Onboarding Flow for ZUS Cache (AWS Marketplace)

The onboarding process allows enterprise users to subscribe to ZUS Cache via the AWS Marketplace and provision a ZUS cluster using the Blimp Software UI.

Prerequisites

  • AWS EC2 vCPU Quota

    • You must have sufficient EC2 vCPU quota in your chosen AWS region for the required instance families (c5n and c6i) based on your selected cluster ratio.

    • AWS enforces vCPU limits per instance family, which may block provisioning if limits are too low.

Request ~20% higher quota than required for buffer.

Reference guide:

AWS vCPU Limit Prerequisites for SaaS Product

  • IAM Policy Requirements

    • Before onboarding, create an IAM policy in your AWS account with the following permissions to allow Blimp to provision and manage ZUS Cache infrastructure: File: zus-cache-policy.json 

{
  "Version": "2012-10-17",
  "Statement": [
    { "Sid": "VPCManagement", "Effect": "Allow", "Action": [ "ec2:CreateVpc", "ec2:ModifyVpcAttribute", "ec2:DeleteVpc", "ec2:DescribeVpcs", "ec2:DescribeVpcAttribute", "ec2:DescribeAccountAttributes", "ec2:DescribeNetworkInterfaces" ], "Resource": "*" },
    { "Sid": "SubnetManagement", "Effect": "Allow", "Action": [ "ec2:CreateSubnet", "ec2:ModifySubnetAttribute", "ec2:DeleteSubnet", "ec2:DescribeSubnets" ], "Resource": "*" },
    { "Sid": "InternetGatewayManagement", "Effect": "Allow", "Action": [ "ec2:CreateInternetGateway", "ec2:AttachInternetGateway", "ec2:DetachInternetGateway", "ec2:DeleteInternetGateway", "ec2:DescribeInternetGateways" ], "Resource": "*" },
    { "Sid": "RouteTableManagement", "Effect": "Allow", "Action": [ "ec2:CreateRouteTable", "ec2:AssociateRouteTable", "ec2:DisassociateRouteTable", "ec2:CreateRoute", "ec2:ReplaceRoute", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DescribeRouteTables" ], "Resource": "*" },
    { "Sid": "SecurityGroupManagement", "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup", "ec2:DescribeSecurityGroups" ], "Resource": "*" },
    { "Sid": "EC2InstanceManagement", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute" ], "Resource": "*" },
    { "Sid": "TagManagement", "Effect": "Allow", "Action": ["ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags"], "Resource": "*" },
    { "Sid": "AMIAndZoneAccess", "Effect": "Allow", "Action": ["ec2:DescribeImages", "ec2:DescribeAvailabilityZones"], "Resource": "*" },
    { "Sid": "EBSVolumeManagement", "Effect": "Allow", "Action": [ "ec2:CreateVolume", "ec2:ModifyVolume", "ec2:AttachVolume", "ec2:DetachVolume", "ec2:DeleteVolume", "ec2:DescribeVolumes" ], "Resource": "*" }
  ]
}

Step by Step Flow:

Step 1: Register on Blimp

Before subscribing to the ZUS Cache product, users must register on the Blimp platform.

Once registered and logged in, the user should navigate to the Enterprise section of the Blimp dashboard.

Step 2: Subscribe to ZUS Cache via AWS Marketplace

Within the Enterprise section of Blimp, a “Subscribe on AWS Marketplace” button is located under the ZUS Cache module.

  • Click the button — the user will be redirected to the ZUS Cache AWS Marketplace

    listing.

  • Complete the subscription flow on AWS Marketplace.

  • Upon successful subscription, AWS will redirect the user to Blimp with a temporary AWS Marketplace token appended to the URL. Redirect format: https://www.blimp.software/?token=[token]

Step 3: Handle AWS Marketplace Redirect

Upon redirect back to Blimp:

  • The user lands on the Blimp Software dashboard.

  • A pop-up dialog appears automatically requesting AWS role information.

Step 4: Provide AWS Assume Role Details

The user must provide the following details in the pop-up:

  • AWS Assume Role ARN

  • AWS External ID

To create AWS Assume Role and external ID for ZUS Cache, you can refer to the following guide: How to create an AWS IAM Role for SaaS access

These values are essential for securely provisioning infrastructure in the user’s AWS account using the best practices encouraged by AWS.

Step 5: Choose ZUS Cluster Configuration

The pop-up also asks the user to select the desired cluster configuration. Each optio represents a combination of Data Blobbers and Parity Blobbers:

Options
Data Blobbers
Parity Blobbers
Cluster Ratio

2/1

2

1

2:1

4/1

4

1

4:1

8/1

8

1

8:1

The user selects a configuration based on data durability and performance needs.

Step 6: Provisioning ZUS Cache Cluster

After submitting the form:

  • The Blimp backend uses the provided AWS Assume Role credentials.

  • It triggers an automated provisioning pipeline to deploy ZUS Cache Blobbers into the user’s AWS account.

  • Cluster details and status will be displayed on the ZUS Dashboard inside Blimp once provisioning is complete.

Once provisioning is successful:

  • The user can begin uploading and retrieving data via ZUS Cache.

  • All management tasks, logs, and monitoring are available via the Blimp platform.

    Resources

PreviousAWS vCPU Limit Prerequisites for SaaS ProductNextChimney

Last updated