Subscribe

UiPath Automation Suite

The UiPath Automation Suite Guide

AWS deployment architecture

This page gives insight into the architecture and the required components of an AWS deployment.

Architecture diagram


989

 

Complete component list


Entry points

  • Main stack – principal entry point:
    • Network stack
    • Uipath-sf stack
  • Uipath-sf stack

Nested stacks

  • Uipath-sf:
    • SSL stack
    • Routing stack
    • Server stack
    • Database stack
    • Backup stack
    • Management stack
    • Lambda functions (AWS::Lambda::Function):
      • FindAMIFunction – for finding a matching AMI Id.
      • CreateInputJsonFunction – for creating the configuration used by the Automation Suite installer.
      • ComputeResourceSizeFunction – for computing the minimum EC2 instances hardware configuration needed, based on the selected services and deployment type.
    • IAM roles (AWS::IAM::Role) for the Lamdda functions to provide minimum permissions:
      • FindAmiLambdaRole
      • CreateInputJsonLambdaRole
      • ComputeResourceSizeLambdaRole
    • Secrets (AWS::SecretsManager::Secret) to store sensitive information:
      • RDSPassword
      • OrgSecret
      • PlatformSecret
      • ArgoCdSecret
      • ArgoCdUserSecret
      • InputJsonSecret
      • KubeconfigSecret
  • SSL Stack (optional)
  • Network stack (optional)
  • Backup stack (optional):
    • ClusterBackupStorage (AWS::EFS::FileSystem) – Amazon Elastic File System used to store the backup.
    • SharedStorageSecurityGroup (AWS::EC2::SecurityGroup) – Security group used to allow NFS network connections from the cluster nodes.
    • SharedStorageMountTargetOne (AWS::EFS::MountTarget) – Resource that creates the mount target for the EFS file system and the first private subnet.
    • SharedStorageMountTargetTwo (AWS::EFS::MountTarget) – Resource that creates the mount target for the EFS file system and the second private subnet.
    • SharedStorageMountTargetThree (AWS::EFS::MountTarget) – Optional resource that creates the mount target for the EFS file system and the third private subnet.
  • Database stack:
    • RDSDBInstance (AWS::RDS::DBInstance) – The Amazon RDS DB instance. The DB SKU is db.m5.2xlarge.
    • DBSubnetGroup (AWS::RDS::DBSubnetGroup) – Private subnet group that contains the private subnets.
    • DbSecurityGroup (AWS::EC2::SecurityGroup) – Security Group allowing access to the DB instance.
    • PMRDSDBInstance (AWS::RDS::DBInstance) – Dedicated Amazon RDS DB instance for Process Mining. Only deployed when Process Mining is enabled and the deployment is Multi Node. The DB SKU is db.m5.4xlarge.
  • Routing stack:
    NOTE: The Alb and Nlb stacks are mutually exclusive configurations
    • Alb stack:
      • ExternalLoadBalancer (AWS::ElasticLoadBalancingV2::LoadBalancer) – Application load balancer used to distribute Automation Suite traffic. It can be internal or internet-facing.
      • ELBSecurityGroup (AWS::EC2::SecurityGroup) – The security group applied to the load balancer.
      • HttpsTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group of the load balancer.
      • HttpsListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the load balancer.
    • Nlb stack:
      • ExternalLoadBalancer (AWS::ElasticLoadBalancingV2::LoadBalancer) – Network load balancer used to distribute Automation Suite traffic. It can be internal or internet-facing.
      • TcpTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group of the load balancer.
      • TcpListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the load balancer.
    • KubeLoadBalancer (AWS::ElasticLoadBalancingV2::LoadBalancer) – Private network load balancer used for node registration.
    • KubeApiTcpTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group for the node registration traffic of the KubeLoadBalancer.
    • KubeApiTcpListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the node registration traffic of the KubeLoadBalancer.
    • Rke2RegistrationTcpTargetGroup (AWS::ElasticLoadBalancingV2::TargetGroup) – The target group for the node registration traffic of the KubeLoadBalancer.
    • Rke2RegistrationTcpListener (AWS::ElasticLoadBalancingV2::Listener) – The listener for the node registration traffic of the KubeLoadBalancer.
    • RootRecordSet (AWS::Route53::RecordSet) – DNS A record for the FQDN.
    • SubdomainRecordSet (AWS::Route53::RecordSet) – DNS A record for the subdomains of the FQDN.
  • Management stack:
    • LifecycleAutomationLogs (AWS::Logs::LogGroup) – Log group for logging events from the SSM automation.
    • ClusterOperationsAutomationLogs – Log group for logging events related to cluster operations.
    • OnDemandRestoreStateMachine (AWS::StepFunctions::StateMachine) – Step function used to orchestrate the restore flow.
    • SSM Documents (AWS::SSM::Document) sets of steps used to provide graceful node removal:
      • ServerRemoveInstanceDocument
      • AgentRemoveInstanceDocument
      • UpdateAMIDocument – Updates the AMI ID for the Auto Scaling Groups.
      • RegisterAiCenter – Registers AI Center to an external Orchestrator provided at deployment time.
      • OnDemandBackup – Creates a manual snapshot of the Automation Suite cluster.
      • GetBackupList – Retrieves all available snapshots for the Automation Suite cluster.
