# AWS Marketplace installation
Ontopic Studio is available on AWS Marketplace as an AMI image (opens new window).
# Usage instructions
- Select action Launch though EC2.
- When filling the configuration form, we recommend you enable encryption for the two volumes. For that, in the Configure storage section, click on Advanced. For each volume, select Encrypted in the Encrypted menu. For the KMS key, we suggest selecting (default) aws/ebs.
- Once the instance is running, enter the public DNS provided by AWS into your browser. You will then see the Ontopic Studio application and be prompted to enter a username and a password. The default administrator is
studio
, and the password is the ID of the EC2 instance. To get this ID, please refer to this page (opens new window). - You may change the username and password in the configuration service by navigating to port 8080 (add
:8080
at the end of the url). Within the configuration service, you can also provision and manage local users. - You can access your instance via SSH using the username
ec2-user
and your AWS private key.
# FAQ
Which ports are open?
- HTTP on 80 for the main UI
- HTTP on 8080 for the configuration service
- SSH on 22 for access to the terminal
- SSH on 2222 for accessing to the Git repositories (read-only)
How can I enable HTTPS?
You have to set up a reverse-proxy on your own. We recommend using the Certificate Manager (opens new window) and the Application Load Balancer (opens new window) from AWS.
How can I provide a stable domain name for the SSH port of the Git repositories?
Go on the configuration service (on the port 8080) and in the Host section, set the value of Git public domain. When this value is not specified, the Git repository uses the public domain name provided by AWS in the SSH clone URLs. The public domain name provided by AWS is not stable and typically changes when the EC2 instance is deployed on a different physical machine.
Can I clone Git repositories using HTTPS?
No, this feature is not supported at the moment. Please register your personal SSH key in the settings of the Git repository manager and use the SSH URL for cloning the repository.
How can I migrate to a newer version?
Create a snapshot of the second volume (/dev/xvdba
). When creating a new EC2 instance from the Marketplace, in the section Configure storage, click on "Advanced" and select the snapshot you created for the second volume (/dev/xvdba
). Check that the new EC2 instance is working and decommission the previous one.
How can I assess and monitor the health and proper function of the application?
First, navigate to your Amazon EC2 console and verify that you're in the correct region. Choose Instance and select your launched instance. Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed.
How can I add or update a JDBC driver?
See the dedicated section.
Where is sensitive data stored?
All data is stored within the /var/lib/ontopic-studio
, /var/lib/ontopic-studio-configuration
, /etc/ontopic-studio/secrets
and /etc/ontopic-studio/configuration/secrets
folders. All these folders are stored in the second volume (/dev/xvdba
).
What is the data encryption configuration?
By default the volumes are not encrypted due to the publishing method. However, we recommend you enable it for both volumes, or at least for the second one containing data. See the steps at the beginning of the Usage instructions.
How can I rotate programmatic system credentials and cryptographic keys?
To rotate application credentials, you can use the configuration service running at port 8080.
To rotate your SSH key, modify the contents of .ssh/authorized_keys
.
How can I login with OpenID Connect authentication using Azure Active Directory?
See the dedicated section
How to register an application on Azure Active Directory?
See the dedicated section.
How to configure materialization with an S3 bucket?
See the dedicated section.