From 71a1ad0a588350075eef2cb95e2f8cb7e2e77a3b Mon Sep 17 00:00:00 2001 From: Aneesh Karve Date: Mon, 2 Oct 2023 12:39:38 -0700 Subject: [PATCH] Add docs on EDP networking (#3739) --- .../event-driven-packaging.md | 26 ++++++++++++++----- 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/docs/advanced-features/event-driven-packaging.md b/docs/advanced-features/event-driven-packaging.md index e7d61b09db9..89c0ee98dfa 100644 --- a/docs/advanced-features/event-driven-packaging.md +++ b/docs/advanced-features/event-driven-packaging.md @@ -33,15 +33,29 @@ for all S3 buckets to be monitored by EDP. ## Deployment -EDP is deployed by a standalone CloudFormation template that -configures the conditions under which events get generated. The -following template parameters are required: +EDP deploys Lambda and RDS resources to monitor S3 and generate EventBridge +events under user-configurable conditions. + +### Networking + +* Lambda and RDS resources are placed in the `VPC` and `Subnets` that you provide. +* `Subnets` are normally private and must be able to reach Amazon services +such as EventBridge via port 443 (e.g. by means of a NAT gateway, or VPC +endpoint). +* `SecurityGroup` should allow outbound access to AWS services on port 443. +Does not need inbound access. + + +### Parameters + +EDP is deployed by a standalone CloudFormation template with the following +parameters: | Parameter | Description | | ------------- | ------------- | -| `VPC` | Same as existing Quilt stack. | -| `SecurityGroup` | Same as existing Quilt stack. | -| `Subnets` | Same two subnets as existing Quilt stack. | +| `VPC` | For EDP resources and Subnets. | +| `Subnets` | For EDP Lambda, RDS (see above for configuration). | +| `SecurityGroup` | For EDP Lambdas (see above for configuration). | | `BucketName` | Name of the Amazon S3 bucket to monitor. | | `BucketIgnorePrefixes` | Text string of comma separated bucket path segments to ignore, for example `raw/*, scratch/*`. Default value is an empty string (i.e. nothing ignored). | | `BucketPrefixDepth` | The number of `/`-separated *common* path segments at the beginning of an S3 object key. Default value is `2`. |