Self-Hosted AWS
AWS Deployment Guide
Deploying Glean within your own Amazon Web Services (AWS) environment can ensure compliance with your organization’s data residency requirements while maintaining Glean’s managed service model.
Overview
Glean provides customers the ability to deploy Glean software inside their own Amazon Web Services (AWS) account. This deployment requires your AWS admin to:- Create a new empty AWS account.
- Associate a valid billing account.
- Notify Glean of any tags that need to be added to any resources that are created.
- Execute the provided Glean CloudFormation template to bootstrap the AWS environment.
- Notify Glean of the AWS account ID, AWS account name, and AWS region selected.
1. Create a New AWS Account
Glean deploys to an empty AWS instance to provide layer of isolation from any other services you have running in AWS. This also simplifies the deployment process as it eliminates potential conflicts with existing services.- Select a supported AWS region for Glean to build your environment in.
- Create a new AWS account in the selected region.
- AWS Account ID (e.g.
182333000101) - AWS Account Name (e.g.
aws-glean-companyname) - AWS Region (e.g.
us-east-1)
The region selected cannot be changed once your tenant has been built. Changing region will require a complete rebuild of your tenant.
2. Company Tag Policy
You must notify Glean if your company policy enforces the use of specific tags on AWS resources. Glean can add these tags to nearly all resources that we create, but we must be notified in advance before commencing the build of your Glean tenant so that the tags can be seeded in the initial deployment. You should provide your Glean engineer a list of any and all tags that are required in the following format:3. Run the SCP Check Tool
Glean provides a SCP Checker script that can be used to check if you have any SCPs that can conflict with the build of Glean. If a conflict is detected, please notify your Glean deployment engineer who can provide further guidance.4. Deploy the Glean CloudFormation Template
A Glean provided CloudFormation template is used to bootstrap the AWS account so that the Glean build system can access and deploy Glean services. This process is automated.- Log in to your new AWS account as an Administrator.
-
Navigate to the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/
- Ensure that the correct region is selected before proceeding!
- If the CF template is installed to an incorrect region, you can delete it and re-install it to the correct one.
-
Click Create stack.
-
On the Specify template page, select Amazon S3 URL and paste the following URL for Glean’s CloudFormation template. Click Next to proceed.
-
Specify a name for the stack, e.g.
glean-bootstrap. Click Next to proceed. - When prompted, provide an email address to which Glean will send a magic link post-setup.
- Skip all other fields on the options page and click Next again at the bottom.
-
On the final review page, scroll to the bottom, agree to the capabilities acknowledgment, and click Submit to deploy the template.
- More information: Selecting a Stack Template (docs.aws.amazon.com)
5. (Strongly Recommended) Create the Admin Service Role
For deployment, Glean requires an Admin Service role be created to allow Glean on-call engineers to triage any issues with the build (and the environment once deployed). This access is short-lived, auditable, and only used to triage issues. Glean engineers require approval from Glean Senior Leadership to access this role. Once your environment is in steady-state, this admin role can be disabled - however you must have an established process in place where Glean can request access 24/7 in response to service issues. Without this process, Glean will not be able to honor any Service or Support SLAs.-
Following the CloudFormation process above, deploy the following template which defines the Admin Service role:
- You will need to specify the External ID in the above template script. This is unique for each environment and will need to be provided by your Glean deployment engineer. Please notify them when you are up to this step.
6. Request Quota Changes
The resource quotas that Glean requires are detailed below.| Quota Type | Service | Quota name | Location | New Value | Justification |
|---|---|---|---|---|---|
| All Quotas | SageMaker | ml.p3.16xlarge for training job usage | primary deployment region | 1 | The Glean search system trains a custom AI language model on the corpus, enabling features such as semantic search, synonyms, and more. we use these NVIDIA V100 Multi gpu machines to power the training. |
| All Quotas | SageMaker | ml.g4dn.xlarge for training job usage | primary deployment region | 4 | These are the standard machine types used for our general training jobs, which can have multiple running in parallel. We want to increase the quota to alleviate this contention. |
| All Quotas | SageMaker | (For Small and Medium sized deployments) ml.m5.2xlarge for training job usage (For Large and Extra Large sized deployments) ml.m5.4xlarge for training job usage | primary deployment region | 1 | Used for cpu based ml training jobs |
7. Review Cost Reduction Recommendations
Glean makes several recommendations available on how your AWS resource costs can be constrained/reduced. Link: AWS Hosting Cost & Reduction Recommendations We recommend that you review the recommendations and apply any that you believe are relevant. For example: Purchasing Reserved Instances for EC2 and RDS instead of relying on On-Demand.8. Notify Glean to Begin the Build
Once the above steps have been completed, notify your Glean deployment engineer who will initiate the build process for your environment.FAQ
Looking for the original version of this page? You can find the archived version here.