Vespa Cloud Enclave builds on top of some tooling that it is necessary to become familiar with before getting started. Terraform is especially important, and understanding the basics is necessary. Going through a tutorial for AWS will help.
Setting up Enclave in your account requires:
Contact support@vespa.ai stating which tenant should be on-boarded to use Vespa Cloud Enclaves. Also include the AWS account ID to associate with the tenant.
Note: We strongly recommend dedicated accounts to use for your Vespa Cloud Enclaves. Resources in these accounts will be fully managed by Vespa Cloud.
The same AWS account used in step one must be prepared for deploying Vespa applications. Use Terraform to set up the necessary resources using the modules published by the Vespa team.
A minimal example can be found in the GitHub repository.
If you are unfamiliar with Terraform: It is a tool to manage resources and their configuration in various cloud providers, like AWS and GCP. Terraform has published an AWS tutorial, and we strongly encourage Enclave users to read and follow the Terraform recommendations for CI/CD.
By default all applications are deployed on resources in Vespa Cloud accounts.
To deploy in your Enclave account,
updatedeployment.xml to reference the account
used in step 1.
<deployment version='1.0' cloud-account='aws:123456789012'>
<prod>
<region>aws-us-east-1c</region>
<region>aws-us-west-2a</region>
</prod>
</deployment>
When deploying to production zones in a tenant controlled AWS account, beware that system tests and staging tests can run in either in the tenant account or in Vespa Cloud’s account. If running tests in the tenant account is desirable, test and staging zones must also be provisioned in step 2 in the Onboarding guide.
See the multi-region example for details.