user --password-stdin <<< $registry_key
  4. Run the installation commands with the desired Terraform option: plan, apply, output, or destroy.
    For installation, use the apply option. The installation process should take about two hours.

    # This command is for MAC. Choose the platform param as required based on your OS.
    docker run --platform=linux/amd64 -v $(pwd)/config.json:/app/qrvey/config.json -it --rm qrvey.azurecr.io/qrvey-terraform-aws:${qrvey_version} apply

    After running the apply command, wait until the process is complete and review the resources created.

  5. You may run the following command to get environment outputs, including the admin username and password, to log in to Qrvey. Note: The command below is for MAC. Set the --platform param as required based on your OS.

docker run --platform=linux/amd64 -v $(pwd)/config.json:/app/qrvey/config.json -it --rm qrvey.azurecr.io/qrvey-terraform-aws:${qrvey_version} output
    ##########
### ####
### ### +++ +++ +++ +++++ +++ ++
### ### ++++ +++ +++ +++ +++ ++ +++
### ### ++ ++ +++ +++ ++++ ++ +++
### ### ++ ++ ++ ++++++++ +++ ++
### ### ++ ++++++ +++ ++++++
#### ##### ++ ++++ +++ +++ ++++
######## ++ ++ +++++++ +++
##### ++
######## ++++

# ENVIRONMENT DETAILS
DEPLOYMENT_ID: deployment-id
URL: https://deployment-id.mp.qrveyapp.com
ADMIN URL: https://deployment-id.mp.qrveyapp.com/admin/app/
ADMIN USER: admin@company.tld
ADMIN PASSWORD: generated_admin_password
APIKEY: qrvey_api_key
PostgresqlConnection: postgres://qrvey_usr:db_password@deployment-id-qrvey-db.postgres.database.azure.com:5432/postgres
ES_HOST: https://1.2.3.4:9200/
ES_USERNAME: elastic
ES_PASSWORD: elastic_password
  1. Navigate to your Qrvey domain and log in to the platform.

    Login Page

Configuration Variables

This section describes the input variables available for AWS deployment using Terraform. Each variable can be customized to fit your deployment requirements. Refer to the table below for variable names, types, default values, and descriptions.

Variable NameTypeDefault ValueDescription
api_keystring""API Key for migrated instances
aws_access_key_idstring""AWS account access key
aws_regionstring"us-east-1"AWS region for resource deployment
aws_secret_access_keystring""AWS account secret key
aws_session_tokenstringnullAWS session token
azslist(string)nullAvailability zones for subnet creation
chart_namestring"qrvey"Name of the chart to deploy
chart_valueslist(object)[]Chart values (name, value, type)
create_vpc_endpointsbooltrueWhether to create VPC endpoints
customer_infoobject{}Required. An object containing customer information.
deployment_idstring""Deployment ID (for migrations)
dns_zone_namestring""DNS zone name
elasticsearchobject{}Existing Elasticsearch engine data (host, auth_user, auth_password, cluster_name, version)
enable_location_servicesboolfalseEnable location services
enable_trinoboolfalseDeploy Trino Helm chart
es_configobject{}Elasticsearch config (name, size, count, storage)
globalizationobject{}Globalization settings (google_client_email, google_client_private_key, etc.)
initial_admin_emailstring""Required. Initial admin email.
intra_subnets_cidrslist(string)["10.110.201.0/24", "10.110.202.0/24"]Intra subnets
openai_api_keystring"sk-xxxxxxxxxxxxxxxxxxxxxx"OpenAI API key
postgresql_configobject{}PostgreSQL config (name, instance_class, version)
private_subnets_cidrslist(string)["10.110.1.0/24", "10.110.2.0/24", "10.110.32.0/20", "10.110.48.0/20"]Private subnets
public_subnets_cidrslist(string)["10.110.101.0/24", "10.110.102.0/24"]Public subnets
qrvey_chart_versionstring""Required. Qrvey chart version
rabbitmq_service_internalbooltrueUse internal RabbitMQ service (true for ServiceIP, false for LoadBalancer)
registry_keystring""Required. Qrvey registry key.
registry_userstring""Required. Qrvey registry user.
s3_bucketobject{}Existing S3 bucket configuration
table_hierarchy_enabledboolfalseEnable table hierarchy feature
trino_configobject{}Trino config (name, size, count)
use_athena_from_serverlessboolfalseUse Athena from serverless
use_existing_vpcboolfalseUse an existing VPC
use_public_subnet_for_dbboolfalseUse a public subnet for the database
vpc_cidrstring"10.110.0.0/16"VPC CIDR block
vpc_detailsobjectnullVPC details (vpc_id, public_subnets, private_subnets, intra_subnets)

chart_values

[
{
"name": "string",
"value": "string",
"type": "string"
}
]

customer_info

{
"firstname": "string",
"lastname": "string",
"email": "string",
"company": "string"
}

elasticsearch

{
"host": "", // optional, default
"auth_user": "elastic", // optional, default
"auth_password": "", // optional, default
"cluster_name": "elasticsearch-es-internal-http.elastic-system.svc.cluster.local", // optional, default
"version": "7.10" // optional, default
}

es_config

{
"name": "elasticsearch", // optional, default
"size": "medium", // optional, default
"count": 1, // optional, default
"storage": "200Gi" // optional, default
}

globalization

{
"google_client_email": "", // optional, default
"google_client_private_key": "", // optional, default
"google_document_id": "", // optional, default
"google_document_sheet_title": "" // optional, default
}

postgresql_config

{
"name": "postgresql", // optional, default
"instance_class": "db.t3.medium", // optional, default
"version": "16.3" // optional, default
}

s3_bucket

{
"qrveyuserfiles": "", // optional, default
"use_cloudfront": "true", // optional, default
"drchunkdata": "", // optional, default
"drdatacommons": "", // optional, default
"drdatalake": "", // optional, default
"config": "", // optional, default
"basedatasets": "" // optional, default
}

trino_config

{
"name": "trino", // optional, default
"size": "small", // optional, default
"count": 2 // optional, default
}

vpc_details

{
"vpc_id": "string",
"public_subnets": ["string"],
"private_subnets": ["string"],
"intra_subnets": ["string"] // optional
}