LogoLogo
HomePlatformAsk DuploCloudPricing
  • Overview
  • Product Updates
  • Workshops
    • DuploCloud 101 for AWS
      • Create Your Infrastructure and Application
        • 1. Log in to the DuploCloud Portal
        • 2. Create a DuploCloud Infrastructure
        • 3. Create a DuploCloud Tenant
        • 4. Create an EKS Worker Node
        • 5. Deploy an Application
        • 6. Create a Load Balancer
        • 7. Deploy an S3 Bucket
        • 8. Deploy a Database
        • 9. Create an Alarm
      • Daily Operations using DuploCloud
        • 1. Host, Container, and Kubectl Shell
        • 2. Logging
        • 3. Metrics
        • 4. Billing and Cost Management
        • 5. Audit Logs
        • 6 - Tenant and Admin Just-In-Time (JIT) AWS Access
        • 7. CI/CD
        • 8. Security Hub and Dashboard
        • 9. Terraform Mode of Operations
      • Post-workshop Reference Guide
        • Post-Workshop Testing and Documentation Links
        • Connect With Us
        • DuploCloud Whitepapers
        • DuploCloud Terraform Provider
        • DuploCloud AWS Demo Video
  • Getting Started with DuploCloud
    • What DuploCloud Does
    • DuploCloud Onboarding
    • Application Focused Interface: DuploCloud Architecture
      • DuploCloud Tenancy Models
      • DuploCloud Common Components
        • Infrastructure
        • Plan
        • Tenant
        • Hosts
        • Services
        • Diagnostics
      • Management Portal Scope
    • GRC Tools and DuploCloud
    • Public Cloud Tutorials
    • Getting Help with DuploCloud
  • Container Orchestrators
    • Terminologies in Container Orchestration
  • DuploCloud Prerequisites
    • DNS Configuration
  • AWS User Guide
    • Prerequisites
      • Route 53 Hosted Zone
      • ACM Certificate
      • Shell Access for Containers
      • VPN Setup
      • Connect to the VPN
    • AWS Quick Start
      • Step 1: Create Infrastructure and Plan
      • Step 2: Create a Tenant
      • Step 3: Create an RDS Database (Optional)
      • Creating an EKS Service
        • Step 4: Create a Host
        • Step 5: Create a Service
        • Step 6: Create a Load Balancer
        • Step 7: Enable Additional Load Balancer Options (Optional)
        • Step 8: Create a Custom DNS Name (Optional)
        • Step 9: Test the Application
      • Creating an ECS Service
        • Step 4: Create a Task Definition for an Application
        • Step 5: Create the ECS Service and Load Balancer
        • Step 6: Test the Application
      • Creating a Native Docker Service
        • Step 4: Create an EC2 Host
        • Step 5: Create a Service
        • Step 6: Create a Load Balancer
        • Step 7: Test the Application
    • AWS Use Cases
      • Creating an Infrastructure and Plan for AWS
        • EKS Setup
          • Enable EKS endpoints
          • Enable EKS logs
          • Enable Cluster Autoscaler
        • ECS Setup
          • Enable ECS logging
        • Add VPC endpoints
        • Security Group rules
        • Upgrading the EKS version
      • Creating a Tenant (Environment)
        • Setting Tenant session duration
        • Setting Tenant expiration
        • Tenant Config settings
      • Hosts (VMs)
        • Adding Hosts
        • Connect EC2 instance
        • Adding Shared Hosts
        • Adding Dedicated Hosts
        • Autoscaling Hosts
          • Autoscaling Groups (ASG)
            • Launch Templates
            • Instance Refresh for ASG
            • Scale to or from Zero
            • Spot Instances for AWS
          • ECS Autoscaling
          • Autoscaling in Kubernetes
        • Configure Auto-reboot
        • Create Amazon Machine Image (AMI)
        • Hibernate an EC2 Host
        • Snapshots
        • Taints for EKS Nodes
        • Disable Source Destination Check
      • Auditing
      • Logs
        • Enable Default-Tenant logging
        • Enable Non-Default Tenant logging
        • Configure Logging per Tenant
        • Display logs
        • Create custom logs
      • Diagnostics and Metrics
        • Metrics Setup
        • Metrics Dashboard
        • Kubernetes Administrator dashboard
      • Faults and Alerts
        • Alert notifications
