EC2 Requirements for Docker based Roost

Roost Pilot Setup (Single EC2 Instance) 

 Architecture of RoostGPT stack running in single instance: 

 

 

 Using Terraform: 

 To accomplish POC from single EC2 instance where RoostGPT can be setup, you can run below terraform scripts: 

 Link: https://github.com/roost-io/install/tree/demo/terraform/aws/bedrockdemo 

 Prerequisites: 

 

 

 VPC ID where instance would be created 

 

 

 Public Subnet ID. 

 

 

 Configure AWS profile into launched server, either by setting AWS_ACCESS_KEY and AWS_SECRET_KEY_ID, in $HOME/.profile or staging $HOME/.aws/credentials 

 

 

 Allowed SSH CIDR range (Could be individual IP, company network etc) 

 

 

 Instance Details 

 Whether using terraform or provisioning EC2 externally, Roost expects following configurations  

 

 

 Region ( eu-west-1 or any ) 

 

 

 Instance_size: c5a.2xlarge (16 GB Memory, 8 vCPUs) or bigger  

 

 

 Instance root disk size: Minimum 100 GB 

 

 

 Additional EBS disk size: Minimum 150 GB  

 

 

 Image: Ubuntu 22.04 HVM base, SSD Volume Type 

 

 

 Network Configuration: 

 

 

 

 Accepts CIDR range to allow SSH (port 22) 

 

 

 Allow SSH from 4.247.149.66/32 and 40.112.174.40/32 (Roost Support) 

 

 

 HTTPS traffic is enabled on EC2 at port 443 

 

 

 

 Python and AWS CLI are already installed. 

 

 

 If provisioned using terraform, a new ssh key-pair is created and kept under terraform-root-dir/data dir. (SSH keypair to be shared with Roost Support team) 

 

 

 Default SSH user is Ubuntu which must have sudo permission 

 

 

 To access RoostGPT over HTTPS (optional), we will need - 

 

 

 

 Domain certs 

 

 

 DNS Name. 

 

 

 

 Packages that will be installed on EC2 Linux (by roostGPT installer): 

 

 curl 

 jq 

 pkill 

 shasum 

 gzip 

 docker-ce 

 docker-cli 

 docker-compose 

 nginx 

 nginx-extras 

 Entry into crontab 

 Script into init.d 

 

 Configurations to run RoostGPT: 

 

 SSH user should have sudo permissions 

 

 AWS IAM User should have  AmazonBedrockFullAccess or the below permission - 

 

 

 {

Version = "2012-10-17"

Statement = [

{

Effect = "Allow"

Action = [

 "bedrock:InvokeModel",

"bedrock:InvokeModelWithResponseStream",

"bedrock:ListFoundationModels",

"bedrock:GetFoundationModel"

]

Resource = "*"

},

{

"Effect": "Allow",

"Action": [

"bedrock:GetInferenceProfile",

"bedrock:ListInferenceProfiles",

],

"Resource": [

"arn:aws:bedrock:*:*:inference-profile/*",

"arn:aws:bedrock:*:*:application-inference-profile/*"

]

}

]

} 

 

 

 Configure AWS profile into launched server, either by 

 

 

 setting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, in $HOME/.profile 

 

 

 Or stage $HOME/.aws/credentials 

 

 

 

 

 Transfer roost license file (.ral) into EC2 instance. 

 

 

 Ensure python3 is installed on the instance 

 

 

 Why does RoostGPT need to run with a privileged user? 

 

 RoostGPT installs docker and nginx like services on the EC2 

 RoostGPT docker containers run as root. 

 

 RoostGPT adds crontab entry for the current user and also adds an init.d script to handle Roost processes on a m/c reboot.