Automation Suite
2023.10
false
AWS deployment architecture - Automation Suite 2023.10
Banner background image
logo
Automation Suite on Linux Installation Guide
Last updated Feb 13, 2024

AWS deployment architecture

Architecture diagram



Complete component list

Entry points

  • Main stack – principal entry point:
    • Network stack
    • Uipath-sf stack
  • Uipath-sf stack

Nested stacks

  • Uipath-sf:

    • SSL stack
    • Routing stack
    • Server stack
    • Database stack
    • Backup stack
    • Management stack
    • Lambda functions (AWS::Lambda::Function):
      • FindAMIFunction – for finding a matching AMI Id.
      • CreateInputJsonFunction – for creating the configuration used by the Automation Suite installer.
      • ComputeResourceSizeFunction – for computing the minimum EC2 instances hardware configuration needed, based on the selected services and deployment type.
    • IAM roles (AWS::IAM::Role) for the Lamdda functions to provide minimum permissions:
      • FindAmiLambdaRole
      • CreateInputJsonLambdaRole
      • ComputeResourceSizeLambdaRole
    • Secrets (AWS::SecretsManager::Secret) to store sensitive information:
      • RDSPassword
      • OrgSecret
      • PlatformSecret
      • ArgoCdSecret
      • ArgoCdUserSecret
      • InputJsonSecret
      • KubeconfigSecret
    • SSL Stack (optional)
  • Network stack (optional)
  • Backup stack (optional):