        • Automatic alert creation
        • Automatic fault healing
        • SNS Topic Alerts
        • System Settings Flags
      • AWS Console link
      • Just-in-Time (JIT) Access
      • Billing and Cost management
        • Enable billing data
        • View billing data
        • Apply cost allocation tags
        • DuploCloud License Usage
        • Configure Billing Alerts
      • Resource Quotas
      • Big Data and ETL
      • Custom Resource tags
    • AWS Services
      • Containers and Services
        • EKS Containers and Services
          • Allocation Tagging
        • ECS Containers, Task Definitions and Services
        • Passing Configs and Secrets
        • Container Rollback
        • Docker Registry credentials
      • Load Balancers
        • Target Groups
        • EKS Load Balancers
        • ECS Services and Load Balancers
        • Native Docker Load Balancers
      • Storage
        • Storage Class and PVCs
        • GP3 Storage Class
      • API Gateway
      • Batch
      • CloudFront
      • Databases
        • AWS ElastiCache
        • AWS DynamoDB database
        • AWS Timestream database
        • RDS database
          • IAM authentication
          • Backup and restore
          • Sharing encrypted database
          • Manage RDS Snapshots
          • Add and manage RDS read replicas
            • Add Aurora RDS replicas
          • Add monitoring interval
          • Enable or disable RDS logging
          • Restrict RDS instance size
          • Add parameters in Parameter Groups
          • Manage Performance Insights
      • Data Pipeline
      • Elastic Container Registry (ECR)
        • Sharing ECR Repos
      • Elastic File System (EFS)
        • Mount an EFS in an EC2 instance
      • EMR Serverless
      • EventBridge
      • IoT (Internet of Things)
      • Kafka Cluster
      • Kinesis Stream
      • Lambda Functions
        • Configure Lambda with Container Images
        • Lambda Layers
      • Managed Airflow
      • NAT Gateway for HA
      • OpenSearch
      • Probes and Health Check
      • S3 Bucket
      • SNS Topic
      • SQS Queue
      • Virtual Private Cloud (VPC) Peering
      • Web App Firewall (WAF)
    • AWS FAQ
    • AWS Systems Settings
      • AWS Infrastructure Settings
      • AWS Tenant Settings
    • AWS Security Settings
      • Tenant Security settings
      • Infrastructure Security settings
      • System Security settings
      • AWS Account Security settings
      • Vanta Compliance Controls
  • GCP User Guide
    • Container deployments
      • Container orchestration features
      • Key DuploCloud concepts
    • Prerequisites
      • Docker Registry
      • Service Account Setup
      • Cloud DNS Zone
      • Certificates for Load Balancer and Ingress
      • Initial Infrastructure Setup
      • Tools Tenant
        • Enable Kubectl Shell
      • Docker
        • Docker Registry Credentials (Optional)
        • Shell Access for Docker (Optional)
      • VPN
        • VPN Setup
        • Connect to the VPN
      • Managed SSL Certificates with Certificate Manager (Optional)
    • GCP Quick Start
      • Step 1: Create Infrastructure and Plan
      • Step 2: Create a Tenant
      • Create a Service with GKE Autopilot
        • Step 3: Create a Service
        • Step 4: Create a Load Balancer
        • Step 5: Test the Application
      • Create a Service with GKE Standard
        • Step 3: Create a Node Pool
        • Step 4: Create a Service
        • Step 5: Create a Load Balancer
        • Step 6: Test the Application
    • GCP Use Cases
      • Creating an Infrastructure and Plan for GCP
        • Creating a GKE Autopilot Cluster
        • Creating GKE Standard Cluster
        • Kubectl token and config
        • Upgrading the GKE version
      • Creating a Tenant (Environment)
        • Tenant expiry
        • Tenant Config settings
      • Hosts (VMs)
      • Cost management for billing
        • Export Billing to BigQuery
        • Manage cross project billing in GCP
    • GCP Services
      • Containers and Services
      • GKE Containers and Services
        • Allocation Tagging
        • Docker Registry credentials
        • Container Rollback
