CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

AWS Configurations

AWS ID Format

The AWS ID is transparent to CloudCenter. If AWS returns a longer instance ID, the CloudCenter platform accepts this AWS ID as is. While the Java string does not have a length limit the database schema is limited to 255 characters.

CloudCenter AMI Details

If you need to share CloudCenter AMIs, contact CloudCenter Support with the following information:

  • AWS account number

  • CloudCenter version

  • Contact email

  • Customer name

  • Customer ID (CID)

On-Demand Instance

With Multiple Volumes configured when deploying the application on AWS, users have the option to select pricing by using the On-Demand Instance.

IAM Role

Identity and Access Management (IAM) Role and Security Token Service (STS) are supported by the CloudCenter platform.

Feature Depedency

These two features are dependent on the CCO being launched (and establishing a trust relationship in AWS) using an IAM role. See for additional details.

To use IAM roles, you must launch the CCO VM using the admin role so you can use the IAM role at any point in the future. Launching a CCO VM with the admin role allows you to use either the IAM role or the classic key/secret key access at any time.

For IAM role-based accounts, the CloudCenter platform requires the EC2fullAccess role (minimum requirement). If using the CloudCenter RDS out-of-box service, your account additionally requires RDSfullAccess as well.

Instead of specifying the access key and secret key and so forth, you can manage instance types by using an IAM role. By default, this feature is disabled and you must explicitly enable the IAM role by toggling this button to ON when you configure an AWS Cloud.

You can launch RDS instances using IAM role-based accounts if you meet the following requirements:

  • If a Docker container is not part of the CCO, then you must assign the Docker container VM to the same IAM role as the CCO server.

  • Be sure to attach the following sts:GetFederationToken custom policy to IAM roles (with RDSfullAccess):

        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Action": "sts:GetFederationToken",
            "Resource": "*"

 Configuring HA for PostgreSQL Database on AWS

Configuring HA for PostgreSQL Database on AWS


Be sure to configure the following dependencies before starting the HA configuration procedure.

  • The required IAM policies – see AWS Configurations (this page) > IAM and STS for additional context. Verify that the IAM policy and role has been used and has worked prior to starting this procedure.

  • The roles and modes for the components used in your environment – see Virtual Appliance Overview > Modes and Roles.

    • CloudCenter 4.8 supports the RDS setup for NON_HA, HA, and NON_HA_SA modes.

    • The HA modes and roles for each component are identified in teal.

  • This procedure assumes that you are using:

    • The CloudCenter 4.8.0 installer with RDS service for CCM Non-HA Standalone or CCM HA.

    • Hardware Requirements of 2 CPU, 4GB memory, 50GB storage

    • If the PostgreSQL RDS master instance fails, the PostgreSQL RDS replica instance will:

      • Become the master in about 5 minutes

      • Be in read only mode

      After this switch, you must configure the CCM server by invoking the config wizard and provide the new master details. See Configure CCM Wizard Properties > DB > IP or Hostname row in the table.


This procedure may differ based on your AWS version and is intended to provide a point of reference if you choose to configure HA for the PostgreSQL database.

To configure HA for a PostgreSQL database setup on AWS, follow this procedure.

  1. Launch a RDS database Instance and select the PostgreSQL Engine.

    1. Access your AWS RDS console.

    2. Launch a database instance.

    3. Select the PostgreSQL Engine.

    4. Select PostgreSQL with Multi-AZ Deployment, and click on Next Step.

    5. Provide the following values along with the pre-populated value:

      1. DB Instance Identifier – A unique name to identify the AWS database instance account.

      2. Master Username – cliqr (The username for this account – you must use cliqr for this field)

      3. Master Password – The password for this account (8 characters, case insensitive).

      4. Confirm Password – Repeat the master password.

    6. Configure the Advanced Settings:

      1. Change the Backup, Monitoring & Maintenance configuration based on your usage requirements.

      2. Select the VPC Security Group(s) to allow Port 5432 and ensure Database connection.

      3. In the Database Name field, enter cliqrdb.

      4. Click Launch DB Instance.

    You have now launched the database instance. The RDS instance takes some time to come up as it involves creating, modifying -> backing-up process on the backend.

  2. Once the instance is up and available, view the cliqrdb instance using the PSQL remote host command. Here is a sample command:

    Sample Command
    psql -h -U cliqr -d cliqrdb

  3. Launch an instance for CCM, download the installer artifacts, and run the core_installer.

  4. To install DB in remote host, change the ccm-response.xml for CCM and provide the RDS canonical name for the following items and run the appliance installer:

    1. db_host = the remote host name

    2. db_user = cliqr 

    3. db_pass = the password used to launch the RDS instance

  5. Configure HA for the RDS instance.

    1. Select the RDS instance and choose Create Read Replica from the Instance Actions.

    2. Create the read replica of the master RDS instance by providing the required details.

      1. DB Instance Identifier – The master RDS instance

      2. Destination Region –  Within the same region or a different region

      3. Availability Zone – Any availability zone

    3. Click Create Read Replica to launch the replica.

    4. Once launched, the instances are displayed on the RDS console with the replication role master and replica.

    5. Connect to the replica instance, and verify that the data is synchronized.

Back to CCM (Required)

Ephemeral Disks

When you configure 100 GB of disk space, you may only get 20GB VM. This is because CloudCenter only used the root disk size in earlier CloudCenter releases. You can attach one ephemeral disks if you configure a larger size in the instance type (see Map Images > Instance Types for additional context).