    • ClusterBackupStorage (AWS::EFS::FileSystem) – Amazon Elastic File System used to store the backup.
    • SharedStorageSecurityGroup (AWS::EC2::SecurityGroup) – Security group used to allow NFS network connections from the cluster nodes.
    • SharedStorageMountTargetOne (AWS::EFS::MountTarget) – Resource that creates the mount target for the EFS file system and the first private subnet.
    • SharedStorageMountTargetTwo (AWS::EFS::MountTarget) – Resource that creates the mount target for the EFS file system and the second private subnet.
    • SharedStorageMountTargetThree (AWS::EFS::MountTarget) – Optional resource that creates the mount target for the EFS file system and the third private subnet.
  • Database stack:
    • RDSDBInstance (AWS::RDS::DBInstance) – The Amazon RDS DB instance. The DB SKU is db.m5.2xlarge.
    • DBSubnetGroup (AWS::RDS::DBSubnetGroup) – Private subnet group that contains the private subnets.
    • DbSecurityGroup (AWS::EC2::SecurityGroup) – Security Group allowing access to the DB instance.
    • PMRDSDBInstance (AWS::RDS::DBInstance) – Dedicated Amazon RDS DB instance for Process Mining. Only deployed when Process Mining is enabled and the deployment is Multi Node. The DB SKU is db.m5.4xlarge.
  • Routing stack:NOTE: The Alb and Nlb stacks are mutually exclusive configurations
    • Alb stack:
      • ExternalLoadBalancer (AWS::ElasticLoadBalancingV2::LoadBalancer) – Application load balancer used to distribute Automation Suite traffic. It can be internal or internet-facing.
      • ELBSecurityGroup (AWS::EC2::SecurityGroup) – The security group applied to the load balancer.
      • HttpsTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group of the load balancer.
      • HttpsListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the load balancer.
    • Nlb stack:
      • ExternalLoadBalancer (AWS::ElasticLoadBalancingV2::LoadBalancer) – Network load balancer used to distribute Automation Suite traffic. It can be internal or internet-facing.
      • TcpTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group of the load balancer.
      • TcpListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the load balancer.
    • KubeLoadBalancer (AWS::ElasticLoadBalancingV2::LoadBalancer) – Private network load balancer used for node registration.
    • KubeApiTcpTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group for the node registration traffic of the KubeLoadBalancer.
    • KubeApiTcpListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the node registration traffic of the KubeLoadBalancer.
    • Rke2RegistrationTcpTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group for the node registration traffic of the KubeLoadBalancer.
    • Rke2RegistrationTcpListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the node registration traffic of the KubeLoadBalancer.
    • RootRecordSet (AWS::Route53::RecordSet) – DNS A record for the FQDN.
    • SubdomainRecordSet (AWS::Route53::RecordSet) – DNS A record for the subdomains of the FQDN.
  • Management stack:
    • LifecycleAutomationLogs (AWS::Logs::LogGroup) – Log group for logging events from the SSM automation.
    • ClusterOperationsAutomationLogs – Log group for logging events related to cluster operations.
    • OnDemandRestoreStateMachine (AWS::StepFunctions::StateMachine) – Step function used to orchestrate the restore flow.
    • SSM Documents (AWS::SSM::Document) sets of steps used to provide graceful node removal:
      • ServerRemoveInstanceDocument
      • AgentRemoveInstanceDocument
      • UpdateAMIDocument – Updates the AMI ID for the Auto Scaling Groups.
      • RegisterAiCenter – Registers AI Center to an external Orchestrator provided at deployment time.
      • OnDemandBackup – Creates a manual snapshot of the Automation Suite cluster.
      • GetBackupList – Retrieves all available snapshots for the Automation Suite cluster.
      • OnDemandRestoreDocument – Restores the Automation Suite cluster from a given snapshot.
    • Autoscaling Lyfecycle hooks (AWS::AutoScaling::LifecycleHook) that allow us to run the SSM documents when an EC2 instance receives an instance termination event:
      • ServerAsgLifeCycleHookTerminating
      • AgentAsgLifeCycleHookTerminating
      • AsRobotsAsgLifeCycleHookTerminating
    • Event rules (AWS::Events::Rule) that trigger the execution of the SSM Documents:
      • ServerTerminateEventRule
      • AgentTerminateEventRule
      • AsRobotsTerminateEventRule
    • IAM roles (AWS::IAM::Role) needed for running SSM Documents and adding logs to the Log Group:
      • AutomationAssumeRole
      • EventsBridgeAssumeRole
      • StateMachinesAssumeRole
    • Server stack:
    • ServerLaunchConfiguration (AWS::EC2::LaunchTemplate) – EC2 instance configuration for the server nodes. Disk configuration:
      • OS disk – sku gp3, capacity 256GiB
      • Cluster disk – sku gp3, capacity 300GiB
      • etcd disk – sku io1, capacity 32GiB
      • Data disk – sku gp3, capacity 512GiB regardless of the selected services.
      • Objectstore disk – sku gp3, capacity 512GiB
      • Optional disk for Automation Suite Robots package caching – sku gp3, capacity 32GiB. The disk is deployed only if the the Automation Suite Robots service is enabled in a single-node deployment
    • AgentLaunchConfiguration (AWS::EC2::LaunchTemplate) – EC2 instance configuration for the agent nodes. Disk configuration:
      • OS disk – sku gp3, capacity 128GiB
      • Cluster disk – sku gp3, capacity 256GiB
    • ASRobotsLaunchTemplate (AWS::EC2::LaunchTemplate) – EC2 instance configuration for the ASRobots nodes. Disk configuration:
      • OS disk – sku gp3, capacity 128GiB
      • Cluster disk – sku gp3, capacity 256GiB
      • Robot package caching disk - sku gp3, capacity 32GiB
    • GpuEnabledNode (AWS::EC2::Instance) – Optional GPU node. It has the same disk configuration as an agent.
    • TaskMiningNode (AWS::EC2::Instance) - Optional Task Mining node. Deployed only if the Task Mining service is selected. It has the same disk configuration as an agent.
    • BastionHost (AWS::EC2::Instance) – Optional EC2 instance used to SSH to cluster nodes. It has the t3.large instance type and a 200GiB gp3 disk.
    • ServerAutoScalingGroup (AWS::AutoScaling::AutoScalingGroup) – Auto scaling group for the servers.
    • AgentAutoScalingGroup (AWS::AutoScaling::AutoScalingGroup) – Auto scaling group for the agents.
    • ASRobotsAutoScalingGroup – Auto scaling Group for dedicated Automation Suite Robots nodes. The capacity of this scaling group is 1 if the deployment is Multi Node and the Automation Suite Robots service is enabled, and 0 otherwise.
    • Optional ServiceFabricIamRole (AWS::IAM::Role) that has permissions to:
      • write logs
      • read EC2 instances configurations
      • download AWS Quickstart resources
      • access the Automation Suite installation configuration secret
      • access the cluster kubeconfig configuration secret
    • ServiceFabricSecurityGroup (AWS::EC2::SecurityGroup) – Security Group allowing access to UiPath applications.
    • BastionSecurityGroup (AWS::EC2::SecurityGroup) – Optional Security Group allowing SSH access to Bastion
    • AsgProcessModifierFunction (AWS::Lambda::Function) – Used to modify the ASG processes during CF stack creation.
    • AsgProcessModificationRole (AWS::IAM::Role) – IAM role to provide minimum permissions for the AsgProcessModifierFunction
    • SSM parameters (AWS::SSM::Parameter):
      • InstanceAMIIdSSMParameter – Stores the AMI ID of the nodes.
      • InstanceAMIImageNameSSMParameter – Holds the Image Name used at deployment time or updated via the UpdateAMIDocument.
    • Autoscaling Lyfecycle hooks (AWS::AutoScaling::LifecycleHook) that allow us to transition EC2 instances to InService state after the installer succeeded:
      • ServerAsgLifeCycleHookLaunching
      • AgentAsgLifeCycleHookLaunching
      • ASRobotsAsgLifeCycleHookLaunching

Deployment and instance type mapping

The template dynamically computes the hardware needed for the deployment as follows:

  • Depending on the services installed, it sets minimum requirements at cluster level.
  • Depending on the deployment profile (multi-node or single-node profile), it sets minimum requirements for a single VM.
  • Selects the instance types based on their availability in the region you deploy and the aforementioned requirements.

The following table shows the mappings between deployment and possible instance types:

Deployment type

Instance types

Single-node, services selection that needs less than 16 CPUs

c5.4xlarge, c5a.4xlarge, m5.4xlarge, m5a.4xlarge

Single-node, services selection that needs more than 16 CPUs

c5a.8xlarge, c5.9xlarge, m5.8xlarge

Multi-node, services selection that needs less than 48 CPUs

c5.4xlarge, c5a.4xlarge, m5.4xlarge, m4.4xlarge

Multi-node, services selection that needs more than 48 CPUs

c5a.8xlarge, c5.9xlarge, m5.8xlarge, m5a.8xlarge
  • Architecture diagram
  • Complete component list
  • Entry points
  • Nested stacks
  • Deployment and instance type mapping
Support and Services icon
Get The Help You Need
UiPath Academy icon
Learning RPA - Automation Courses
UiPath Forum icon
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.