        • Passing Config and Secrets
      • GCP Databases
        • Cloud SQL
        • Firestore Database
        • Managed Redis
      • Load Balancers
      • Cloud Armour
      • Cloud Credentials
      • Cloud Functions
      • Cloud Scheduler
      • Cloud Storage
      • Node Pools
      • Pub/Sub
    • GCP FAQs
    • GCP Systems Settings
      • GCP Infrastructure Settings
      • GCP Tenant Settings
    • GCP Security Settings
      • Infrastructure Security settings
      • GCP Account Security settings
  • Azure User Guide
    • Container deployments
      • Container orchestration features
      • Key DuploCloud concepts
    • Prerequisites
      • Program DNS entries
      • Set the AKS cluster version
      • Import SSL certificates
      • Provision the VPN
      • Connect to the VPN
      • Managed Identity Setup
    • Azure Quick Start
      • Step 1: Create Infrastructure and Plan
      • Step 2: Create a Tenant
      • Step 3: Create Agent Pools
      • Step 4: Create a Service
      • Step 5: Create a Load Balancer
      • Step 6: Test the Application
    • Azure Use Cases
      • Creating an Infrastructure and Plan for Azure
        • AKS initial setup
        • Kubectl token and config
        • Encrypted storage account
        • Upgrading the AKS version
      • Creating a Tenant (Environment)
        • Tenant expiry
        • Tenant Config settings
      • Hosts (VMs)
        • Autoscaling for Hosts
          • Autoscaling Azure Agent Pools
        • Shared Hosts
        • Availability Sets
        • Snapshots
      • Logs
      • Metrics
      • Faults and alerts
        • Alert notifications
      • Azure Portal link
      • Billing and Cost management
        • Enable billing data
        • Viewing billing data
    • Azure Services
      • Containers and Services
        • AKS Containers and Services
          • Allocation Tagging
        • Docker Registry Credentials
        • Container Rollback
        • Passing Configs and Secrets
      • Agent Pools
        • Spot Instances for AKS Agent Pools
      • Azure Container Registry (ACR)
      • Databases
        • MSSQL Server database
        • PostgreSQL database
        • PostgreSQL Flexible Server
        • MySQL Server database
          • Azure Managed SQL Instances
        • MySQL Flexible Server
        • Redis database
      • Docker Web Application
      • Databricks
      • Data Factory
      • Infra Secrets
      • Key Vault
      • Load Balancers
      • Public IP Address Prefix
      • Serverless
        • App Service Plans and Web Apps
        • Function Apps
      • Service Bus
      • Storage Account
      • Subscription
      • VM Scale Sets
    • Azure FAQ
    • Azure Systems Settings
      • Azure Infrastructure Settings
      • Azure Tenant Settings
    • Azure Security Settings
      • Tenant Security Settings
  • Kubernetes User Guide
    • Kubernetes Quick Start
    • Kubectl
      • Local Kubectl Setup
        • Kubectl Shell
      • Kubectl Shell
        • Enable Kubectl Shell for GKE
        • Enable Kubectl Shell for AKS
      • Kubectl Tokens and Access Management
      • Read-only Access in Kubernetes
      • Mirantis Lens
    • Configs and Secrets
      • Setting Kubernetes Secrets
      • Creating a Kubernetes ConfigMap
      • Setting Environment Variables (EVs) from a ConfigMap or Secret
      • Mounting ConfigMaps and Secrets as files
      • Using Kubernetes Secrets with Azure Storage connection data
      • Creating the SecretProviderClass Custom Resource to mount secrets
      • Managing Secrets and ConfigMaps access for readonly users (AWS and GCP)
    • Jobs
    • CronJobs
    • DaemonSet
    • Helm Charts
    • Ingress Loadbalancer
      • EKS Ingress
      • GKE Ingress
      • AKS Shared Application Gateway
        • Using an Azure Application Gateway SSL policy with Ingress
    • InitContainers and Sidecar Containers
    • HPA
    • Pod Toleration
    • Kubernetes Lifecycle Hooks
    • Kubernetes StorageClass and PVC
      • Native Azure Storage Classes
    • Import an External Kubernetes Cluster
    • Managed Service Accounts (RBAC)
    • Create a Diagnostics Application Service
  • Security and Compliance