Root Volume Size

See Multiple Volumes and the Submit Job (v2) API for additional context.

Instance Profile

An optional Instance Profile field is available when you configure Environments or set the Deployment Environment Defaults. If you configure this field, provide the Amazon Resource Name (ARN) used for the Instance Profile configured in your AWS Cloud account.

If you specify the Instance Profile name, the CloudCenter platform launches VMs within the IAM role that is associated with the corresponding instance profile.

To successfully launch the AWS cloud account (either using as IAM role or the account secret key) you must have the required permission to pass the IAM role associated with the specified instance profile.


If the application VMs run in isolated networks (like Amazon's VPC), be sure to setup proper NAT rule (only outgoing needed) to allow application VMs to connect to RabbitMQ. See Per CloudCenter Region Installation (Required) > AMQP for additional context.

The CCM instance that interacts with the CloudHSM server must reside inside the same VPC as the CCM. See CloudHSM for additional context.

Refer to for additional context.

CloudCenter ELB Representation

 AWS allows either internal or internet facing ELBs and they are associated to subnets that the instances will be on. The CloudCenter platform uses this information by allowing you to select internal or external within each ELB tier of the CloudCenter application profile. From there, the subnet for the ELB is determined by where the application tier instances are instantiated.

Refer to the Amazon Documentation for additional context.

Availability Zones and Sets

  • API

    • Description: Details about the AWS Network Interface Cards (NICs) configuration. See IP Allocation Mode for additional details. The concept of Availability Sets and Zones in AWS is mapped to the subnet as you can have multiple subnets for a each zone. So you must input the list of subnets as the input for an availability set. During an API job deployment, the availability set input is provided as part of the NIC information. To be more specific the first NIC will contain the information as the comma separated subnet list as shown in the example.

    • Type: Object

      • Description: The network identifier for each required tier.
      • Type: String

      Required (if configured in your application profile)

      • Description: Identifies the allocation strategy used to configure the NIC for an AWS cloud
      • Type: Enumeration

        DHCP (default)This strategy allows the IP to be allocated by the DHCP server to the instance on server boot up. This IP address is not known prior to server boot up.
        Pre-allocate IP

        This strategy allows the cloud infrastructure IP allocation to be dynamically provided before the server boots up. This strategy is specific to the following OpenStack applications:

        • CISCO CSR1000: Configuration drive file IP populated with the pre-allocated IPs known before server boot up.
        • CISCO F5 Load Balancer: Multiple NIC support.
        Static IP (only CloudCenter 3.x)
        This strategy allows the customer to provide the IP address. As this IP address may or may not be available to the server (based on the availability), you must perform adequate checks to ensure IP availability before using this strategy.

      • Description: The number at which a resource is to be attached. When updating a phase, use this order to re-order the resource to a different position in the array of resources.
      • Type: Long

      Required (if configured in your application profile)

      • Description: The type of network for this NIC. A corresponding list of domains are attached to each option.
      • Type: Enumeration

        NETWORKA private network that supports IP ranges which overlap with another private network
        BRIDGE_DOMAINA set of logical ports that share the same flooding or broadcast characteristics. Used for ACI environments.
    • Example 1: Using DHCP allocation mode

      "nics": [
                    "order": 1,
                    "allocationMode": "DHCP",
                    "allocatePublicIp": "true",
                    "id": "subnet-bf7c40cb,subnet-dc3c45f4"
    • Example2: Using Static IP allocation mode

      Attach the static private address to the NIC when you Create Cloud Instance Type instance create then use that address instead of using the DHCP allocationMode.

    • Example 3: Using IPv6 Address

      When allocating firewall rules, CloudCenter supports IPv6, in addition to IPv4, addresses in the source for app profile, tenant, and security profiles. When you assign IPv6 addresses, the CloudCenter platform validates the security rule source before accepting the IPv6 address. This support is restricted to AWS and OpenStack clouds. If you provide an invalid IPv4/6 IP address, then the CloudCenter platform rejects the deployment as invalid. See IP Allocation Mode for additional details.

            "assignIpv6Address": "true",
    • Example 4: Using Multiple NICs

      AWS support multiple NICs across subnets in the same availability zone

       ] } ] } ] 

© 2017-2019 Cisco Systems, Inc. All rights reserved