| title | summary | toc | toc_not_nested | ssh-link |
|---|---|---|---|---|
Deploy CockroachDB on AWS EC2 |
Learn how to deploy CockroachDB on Amazon's AWS EC2 platform. |
false |
true |
This page shows you how to manually deploy a secure multi-node CockroachDB cluster on Amazon's AWS EC2 platform, using AWS's managed load balancing service to distribute client traffic.
If you are only testing CockroachDB, or you are not concerned with protecting network communication with TLS encryption, you can use an insecure cluster instead. Select Insecure above for instructions.
{% include prod_deployment/secure-requirements.md %}
{% include prod_deployment/secure-recommendations.md %}
- All instances running CockroachDB should be members of the same Security Group.
CockroachDB requires TCP communication on two ports:
26257for inter-node communication (i.e., working as a cluster), for applications to connect to the load balancer, and for routing from the load balancer to nodes8080for exposing your Admin UI
You can create these rules using Security Groups' Inbound Rules.
| Field | Recommended Value |
|---|---|
| Type | Custom TCP Rule |
| Protocol | TCP |
| Port Range | 26257 |
| Source | The name of your security group (e.g., sg-07ab277a) |
| Field | Recommended Value |
|---|---|
| Type | Custom TCP Rule |
| Protocol | TCP |
| Port Range | 8080 |
| Source | Your network's IP ranges |
| Field | Recommended Value |
|---|---|
| Type | Custom TCP Rules |
| Protocol | TCP |
| Port Range | 26257 |
| Source | Your application's IP ranges |
Create an instance for each node you plan to have in your cluster.
-
Run at least 3 nodes to ensure survivability.
-
Use
m(general purpose),c(compute-optimized), ori(storage-optimized) instances, with SSD-backed EBS volumes or Instance Store volumes. For example, Cockroach Labs has usedm3.largeinstances (2 vCPUs and 7.5 GiB of RAM per instance) for internal testing. -
Do not use "burstable"
t2instances, which limit the load on a single core.
For more details, see Hardware Recommendations and Cluster Topology.
{% include prod_deployment/synchronize-clocks.md %}
Each CockroachDB node is an equally suitable SQL gateway to your cluster, but to ensure client performance and reliability, it's important to use load balancing:
-
Performance: Load balancers spread client traffic across nodes. This prevents any one node from being overwhelmed by requests and improves overall cluster performance (queries per second).
-
Reliability: Load balancers decouple client health from the health of a single CockroachDB node. In cases where a node fails, the load balancer redirects client traffic to available nodes.
AWS offers fully-managed load balancing to distribute traffic between instances.
- Add AWS load balancing. Be sure to:
- Set forwarding rules to route TCP traffic from the load balancer's port 26257 to port 26257 on the nodes.
- Configure health checks to use HTTP port 8080 and path
/health?ready=1. This health endpoint ensures that load balancers don't direct traffic to nodes that are live but not ready to receive requests.
- Note the provisioned IP Address for the load balancer. You'll use this later to test load balancing and to connect your application to the cluster.
{{site.data.alerts.callout_info}}If you would prefer to use HAProxy instead of AWS's managed load balancing, see the On-Premises tutorial for guidance.{{site.data.alerts.end}}
{% include prod_deployment/secure-generate-certificates.md %}
{% include prod_deployment/secure-start-nodes.md %}
{% include prod_deployment/secure-initialize-cluster.md %}
{% include prod_deployment/secure-test-cluster.md %}
{% include prod_deployment/secure-test-load-balancing.md %}
{% include prod_deployment/use-cluster.md %}
{% include prod_deployment/monitor-cluster.md %}
{% include prod_deployment/secure-scale-cluster.md %}
{% include prod_deployment/prod-see-also.md %}