Completing and submitting the deployment templates

To deploy Data Gate on Cloud, you must open the CloudFormation templates, fill in the required information, and submit the templates. Before you can fill in an submit the second template, you must open the OpenShift® web UI to obtain required details about the Db2® Warehouse on Cloud service.

About this task

Data Gate on Cloud provides two CloudFormation templates:
  • The first template spawns two more CloudFormation templates when you submit it. Eventually, these spawned templates create a virtual private cloud (VPC) on AWS and a Red Hat® OpenShift (ROSA) cluster inside this VPC. See the following diagram:
    Figure 1. VPC and ROSA cluster created by first template
    The diagram shows the topology of the VPC and its components after submitting the first template.
  • The second template installs a Data Gate on Cloud instance in one of the private subnets of the ROSA cluster, and an endpoint service in the Data Gate on Cloud VPC. This endpoint service is required to connect to your IBM Z data center and your Db2 Warehouse on Cloud instance. For more information, see Figure 1. A kind of a zoom-in diagram of the Data Gate on Cloud VPC and the related endpoints is shown here:
    Figure 2. Data Gate on Cloud instance created inside ROSA cluster
    The diagram shows the relationship between the deployed Data Gate on Cloud instance in the ROSA cluster and other AWS components.

AWS IAM resources

When you submit the CloudFormation templates, the following IAM roles, access keys, policies, and security groups are created on AWS during the deployment:

Table 1. IAM resources
Logical resource name Resource type Purpose
AWSIAMUser AWS::IAM::User User ID for the execution of installation scripts on the boot node EC2 instance
AWSIAMAccessKey AWS::IAM::AccessKey Access key for the AWSIAMUser
ROSAIAMUserPolicy AWS::IAM::UserPolicy Inline policy for the AWSIAMUser. The policy is used for the creation of the Red Hat OpenShift (ROSA) cluster and related artifacts
DGIAMUserPolicy AWS::IAM::UserPolicy Inline policy for the AWSIAMUser. The policy is used for the creation of the Data Gate on Cloud instance and related artifacts
LambdaExecutionRole AWS::IAM::Role Role for executing the lambda function, which cleans up the OpenShift and Data Gate on Cloud resources that have been provisioned by the boot node EC2 instance
BootNodeIamRole AWS::IAM::Role Role for the execution of additional installation automation scripts by the boot node EC2 instance
BootnodeSecurityGroup AWS::EC2::SecurityGroup Security group for the boot node EC2 instance that executes the additional installation scripts

Procedure