Bodo Managed Cloud Platform on AWS¶
Subscribe through the AWS Marketplace.
After confirming your subscription, you’ll be directed to Bodo Platform’s registration page.
Fill out the fields with your information. If this is your individual account, use a unique name such as firstname_lastname for the Organization Name field.
Check the box for accepting terms and conditions and click on
A page confirming that an activation link was sent to your email will appear. Please open the email and click on the activation link:
Clicking on the confirmation link will take you to the bodo platform page where you can use your newly created credentials to sign in:
Setting AWS Credentials¶
To use Bodo on AWS, you need to link your AWS account to the Bodo platform. This can be done either using the Settings page in the left bar or the first item in the Onboarding list highlighted in green as shown in the picture below:
To be able to use the Bodo Platform to launch clusters and notebooks, you must grant it permission to access your AWS account and provision the required resources in it. This can be done through an AWS Cross Account IAM Role for the Bodo Platform.
Create a Cross-Account IAM Role¶
There are two ways to create such an IAM Role, (a) you can create it manually, or (b) you can provide us with Access Keys and we can create an IAM role in your AWS account. We provide directions for both these methods below.
Create the IAM Role Manually¶
Log in to the AWS Management Console and navigate to the IAM Service.
Select the Roles tab in the sidebar, and click
In Select type of trusted entity, select
Another AWS Account.
Enter the Bodo Platform Account ID 481633624848 in the Account ID field.
Require external IDoption.
In the External ID field, copy over the External ID from the Settings page on the Bodo Platform.
In the Role name field, enter a role name, e.g. BodoPlatformUser.
Create Role. You will be taken back to the list of IAM Roles in your account.
In the list of IAM Roles, click on the role you just created.
Add inline policy.
Bodo Cloud Platform requires a specific set of AWS permissions which are documented in
Bodo-Platform Policy. Paste the contents of the linked JSON file into the policy editor.
In the Name field, add a policy name, e.g. Bodo-Platform-User-Policy. Click on
Create policy. You will be taken back to the Role Summary.
From the role summary, copy the
Role ARN. This is the value that you will enter into the Role ARN field on the Setting Page on the Bodo Platform.
Let the Bodo Platform create the IAM Role¶
Follow the instructions from AWS Account and Access Keys guide to create/retrieve your AWS access key ID and secret access key.
Create Role For Mebelow the Role ARN field on the Setting page. This will open up a panel.
Enter the Access Keys created in step 1 in the form and click on
NOTE: We will not save the provided Access Keys for security reasons.
OKon the popup confirmation box.
We will use the provided Access Keys to create an IAM Role in your AWS Account.
The created Role ARN will be displayed on the same form.
Copy the generated Role ARN. This is the value that you will enter into the Role ARN field on the Setting Page on the Bodo Platform.
In some cases, this role creation might fail. This could happen due to various reasons.
A role already exists: In this case, please open the AWS Management Console, and navigate to the IAM Service. Click on Roles in the sidebar. Look for a Role named BodoPlatformUser. Click on the role, and copy over the Role ARN from the role summary. Alternatively, you can delete the existing role from the AWS Console and then try to create an IAM role again via the Bodo Platform. This will ensure you have the role set up with the correct permissions.
Note: If this is a shared AWS Account, ensure that no one else is actively using this IAM Role before deleting it.
Provided access keys are not valid: Please ensure that valid access keys are provided.
Provided access keys don’t have the right permissions to create a role: Please ensure that the provided access keys have the permissions required to create an IAM Role.
If none of these work, try creating the IAM Role manually as described in Create the IAM Role Manually.
Once you have generated an IAM Role using either of the methods described above, you are now ready to fill the Settings Form on the Bodo Platform.
Enter the Role ARN created using one of the above options into the Role ARN field in the Settings Form.
Select a Region from the dropdown list. This is the region that your resources will be deployed in by default.
You can see the progress on granting AMI launch permissions to your account ID in the AMI Share Status field. Your account is ready when it turns green.
Note: We grant AMI launch permissions to your account in the following AWS regions: us-east-1, us-east-2, us-west-1 & us-west-2.
Note: It is highly recommended that you ensure sufficient limits on your AWS account to launch resources. See Resources Created in Your AWS Environment for the resources required for Bodo Cloud Platform.
Resources Created in Your AWS Environment¶
Bodo deploys cluster/notebook resources in your own AWS environment to ensure security of your data. Below is a list of AWS resources that the Bodo Platform creates in your account to enable clusters and notebooks.
Shared file system for clusters
Secure networking for clusters/notebooks
Managing EC2 instances
Cluster secrets (e.g. SSH keys)
IAM Role for Clusters
Allow cluster workers to access resources above
These resources incur additional AWS infrastructure charges and are not included in the Bodo Platform charges.
AWS Account Cleanup¶
As explained in Resources Created in Your AWS Environment, the platform creates two types of resources in the users’ AWS environments:
organization level resources and cluster specific resources. The organization level resources are created by the platform to set
up shared resources (such as a VPC, an EFS Mount, etc) that are used later by all created resources. The cluster specific resources
(such as EC2 instances, ENIs, etc) are created by the platform to host/manage a specific cluster. This includes notebooks and
corresponding resources as well.
The cluster specific resources are removed when you request a cluster to be removed.
The organization level resources persist in the user account so they can be used by clusters deployed in the future.
However, if you need to remove these resources for any reason (AWS limits, etc.), an option to do so is provided.
Navigate to the Settings page and click on
Show Advanced in the bottom-right corner.
This will bring up a section called AWS Resource Cleanup.
Select the region from which you would like to remove these resources
(i.e. the region in which the resources you want to delete have been created), and click
CLEANUP AWS RESOURCES.
Note that this will only work if you don’t have any active clusters in that region deployed through the platform.
Else, the request will be rejected, and you’ll be asked to remove all clusters in that region before trying again.
Removing active clusters (including clusters with a FAILED status) is necessary because
this process will make them inaccessible to the platform.
Users subscribed to the Bodo Platform through the AWS Marketplace will be charged for their use of the platform as part of their regular AWS bill. The platform charges are based on the type of instances deployed and the duration of their usage (to the nearest minute). The hourly rate for the supported instance types can be found on our website. For any cluster deployed through the platform, users are charged starting from when the cluster has been successfully deployed, until the time the user requests the cluster to be removed.
Note: Users are not charged in case of failures in cluster creation.
As mentioned previously in Resources Created in Your AWS Environment, the AWS resources set up by the platform in your AWS environment incur additional AWS infrastructure charges, and are not included in the Bodo Platform charges.