# Provision Flow for ZUS Cache (AWS Marketplace) The provision flow is used when an existing Blimp user wants to provision additional ZUS Cache clusters in their AWS account. Unlike onboarding, this flow does not require registration on the Blimp platform. However, the user must have already completed the onboarding flow at least once. ### Prerequisites To proceed with the provision flow: * The user must have a valid account on Blimp Software. * The user must have already subscribed to the ZUS Cache product via AWS Marketplace. * The user must have previously saved AWS Assume Role ARN and External ID, or must provide them again during provisioning. If the previously saved Assume Role was deleted or revoked, users must re-enter valid AWS credentials. * **AWS EC2 vCPU Quota** * You must have sufficient EC2 vCPU quota in your chosen AWS region for the required instance families (`c5n` and `c6i`) based on your selected cluster ratio. * AWS enforces vCPU limits per instance family, which may block provisioning if limits are too low. {% hint style="info" %} Request \~20% higher quota than required for buffer. {% endhint %} **Reference guide:** {% content-ref url="/pages/HvHbJkxLdJJvdt6WtUNM" %} [AWS vCPU Limit Prerequisites for SaaS Product](/zus-docs/system-overview/cloud-deployments/aws-vcpu-limit-prerequisites-for-saas-product.md) {% endcontent-ref %} * **IAM Policy Requirements** * Before onboarding, create an IAM policy in your AWS account with the following permissions to allow Blimp to provision and manage ZUS Cache infrastructure: **File:** `zus-cache-policy.json` ```json { "Version": "2012-10-17", "Statement": [ { "Sid": "VPCManagement", "Effect": "Allow", "Action": [ "ec2:CreateVpc", "ec2:ModifyVpcAttribute", "ec2:DeleteVpc", "ec2:DescribeVpcs", "ec2:DescribeVpcAttribute", "ec2:DescribeAccountAttributes", "ec2:DescribeNetworkInterfaces" ], "Resource": "*" }, { "Sid": "SubnetManagement", "Effect": "Allow", "Action": [ "ec2:CreateSubnet", "ec2:ModifySubnetAttribute", "ec2:DeleteSubnet", "ec2:DescribeSubnets" ], "Resource": "*" }, { "Sid": "InternetGatewayManagement", "Effect": "Allow", "Action": [ "ec2:CreateInternetGateway", "ec2:AttachInternetGateway", "ec2:DetachInternetGateway", "ec2:DeleteInternetGateway", "ec2:DescribeInternetGateways" ], "Resource": "*" }, { "Sid": "RouteTableManagement", "Effect": "Allow", "Action": [ "ec2:CreateRouteTable", "ec2:AssociateRouteTable", "ec2:DisassociateRouteTable", "ec2:CreateRoute", "ec2:ReplaceRoute", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DescribeRouteTables" ], "Resource": "*" }, { "Sid": "SecurityGroupManagement", "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup", "ec2:DescribeSecurityGroups" ], "Resource": "*" }, { "Sid": "EC2InstanceManagement", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute" ], "Resource": "*" }, { "Sid": "TagManagement", "Effect": "Allow", "Action": ["ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags"], "Resource": "*" }, { "Sid": "AMIAndZoneAccess", "Effect": "Allow", "Action": ["ec2:DescribeImages", "ec2:DescribeAvailabilityZones"], "Resource": "*" }, { "Sid": "EBSVolumeManagement", "Effect": "Allow", "Action": [ "ec2:CreateVolume", "ec2:ModifyVolume", "ec2:AttachVolume", "ec2:DetachVolume", "ec2:DeleteVolume", "ec2:DescribeVolumes" ], "Resource": "*" } ] } ``` ### Step by Step Flow: #### 1. Log in to Blimp Software The user logs in to using existing credentials. #### 2. Navigate to ZUS Cache → Provision New Cluster (Need to be change based on UI) In the Enterprise section, under the ZUS Cache module, the user can click “Provision New Cluster”. #### 3. Providing the AWS Assume Role and External ID If AWS Assume Role ARN and External ID are still valid, just leave as it is; otherwise, provide new values in the respective fields {% hint style="info" %} To create AWS Assume Role and external ID for ZUS Cache, you can refer to the following guide: [How to create an AWS IAM Role for SaaS access](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html) {% endhint %} These values are essential for securely provisioning infrastructure in the user’s AWS account using the best practices encouraged by AWS. #### 4. Choose Cluster Configuration User selects the desired cluster configuration: | Options | Data Blobbers | Parity Blobbers | Cluster Ratio | | ------- | ------------- | --------------- | ------------- | | 2/1 | 2 | 1 | 2:1 | | 4/1 | 4 | 1 | 4:1 | | 8/1 | 8 | 1 | 8:1 | #### 5. Cluster Provisioning Once the form is submitted, Blimp will use the provided (or previously saved) credentials. * The system automatically provisions the new ZUS Cache cluster in the user’s AWS account. * Provisioning status and cluster information will be shown in the ZUS Dashboard. The user now has access to the newly provisioned cluster. All clusters can be viewed and managed from the Blimp platform. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.zus.network/zus-docs/system-overview/cloud-deployments/provision-flow-for-zus-cache-aws-marketplace.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.