    • Control Groups
    • Isolation and Firewall
      • Cloud Account
      • Network Segmentation
      • IAM
      • Security Groups
      • VPN
      • WAF
    • Access Management
      • Authentication Methods
      • Cloud Console, API and CLI
      • VM SSH
      • Container Shell
      • Kubernetes Access
      • Permission Sets
    • Encryption
      • At Rest Encryption
      • In Transit encryption
    • Tags and Label
    • Security Monitoring
      • Agent Management
      • SIEM
      • Vulnerabilities
      • Hardening Standards (CIS)
      • File Integrity Monitoring
      • Access Monitoring
      • HIDS
      • NIDS
      • Inventory Monitoring
        • Inventory Reports
      • Antivirus
      • VAPT (Pen Test)
      • AWS Security HUB
      • Alerting and Event Management
    • Compliance Frameworks
    • Security and Compliance Workflow
  • Terraform User Guide
    • DuploCloud Terraform Provider
    • DuploCloud Terraform Exporter
      • Install Terraform Exporter
      • Generate Terraform
      • Using Generated Code
      • Troubleshooting Guide
    • Terraform FAQ
  • Automation and Tools
    • DuploCtl CLI
    • Supported 3rd Party Tools
    • Automation Stacks
      • Clone from a Tenant
      • Create a deploy template
      • Deploy from a template
      • Customize deploy templates
  • CI/CD Overview
    • Service Accounts
    • GitHub Actions
      • Configure GitHub
      • Build a Docker image
      • Update a Kubernetes Service
      • Update an ECS Service
      • Update a Lambda function
      • Update CloudFront
      • Upload to S3 bucket
      • Execute Terraform
    • CircleCI
      • Configure CircleCI
      • Build and Push Docker Image
      • Update Service
    • GitLab CI/CD
      • Configure Gitlab
      • Build a Docker image
      • Update a service
    • Bitbucket Pipelines
      • Configure Bitbucket
      • Build a Docker image
      • Update the Service with Deploy Pipe
    • Azure Pipelines
      • Configure Azure DevOps
      • Build a Docker image from Azure DevOps
      • Update a Service
      • Troubleshooting
    • Katkit
      • Environments
      • Link repository
      • Phases
      • Katkit config
      • Advanced functions
  • User Administration
    • User Logins
    • User access to DuploCloud
    • API tokens
    • Session Timeout
    • Tenant Access for Users
      • Add Tenant access over a VPN
      • Read-only access to a Tenant
      • Cross-tenant Access
      • Deleting a Tenant
    • VPN access for users
    • Database access for users
    • SSO Configuration
      • Azure SSO Configuration
      • Okta Identity Management
    • Login Banner/Button Customization
  • Observability
    • Standard Observability Suite
      • Setup
        • Logging Setup
          • Custom Kibana Logging URL
        • Metrics Setup
        • Auditing
          • Custom Kibana Audit URL
      • Logs
      • Metrics
    • Advanced Observability Suite
      • Architecture
      • Dashboards
        • Administrator Dashboard
        • Tenant Dashboard
        • Customizing Dashboards
      • Logging with Loki
      • Metrics with Mimir
      • Tracing with Tempo
      • Profiles with Pyroscope
      • Alerts with Alert Manager
      • Service Level Objectives (SLOs)
      • OTEL Stack Resource Requirements
      • Application Instrumentation
      • Custom Metrics
      • Terraform
    • Faults and Alerts
      • Alert notifications
      • Automatic alert creation
    • Auditing
    • Web App Firewall (WAF)
  • Runbooks
    • Configuring Egress and Ingress for AKS Ingress Controllers in Private Networks
    • Configuring Retool to SSH into a DuploCloud Host with a Static IP Address for Secure Remote Database
  • FAQs
  • Extras
    • FluxCD
    • Deploying Helm Charts
    • Setting up SCPs (Service Control Policies) for DuploCloud
    • BYOH
    • Delegate Subdomains
    • Video Transcripts
      • DuploCloud AWS Product Demo
      • DuploCloud Azure Product Demo
      • DuploCloud GCP Product Demo
      • DevOps Deep Dive - Abstracting Cloud Complexity
      • DuploCloud Uses Infrastructure-as-Code to Stitch Together DevOps Lifecycle
Powered by GitBook
LogoLogo

