Provision Flow for ZUS Cache (AWS Marketplace)

The provision flow is used when an existing Blimp user wants to provision additional ZUS Cache clusters in their AWS account.

Unlike onboarding, this flow does not require registration on the Blimp platform. However, the user must have already completed the onboarding flow at least once.

Prerequisites

To proceed with the provision flow:

  • The user must have a valid account on Blimp Software.

  • The user must have already subscribed to the ZUS Cache product via AWS Marketplace.

  • The user must have previously saved AWS Assume Role ARN and External ID, or must provide them again during provisioning. If the previously saved Assume Role was deleted or revoked, users must re-enter valid AWS credentials.

  • AWS EC2 vCPU Quota

    • You must have sufficient EC2 vCPU quota in your chosen AWS region for the required instance families (c5n and c6i) based on your selected cluster ratio.

    • AWS enforces vCPU limits per instance family, which may block provisioning if limits are too low.

Request ~20% higher quota than required for buffer.

Reference guide:

AWS vCPU Limit Prerequisites for SaaS Product

  • IAM Policy Requirements

    • Before onboarding, create an IAM policy in your AWS account with the following permissions to allow Blimp to provision and manage ZUS Cache infrastructure: File: zus-cache-policy.json 

{
  "Version": "2012-10-17",
  "Statement": [
    { "Sid": "VPCManagement", "Effect": "Allow", "Action": [ "ec2:CreateVpc", "ec2:ModifyVpcAttribute", "ec2:DeleteVpc", "ec2:DescribeVpcs", "ec2:DescribeVpcAttribute", "ec2:DescribeAccountAttributes", "ec2:DescribeNetworkInterfaces" ], "Resource": "*" },
    { "Sid": "SubnetManagement", "Effect": "Allow", "Action": [ "ec2:CreateSubnet", "ec2:ModifySubnetAttribute", "ec2:DeleteSubnet", "ec2:DescribeSubnets" ], "Resource": "*" },
    { "Sid": "InternetGatewayManagement", "Effect": "Allow", "Action": [ "ec2:CreateInternetGateway", "ec2:AttachInternetGateway", "ec2:DetachInternetGateway", "ec2:DeleteInternetGateway", "ec2:DescribeInternetGateways" ], "Resource": "*" },
    { "Sid": "RouteTableManagement", "Effect": "Allow", "Action": [ "ec2:CreateRouteTable", "ec2:AssociateRouteTable", "ec2:DisassociateRouteTable", "ec2:CreateRoute", "ec2:ReplaceRoute", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DescribeRouteTables" ], "Resource": "*" },
    { "Sid": "SecurityGroupManagement", "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup", "ec2:DescribeSecurityGroups" ], "Resource": "*" },
    { "Sid": "EC2InstanceManagement", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RebootInstances", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute" ], "Resource": "*" },
    { "Sid": "TagManagement", "Effect": "Allow", "Action": ["ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags"], "Resource": "*" },
    { "Sid": "AMIAndZoneAccess", "Effect": "Allow", "Action": ["ec2:DescribeImages", "ec2:DescribeAvailabilityZones"], "Resource": "*" },
    { "Sid": "EBSVolumeManagement", "Effect": "Allow", "Action": [ "ec2:CreateVolume", "ec2:ModifyVolume", "ec2:AttachVolume", "ec2:DetachVolume", "ec2:DeleteVolume", "ec2:DescribeVolumes" ], "Resource": "*" }
  ]
}

Step by Step Flow:

1. Log in to Blimp Software

The user logs in to https://blimp.software using existing credentials.

2. Navigate to ZUS Cache → Provision New Cluster (Need to be change based on UI)

In the Enterprise section, under the ZUS Cache module, the user can click “Provision New Cluster”.

3. Providing the AWS Assume Role and External ID

If AWS Assume Role ARN and External ID are still valid, just leave as it is; otherwise, provide new values in the respective fields

To create AWS Assume Role and external ID for ZUS Cache, you can refer to the following guide: How to create an AWS IAM Role for SaaS access

These values are essential for securely provisioning infrastructure in the user’s AWS account using the best practices encouraged by AWS.

4. Choose Cluster Configuration

User selects the desired cluster configuration:

Options
Data Blobbers
Parity Blobbers
Cluster Ratio

2/1

2

1

2:1

4/1

4

1

4:1

8/1

8

1

8:1

5. Cluster Provisioning

Once the form is submitted, Blimp will use the provided (or previously saved) credentials.

  • The system automatically provisions the new ZUS Cache cluster in the user’s AWS account.

  • Provisioning status and cluster information will be shown in the ZUS Dashboard.

The user now has access to the newly provisioned cluster. All clusters can be viewed and managed from the Blimp platform.

PreviousUsing CLI to backup files into Blimp + ZS3 ServerNextAWS vCPU Limit Prerequisites for SaaS Product

Last updated