Create System

This page provides instructions for creating a Datomic Cloud System.

  1. Create System Stack
  2. Verify System Stack
  3. Authorizing Inbound Traffic for your Bastion Instance

Before you begin, you will need to choose your Topology, either Solo or Production.

Create System Stack

NOTE The S3 template is for testing and runs only in us-east-1. Make sure you are in us-east-1.

Follow these steps from the CloudFormation console:

  1. Click the Create Stack button
  2. Under "Choose a Template", select the "Specify an Amazon S3 template URL" option
  3. Paste the System Template URL from the releases page in the input box:
  4. Click the Next button

"Specify Details" Screen

Fill in the template's parameter values as specified below.

Choose a name for your Datomic Cloud System. This must be a valid system name, specifically, it must consist of only lowercase letters, numbers, and hyphens and can't be longer than 50 characters.
Start bastion?
Set this to "Yes" so that the emplate will start a bastion for developer internet access. You will need to authorize access to the bastion instance in a later step.
AWS EC2 Key Pair
The key pair to assign to compute nodes. Select a key pair for ssh access to nodes and the bastion host.
Existing IAM managed policy for node
Optional. The name of an IAM managed policy to add to the role that group nodes run with. Leave blank.
Reuse existing storage on create
Indicates whether this launch is a restart or an initial creation. When false, will create persistent AWS resources. When true, reuses previously created resources. Accept the default of False for your first launch.

This CloudFormation Template creates a VPC in which to run Datomic Cloud. Configure the settings for the VPC in the VPC Configuration section. See the AWS VPC Guide for details on specifying the CIDR blocks. Unless you know you need to change the CIDR block settings, you should accept the default configuration.

VPC CIDR block
The CIDR block to assign to the VPC. Accept the defaults.
First, Second, and Third CIDR Blocks.
Datomic will configure three subnets in the VPC. These three CIDR Blocks must be subsets of the VPC CIDR Block, and they must not overlap with each other. Accept the defaults.

Click the Next button.

"Options" Screen

  1. Leave the default settings
  2. Click the Next button.

"Review" Screen

  1. Under "Capabilities", click the checkbox stating "I acknowledge that AWS CloudFormation might create IAM resources with custom names."
  2. Click "Create" to launch the stack.

Verify System Stack

Find your stack in the CloudFormation window and click the checkbox at the start of its row. Watch the Events tab until it shows CREATE_COMPLETE for the resource Type "AWS::CloudFormation::Stack". This can take several minutes.

Authorize Inbound Traffic for your Bastion Instance

When you created the Primary Compute Resources, you had an option to Start bastion?. If you accepted the default choice of Yes, the stack started a bastion instance inside the VPC and configured the instances security group to allow traffic from this instance to the primary compute instances. To allow developers to access the bastion from outside the VPC, you must add an inbound rule to the bastion security group.

  1. Navigate to the Security Groups section of the AWS EC2 Management Console
  2. Click on the bastion security group for your Datomic Cloud system, named <system-name>-bastion.
  3. Click the Inbound tab in the Security Group details at the bottom of the console.
  4. Click Edit to display the Edit inbound rules dialog box.
  5. Add an entry with the following parameters:
    • Type: SSH
    • Protocol: TCP
    • Port Range: 22
    • Source: Anywhere
  6. Accept the defaults for the other entries, and click Save

Note: Accepting the default source of "", enables all IPv4 addresses to access your instance using SSH. SSH access to the instance requires the EC2 Key Pair you previously created. To futher restrict access, you can enter a specific IP address or range of addresses.

See Managing the Bastion for more details on the bastion instance.

Congratulations! You have created a system. Next, you can configure access to Datomic Cloud.