Platform

  • Overview
  • Demo Videos
  • Pricing Guide
  • Documentaiton

Solutions

  • DevOps Automation
  • Compliance
  • Platform Engineering
  • Edge Deployments

Resources

  • Blog & News
  • Customer Stories
  • Webinars
  • Privacy Policy

Company

  • Careers
  • Press
  • Events
  • Contact

© DuploCloud, Inc. All rights reserved. DuploCloud trademarks used herein are registered trademarks of DuploCloud and affiliates

On this page
  • General FAQs
  • What cloud providers does DuploCloud support?
  • What support features come with my DuploCloud subscription?
  • How much will DuploCloud add to my company's cloud budget?
  • How is the DuploCloud subscription cost calculated?
  • Can companies with private clouds use DuploCloud?
  • Is DuploCloud a Software as a Service (SaaS) product?
  • What happens during the DuploCloud onboarding process?
  • How does the DuploCloud Portal access my cloud infrastructure, and how is it secured?
  • Can we install DuploCloud in our existing cloud account?
  • Am I locked into DuploCloud? If so, what work must I do to move away from it?
  • Our company has no DevOps experience. Can DuploCloud build our environment and support us?
  • Can I make changes directly in a DuploCloud-managed cloud account?
  • I don't know IaC (Infrastructure-as-Code). Can I still use DuploCloud?
  • Can we configure DuploCloud CLI on Windows Subsystem for Linux (WSL)?
  • Are "No Code" and "Click Ops" the same?
  • Can you delete an application and all its resources with a single click and confirmation?
  • Can DuploCloud manage multiple cloud accounts in a single DuploCloud Portal instance?
  • What can be automated using the DuploCloud API? How can API automation simplify application and resource management?
  • Does DuploCloud make any assumptions that may impact initial implementation time?
  • How do I create a dedicated VPC in DuploCloud?
  • Connectivity and Availability FAQs
  • How do I troubleshoot OpenVPN connection issues, such as DNS resolution failures?
  • How do I edit the Service Description to update my Control Plane configuration?
  • How do you create a Host with a public IP?
  • How do I SSH into the Host?
  • My host is Windows. How do I use Remote Desktop Protocol (RDP)?
  • How do I get into the container where my code is running?
  • I cannot connect to my service URL. How do I debug it?
  • Kubernetes FAQs
  • Is Kubernetes required to use DuploCloud? Is using Kubernetes better than using ECS?
  • I want to have multiple replicas of my Model-View-Controller (MVC) service. How do I make sure that only one of them runs migration?
  • Storage FAQs
  • Does DuploCloud Support custom S3 bucket naming?
  • Container/Docker FAQs
  • One or more of my containers are pending. How can I debug them?
  • Some of my container statuses say pending delete. What does this mean?
  • Terraform FAQs
  • Is DuploCloud generating Terraform code behind the scenes to configure the cloud?
  • If DuploCloud is not generating Terraform code behind the scenes, how can I use Infrastructure-as-Code?
  • If my developers make changes via the DuploCloud UI, what happens to the Terraform code my DevOps engineers have written?
  • Security and Compliance FAQs
  • How does DuploCloud manage my data securely and compliantly?
  • How can I set up Multi-Factor Authentication (MFA) for OpenVPN authentication?
  • How much are SOC 2 Type 2 compliance costs?
  • Do I need a GRC tool like Vanta or Drata if I am using DuploCloud?
  • CI/CD FAQs
  • How does CI/CD work with DuploCloud?
  • How do I uninstall Chocolatey?
  • Does DuploCloud have an integration for Jenkins CI/CD?
  • Upgrade FAQs
  • What is a rolling upgrade, and how do I enable it?
  • Diagnostic Tool FAQs
  • How do I use Datadog and other diagnostics tools?
  • Error Messages
  • I'm receiving the error message: Could not load credentials from any providers.
  • When creating a Service, I'm receiving the message: DuploCloud Fault Conditions Unschedulable because 0/N nodes are available: one node(s) didn't match pod anti-affinity rules, and one node(s) was unschedulable.
  • I do not see logs displayed for a Tenant. I get the error: Docker native collection agent Filebeat is not running for Tenant.
  • I'm receiving the message: It took too long to check if you are authorized to access DuploCloud. Try refreshing the page and logging in again.

Was this helpful?

Edit on GitHub
Export as PDF

FAQs

Popular and frequently asked questions about DuploCloud

PreviousConfiguring Retool to SSH into a DuploCloud Host with a Static IP Address for Secure Remote DatabaseNextExtras

Last updated 4 months ago

Was this helpful?

Use these FAQ documents to quickly find answers to popular questions about using AWS, Azure, and GCP with DuploCloud.

General FAQs

What cloud providers does DuploCloud support?