      • OnDemandRestoreDocument – Restores the Automation Suite cluster from a given snapshot.
    • Autoscaling Lyfecycle hooks (AWS::AutoScaling::LifecycleHook) that allow us to run the SSM documents when an EC2 instance receives an instance termination event:
      • ServerAsgLifeCycleHookTerminating
      • AgentAsgLifeCycleHookTerminating
      • AsRobotsAsgLifeCycleHookTerminating
    • Event rules (AWS::Events::Rule) that trigger the execution of the SSM Documents:
      • ServerTerminateEventRule
      • AgentTerminateEventRule
      • AsRobotsTerminateEventRule
    • IAM roles (AWS::IAM::Role) needed for running SSM Documents and adding logs to the Log Group:
      • AutomationAssumeRole
      • EventsBridgeAssumeRole
      • StateMachinesAssumeRole
  • Server stack:
    • ServerLaunchConfiguration (AWS::EC2::LaunchTemplate) – EC2 instance configuration for the server nodes. Disk configuration:
      • OS disk – sku gp3, capacity 256GB
      • Cluster disk – sku gp3, capacity 300GB
      • etcd disk – sku io1, capacity 32GB
      • Data disk – sku gp3, capacity 512GB regardless of the selected services.
      • Objectstore disk – sku gp3, capacity 512GB
      • Optional disk for Automation Suite Robots package caching – sku gp3, capacity 32GB. The disk is deployed only if the the Automation Suite Robots service is enabled in a single-node deployment
    • AgentLaunchConfiguration (AWS::EC2::LaunchTemplate) – EC2 instance configuration for the agent nodes. Disk configuration:
      • OS disk – sku gp3, capacity 128GB
      • Cluster disk – sku gp3, capacity 256GB
    • ASRobotsLaunchTemplate (AWS::EC2::LaunchTemplate) – EC2 instance configuration for the ASRobots nodes. Disk configuration:
      • OS disk – sku gp3, capacity 128GB
      • Cluster disk – sku gp3, capacity 256GB
      • Robot package caching disk - sku gp3, capacity 32GB
    • GpuEnabledNode (AWS::EC2::Instance) – Optional GPU node. It has the same disk configuration as an agent.
    • TaskMiningNode (AWS::EC2::Instance) - Optional Task Mining node. Deployed only if the Task Mining service is selected. It has the same disk configuration as an agent.
    • BastionHost (AWS::EC2::Instance) – Optional EC2 instance used to SSH to cluster nodes. It has the t3.large instance type and a 200GB gp3 disk.
    • ServerAutoScalingGroup (AWS::AutoScaling::AutoScalingGroup) – Auto scaling group for the servers.
    • AgentAutoScalingGroup (AWS::AutoScaling::AutoScalingGroup) – Auto scaling group for the agents.
    • ASRobotsAutoScalingGroup – Auto scaling Group for dedicated Automation Suite Robots nodes. The capacity of this scaling group is 1 if the deployment is Multi Node and the Automation Suite Robots service is enabled, and 0 otherwise.
    • Optional ServiceFabricIamRole (AWS::IAM::Role) that has permissions to:
      • write logs
      • read EC2 instances configurations
      • download AWS Quickstart resources
      • access the Automation Suite installation configuration secret
      • access the cluster kubeconfig configuration secret
    • ServiceFabricSecurityGroup (AWS::EC2::SecurityGroup) – Security Group allowing access to UiPath applications.
    • BastionSecurityGroup (AWS::EC2::SecurityGroup) – Optional Security Group allowing SSH access to Bastion
    • AsgProcessModifierFunction (AWS::Lambda::Function) – Used to modify the ASG processes during CF stack creation.
    • AsgProcessModificationRole (AWS::IAM::Role) – IAM role to provide minimum permissions for the AsgProcessModifierFunction
    • SSM parameters (AWS::SSM::Parameter):
      • InstanceAMIIdSSMParameter – Stores the AMI ID of the nodes.
      • InstanceAMIImageNameSSMParameter – Holds the Image Name used at deployment time or updated via the UpdateAMIDocument.
    • Autoscaling Lyfecycle hooks (AWS::AutoScaling::LifecycleHook) that allow us to transition EC2 instances to InService state after the installer succeeded:
      • ServerAsgLifeCycleHookLaunching
      • AgentAsgLifeCycleHookLaunching
      • ASRobotsAsgLifeCycleHookLaunching

 

Deployment and instance type mapping

The template dynamically computes the hardware needed for the deployment as follows:

  • Depending on the services installed, it sets minimum requirements at cluster level.
  • Depending on the deployment profile (multi-node or single-node profile), it sets minimum requirements for a single VM.
  • Selects the instance types based on their availability in the region you deploy and the aforementioned requirements.

The following table shows the mappings between deployment and possible instance types:

Deployment typeInstance types
Single-node, services selection that needs less than 16 CPUsc5.4xlarge, c5a.4xlarge, m5.4xlarge, m5a.4xlarge
Single-node, services selection that needs more than 16 CPUsc5a.8xlarge, c5.9xlarge, m5.8xlarge
Multi-node, services selection that needs less than 48 CPUsc5.4xlarge, c5a.4xlarge, m5.4xlarge, m4.4xlarge
Multi-node, services selection that needs more than 48 CPUsc5a.8xlarge, c5.9xlarge, m5.8xlarge, m5a.8xlarge

Updated 2 months ago


AWS deployment architecture


This page gives insight into the architecture and the required components of an AWS deployment.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.