An IAM user with AdministratorAccess and programmatic access (see security if you'd like to use less privileged credentials after spinning up your cluster)
# install the CLIpipinstallcortex# spin up Cortex on your AWS accountcortexclusterup# or: cortex cluster up --config cluster.yaml (see configuration options below)
Configure Cortex
# cluster.yaml# EKS cluster namecluster_name:cortex# AWS regionregion:us-east-1# list of availability zones for your regionavailability_zones:# default: 3 random availability zones in your region, e.g. [us-east-1a, us-east-1b, us-east-1c]# instance typeinstance_type:m5.large# minimum number of instancesmin_instances:1# maximum number of instancesmax_instances:5# disk storage size per instance (GB)instance_volume_size:50# instance volume type [gp2 | io1 | st1 | sc1]instance_volume_type:gp2# instance volume iops (only applicable to io1)# instance_volume_iops: 3000# subnet visibility [public (instances will have public IPs) | private (instances will not have public IPs)]subnet_visibility:public# NAT gateway (required when using private subnets) [none | single | highly_available (a NAT gateway per availability zone)]
nat_gateway:none# API load balancer scheme [internet-facing | internal]api_load_balancer_scheme:internet-facing# operator load balancer scheme [internet-facing | internal]# note: if using "internal", you must configure VPC Peering to connect your CLI to your cluster operatoroperator_load_balancer_scheme:internet-facing# to install Cortex in an existing VPC, you can provide a list of subnets for your cluster to use# subnet_visibility (specified above in this file) must match your subnets' visibility# this is an advanced feature (not recommended for first-time users) and requires your VPC to be configured correctly; see https://eksctl.io/usage/vpc-networking/#use-existing-vpc-other-custom-configuration
# here is an example:# subnets:# - availability_zone: us-west-2a# subnet_id: subnet-060f3961c876872ae# - availability_zone: us-west-2b# subnet_id: subnet-0faed05adf6042ab7# additional tags to assign to AWS resources (all resources will automatically be tagged with cortex.dev/cluster-name: <cluster_name>)
tags:# <string>: <string> map of key/value pairs# enable spot instancesspot:false# SSL certificate ARN (only necessary when using a custom domain)ssl_certificate_arn:# List of IAM policies to attach to your Cortex APIsiam_policy_arns: ["arn:aws:iam::aws:policy/AmazonS3FullAccess"]# primary CIDR block for the cluster's VPCvpc_cidr:192.168.0.0/16
The docker images used by the Cortex cluster can also be overridden, although this is not common. They can be configured by adding any of these keys to your cluster configuration file (default values are shown):