  • Amazon AWS

  • Microsoft Azure

  • Google Cloud

  • On-Premises

What support features come with my DuploCloud subscription?

See for examples of what we do and do not support and how to contact us.

For more detailed inquiries or assistance, including DuploCloud's DevOps automation platform capabilities, compliance, AWS services like Kinesis stream, and product updates, refer to the and available on DuploCloud's website.

How much will DuploCloud add to my company's cloud budget?

We estimate that DuploCloud will increase your company's monthly cloud costs by approximately $100 to $200.

How is the DuploCloud subscription cost calculated?

DuploCloud subscription cost is based on the services managed by the platform, with usage counted in units. Here is how units are defined:

  • Each host (e.g., EC2 instance, Azure VM, or GCP VM) is 1 unit.

  • Serverless functions or services (e.g., Lambda functions) are 1/4 units.

  • Serverless applications (e.g., AWS ECS Service, Azure Web App, Google GKE Service) are 1/2 units.

  • AWS Managed Workflows for Apache Airflow (MWAA) workers are 1/2 units, with the number of workers calculated as the average minimum and maximum worker count.

Can companies with private clouds use DuploCloud?

Yes, DuploCloud's On-Premises solution supports companies with private clouds.

Is DuploCloud a Software as a Service (SaaS) product?

No. DuploCloud is a self-hosted solution deployed within the customer's cloud account, providing the customer with a SaaS-like experience. DuploCloud's fully managed service maintains uptime, provides updates, and supplies ongoing support.

What happens during the DuploCloud onboarding process?

  • DuploCloud creates a private Slack channel for direct communication during onboarding.

  • Clients (usually) set up separate AWS accounts, GCP projects, or Azure subscriptions to avoid interfering with existing setups. This creates a development environment for the team to test and transition to before proceeding to staging and production. DuploCloud can be integrated into your existing environment, or a DuploCloud-managed environment can be connected to your current setup in a hybrid arrangement.

  • Our engineers install the DuploCloud Portal and schedule a call to orient you and complete any additional configurations. You can complete the setup at this time or create some services and let DuploCloud engineers handle the rest. We also perform penetration testing and vulnerability assessments on your applications and Infrastructures using our SIEM solution.

  • Once your DuploCloud Portal is installed and configured, DuploCloud Infrastructures (VPCs) are operational; Kubernetes is enabled and configured; and logging, monitoring, alerting, CI/CD, and SOC 2 controls are implemented.

How does the DuploCloud Portal access my cloud infrastructure, and how is it secured?

DuploCloud is a self-hosted single-Tenant solution deployed within the customer's cloud account. The software runs in a virtual machine (VM) that is granted specific permissions allowing it to interact with and manage your cloud resources. In AWS specifically, DuploCloud uses Identity and Access Management (IAM) roles and instance profiles to access AWS resources without access keys. In Azure, permissions derive from Managed Identity, and in GCP they derive from service accounts.

Can we install DuploCloud in our existing cloud account?

While you can install DuploCloud in your existing environment, we prefer to do the setup in a separate account. You do not have to migrate all your existing data sources, especially if you have large files in resources like S3 buckets. DuploCloud environments can connect to existing data sources and endpoints via peering and cross-account access. Here are the top reasons why people prefer DuploCloud in a separate account:

  • It is a safe and non-intrusive way to validate a new setup or architecture (like Kubernetes) without touching the existing account.

  • From a compliance perspective, a new account is a clean slate. Existing accounts may have issues that are difficult or impossible to fix. For example, accounts with cloud trails showing past non-compliance can indicate irregularities and create questions around scope, which may impact an auditor's report.

  • Some DuploCloud security features can affect existing non-compliant resources and workloads. While this is rare, it is something to consider.

In summary, while you can deploy DuploCloud in an existing account or import existing VPC and Kubernetes clusters, migrating or connecting your data to new accounts often requires less overhead and provides more benefits.

Am I locked into DuploCloud? If so, what work must I do to move away from it?

DuploCloud is a provisioning system that runs along with your workloads in your cloud account. Stopping it does not impact your applications or cloud services.

The following is a list of automation constructs managed by DuploCloud and a summary of what you need to do to maintain them directly instead of through DuploCloud.

Cloud provider configuration (Terraform)

This involves various cloud services, IAM roles, security groups, VPCs, etc. DuploCloud can export your latest cloud configuration into native Terraform code and state files. Once exported, you maintain the configuration.

