Deploying Cloud Block Store with AWS GUI
Note: Pure Store provides a CloudFormation template to deploy Cloud Block Store. Please do NOT modify contents of the provided CloudFormation template. Any changes made by the user without the expressed written consent of Pure Storage may lead to unexpected behavior and will not be supported.
Deploy Cloud Block Store from the AWS Marketplace.
Note: GovCloud customers will need to first log on to the commercial AWS account that is associated with the GovCloud account and then search for "Cloud Block Store" in the AWS Marketplace.
Alternatively, you can go to the AWS Marketplace and search for "Cloud Block Store".
- In the listing, click Continue to Subscribe.
- Click Continue to Configuration.
- Select your desired region and click Continue to Launch.
- Review the selections and click Launch. This launches the AWS CloudFormation stack creation service.
- The CloudFormation stack creation wizard should appear with all the template options pre-selected. Click Next to proceed.
- Enter the required information for your Cloud Block Store instance:
- Enter a Stack name. Stack name is for your Cloud Block Store deployment.
- Enter an ArrayName. ArrayName name is for your virtual appliance and is reflected in the name of the EC2 instances.
- Enter the RelayHost domain name. RelayHost is your domain name and can be modified later using the Cloud Block Store GUI or CLI. Example: purestorage.com
- Select the PurityInstanceType. PurityInstanceType is the desired Cloud Block Store model. You can view the model sizes and details in the CBS Support Matrix.
- Enter the LicenseKey. You receive the license key when you create the subscription through a Pure as-a-Service subscription or the AWS Marketplace.
- (Optional) In the AlertRecipients field, enter a comma-separated list of email contacts to receive email alerts. You can modify this later using the Cloud Block Store GUI or CLI.
- Select a KeyName. KeyName is the name of an existing AWS Key Pair you wish to use for SSH access.
- Select the SystemSubnet. SystemSubnet is a private subnet for the system interfaces and requires internet access. Refer to the Network Section for details and network options.
- Select the ReplicationSubnet. ReplicationSubnet is a private subnet for the Replication interfaces. Refer to the Network Section for details and network options.
- Select the iSCSISubnet. iSCSISubnet is a private subnet for the iSCSI interfaces. Refer to the Network Section for details and network options.
- Select the ManagementSubnet. ManagementSubnet is a private subnet for the management interfaces. Refer to the Network Section for details and network options.
- Select the ReplicationSecurityGroup. ReplicationSecurityGroup allows both inbound and outbound TCP traffic on ports 8117. Refer to Security Group for details.
- Select the iSCSISecurityGroup. iSCSISecurityGroup security group allows inbound TCP traffic on ports 3260. Refer to Security Group for details.
- Select the ManagementSecurityGroup. ManagementSecurityGroup allows inbound TCP traffic on ports 22, 80, 8084 as well as inbound/outbound on port 443. Refer to Security Group for details.
- Select the InstanceTenancy. Default tenancy uses on-demand or reserved shared instances. Dedicated tenancy uses instances that run on hardware dedicated to a single customer's account. Refer to EC2 Instance Tenancy for details.
- (Optional) Select the EncryptionVolumeWIthDefaultKey. If false (by default) encrypts the attached EBS volumes with the regional AWS managed keys. If true encrypts EBS volumes with customer-managed keys. Refer to Encryption Section for details.
- Keep the default values for the remaining fields and move to the next step.
- Click Next.
- Select Stack Options:
- (Optional) Apply tags for the Cloud Block Store resources.
- (Mandatory) Select the IAM Role: PurityServiceRole. Creating this role is a pre-requisite. See IAM Role and Permission for details. This step is required to ensure future capacity upgrades can occur.
- In the Stack creation options section, set Termination protection to Enabled.
The IAM role selection is required to deploy Cloud Block Store successfully as well as to upgrade or terminate Cloud Block Store in the future.
- Click Next.
- Review the selected parameters. Scroll to the bottom of the page and check the acknowledge box.
- Click Create stack.
- The Cloud Block Store stack takes approximately ten minutes to complete. When complete, the stack should appear with CREATE_COMPLETE status.
Enabling AWS CloudTrail (Optional)
AWS CloudTrail is a tool used to monitor and log event history in AWS accounts. Customers should use CloudTrail for tracking account activity, troubleshooting issues, and investigating security breaches in their AWS accounts. CloudTrail can also be integrated with other services to trigger actions such as sending alerts.
By default, CloudTrail stores logs for events in the AWS account for 90 days. Customers who wish to store logs for longer than 90 days should create a trail, and specify an S3 bucket where CloudTrail can store logs.
When creating a trail, Pure recommend selecting default options for everything, unless you have a specific reason to select a different option. If you have Cloud Block Store instances running in more than one region, be sure to select the option to enable CloudTrail in all regions in the account; not just the current region.
It is important to note that CloudTrail allows for the logging of two type of events: management events and data events. Management events are enabled by default. For data events, CloudTrail allows for the logging of API calls (PUTS/GETS) to Amazon S3. By default, data events for S3 buckets are not enabled.
- If customers do enable logging of data events for S3, Pure recommends customers exclude logging data events by Cloud Block Store to its associated S3 bucket. Customers can do this by excluding the Cloud Block Store S3 bucket from the data event of a CloudTrail configuration.
For more details on CloudTrail, please check out https://aws.amazon.com/cloudtrail/.
Shutting Down Cloud Block Store (Suspend/Resume)
Cloud Block Store can be shutdown (suspended) to reduce the cost while not in use. Please follow specific instructions here in this guide to suspend and resume your Cloud Block Store instance: How to Suspend/Resume a Cloud Block Store array in AWS.
It is important to note that you should not try to manually power down any of the underlying Cloud Block Store's EC2 resources (controllers or virtual drives).
Removing Cloud Block Store on AWS
For version 5.3.3.aws0 and above, customers can perform CBS deletion without Pure Support involvement.
Do not manually delete the Cloud Block Store stack in CloudFormation. To properly terminate and remove a Cloud Block Store instance, run the two CLI commands provided below. The proper steps will ensure that the Cloud Block Store instance removal is reflected accurately and accounted for in the Pure-as-a-Service subscription on Pure1.
- All Cloud Block Store volumes and snapshots must be deleted and eradicated prior to termination of a Cloud Block Store instance. This includes Protection Group snapshots.
- All connected arrays and targets must be disconnected from any type of Purity replication.
- Cloud Block Store instance must be able to phone home. This ensures the Cloud Block Store instance is properly de-registered in the Pure-as-a-Service subscription.
- Check and disable termination protection for the Cloud Block Store CloudFormation stack:
Once the prerequisite array state has been achieved, the following steps will terminate and remove the Cloud Block Store instance.
- Using SSH, log into the Cloud Block Store instance management port.
Note: See the Viewing Cloud Block Store Network Interfaces section for the management port IP address.
- Run the following command:
purearray factory-reset-token create
purearray factory-reset-token create Name Token MyCloudBlockStore 4109498
- A token will be provided in the output. Make a note of the token value.
- Run the following command with the token from the previous command.
purearray erase --factory-reset-token <token> --eradicate-all-data
This allows the Cloud Block Store instance to communicate with Pure1 prior to deleting itself.
purearray erase --factory-reset-token 4109498 --eradicate-all-data Name MyCloudBlockStore
- (Optional) The previous command triggers the CBS CloudFormation deletion process. It is important to note that removal of the S3 bucket is not included in this process. Therefore, once the CBS CloudFormation delete process completes, you next have to delete the S3 bucket associated with it manually.