Kubernetes

All Kubernetes applications and configurations are available as deployments, StatefulSets, DaemonSets, Kubernetes Secrets, ConfigMaps, etc. You can run kubectl commands to export Kubernetes configurations as YAML files and continue to maintain them in the future.

Compliance monitoring

Diagnostics tools

These include Prometheus, Grafana, and Elasticsearch. They are all open source and run in your cloud account, so you can continue to manage them directly.

If DuploCloud is down, it's like having an unavailable DevOps engineer. Opting out of DuploCloud is like replacing your DevOps management. DuploCloud is neither a Platform as a Service (PaaS) nor a hosted solution.

Our company has no DevOps experience. Can DuploCloud build our environment and support us?

Absolutely! More than half of our customers have no DevOps team. With our managed service offering, we handle your deployments, act as the first line of defense for any issues, and manage daily tasks like CI/CD updates. Our team manages your cloud infrastructure and ensures it's optimized and modernized following the latest industry best practices.

The DuploCloud team is your extended DevOps team. We provide white-glove assistance for environment setup and daily operations with 24x7 Slack and email support. We can help with anything the DuploCloud platform supports and your cloud provider's requirements. This includes everything from Infrastructure-as-Code improvements for reusability and code reduction to architecture refactoring or infrastructure modernization. For instance, DuploCloud engineers could guide you in transitioning from deploying your applications on VMs to using Kubernetes. However, it's important to note that DuploCloud does not refactor customer application code.

DuploCloud is your extended DevOps team! We are available 24x7 on your Slack channel, by phone, and by email.

Can I make changes directly in a DuploCloud-managed cloud account?

Yes. You will need to make direct changes in the cloud account for cloud features or configurations not supported by DuploCloud. Direct cloud account changes can be categorized into the following groups:

Independent changes

Independent changes are changes to non-DuploCloud-managed resources made directly in your cloud provider. DuploCloud does not interfere with independent changes but still monitors and alerts you to non-compliant configurations.

Non-conflicting changes to DuploCloud-managed resources

DuploCloud does not interfere with non-conflicting changes to the resources it manages. For example, if you add additional forwarding rules to a Load Balancer created in DuploCloud, DuploCloud will not interfere with the new configuration.

Conflicting changes to DuploCloud-managed resources

DuploCloud automatically detects conflicting changes to DuploCloud-managed resources and reverts changes or raises an alert about inconsistencies.

I don't know IaC (Infrastructure-as-Code). Can I still use DuploCloud?

Yes. DuploCloud's UI is a No-Code DevOps interface. You do not need to know IaC or have cloud expertise to operate it. However, you should read the product documentation to understand the basic constructs. DuploCloud's approach significantly reduces the risk of errors associated with manual configurations or "Click Ops" and ensures that your infrastructure follows best practices with just a few clicks.

Can we configure DuploCloud CLI on Windows Subsystem for Linux (WSL)?

Yes, but this process requires specific steps to ensure smooth operation, especially for tasks involving interactive browser sessions or AWS CLI usage. Users may need to install utilities like xclip, xdg-utils, and jq to facilitate these operations. Additionally, setting up aliases in the .bashrc file for start and open commands to point to xdg-open, and defining the BROWSER environment variable to the path of a browser in /usr/local/bin are crucial. Creating a symlink in /usr/local/bin to the browser executable in the Windows file system allows DuploCloud CLI to utilize the Windows browser for authentication and other browser-required operations. While optional, adding aliases for pbcopy and pbpaste can enhance script compatibility, particularly for users accustomed to macOS environments. These configurations enable effective use of DuploCloud CLI within WSL, bridging the gap between Windows and Linux environments for cloud management tasks.

Are "No Code" and "Click Ops" the same?

No, these concepts are not the same. "Click Ops" is when engineers manually create infrastructure resources in the cloud and other UIs. This approach is often considered risky because the complexity of components and configurations makes it easy to make mistakes. DuploCloud's No-Code platform manages infrastructure resources for you, ensuring the underlying compute instances, firewall rules, IAM policies, and other components are configured following good practices. You only need a few clicks and don't need to know DevOps or SecOps because DuploCloud knows it for you.

Terraform projects typically have a broad scope with multiple components. Sometimes, you must make small targeted changes (for example, a health check URL change). But when the change is being executed, there may be other drifts, and the user may be forced to resolve them. This can be inconvenient, and often, the user will change the UI, resulting in further configuration drifts.

About half of our customer base uses no-code, while the other half uses Terraform. Ironically, software developer-centric companies prefer no codeensure the application runs because it enables engineers to be agile and focus on their application code. By contrast, the low-code Terraform provider offers a different kind of flexibility, allowing for the integration of unique solutions like creating short-lived one-shot ECS tasks through the API, demonstrating the platform's versatility in accommodating diverse operational needs.

Can you delete an application and all its resources with a single click and confirmation?

Yes, deleting a DuploCloud Tenant, which requires only a single click and confirmation, deletes the associated application and all its resources.

Can DuploCloud manage multiple cloud accounts in a single DuploCloud Portal instance?

No. You must have a separate DuploCloud account (instance) for every native cloud infrastructure you want DuploCloud to manage.

What can be automated using the DuploCloud API? How can API automation simplify application and resource management?

With DuploCloud, you can delete an application and all its associated resources with a single click (plus confirmation), streamlining the management process. Furthermore, every element in the DuploCloud UI can be automated over an API, ensuring that all resource provisioning is tracked and auditable.

Does DuploCloud make any assumptions that may impact initial implementation time?

DuploCloud does not make any assumptions that could delay initial implementation. By segregating resources into environments called Tenants, DuploCloud accelerates ramp-up time.

How do I create a dedicated VPC in DuploCloud?

In DuploCloud, you can create a dedicated VPC by following these steps:

  1. In the DuploCloud Portal, navigate to the "Administrator" section and then to the "Infrastructure" page.

  2. Click on the "Add" button to create a new Infrastructure.

  3. In the "Add Infrastructure" page, you can specify the details for your dedicated VPC, such as the VPC CIDR, number of Availability Zones, and the region.

  4. DuploCloud will automatically create the VPC with the specified configurations, including the private and public subnets, NAT Gateway, Internet Gateway, and route tables.

  5. Once the Infrastructure is created, you can further customize it by adding Tenants, Hosts, and Services within this dedicated VPC.

The key benefit of creating a dedicated VPC in DuploCloud is that it provides a secure, isolated network environment for your applications and resources. This helps you maintain better control over your network configuration and security, while still leveraging the automation and management capabilities of the DuploCloud platform.

Connectivity and Availability FAQs

How do I troubleshoot OpenVPN connection issues, such as DNS resolution failures?

OpenVPN connectivity issues (e.g., "hostname not found" errors when accessing resources like PostgreSQL DBs), especially on networks like T-Mobile 5G Home Internet, may be caused by DNS resolution failures. A workaround is to manually resolve the DNS name using a tool like MxToolbox and then use the IP address directly to bypass the DNS problem.

How do I edit the Service Description to update my Control Plane configuration?

Once logging is enabled, the Service Description cannot be edited. To maintain the integrity and consistency of your logging setup, complete any Control Plane modifications before enabling central logging.

How do you create a Host with a public IP?

When creating a Host in the DuploCloud Portal, display Advanced Options and select the public subnet from the list of availability zones.

How do I SSH into the Host?

Under each Host, you can click on Connection Details under the Actions list box, which will provide the key file and instructions to SSH.

My host is Windows. How do I use Remote Desktop Protocol (RDP)?

When viewing a Host, click the Actions list box and select Connection Details. It will provide the password and instructions on how to connect to RDP.

How do I get into the container where my code is running?

On the status page for the Service, find the Host where the container is running. SSH into the Host (see instructions above), and run sudo docker ps to get the container ID. Next, run sudo docker exec -itCONTAINER_IDbash. Find your container using the image ID.

I cannot connect to my service URL. How do I debug it?

You can just run ping on your local machine to resolve the DNS name and make sure that the application is running ping from within the container. SSH into the Host and connect to your Docker container using the Docker command sudo docker exec -tCONTAINER_IDbash. From inside the container, curl the application URL using the IP 127.0.0.1 and the port where the application is running. Confirm that this works. CURL is the same URL using the container's IP address instead of 127.0.0.1. The IP address can be obtained by running the ifconfig command in the container.

If the connection from within the container works, exit the container and navigate to the Host. Curl the same endpoint from the Host (i.e., using container IP and port). If this works, then under the ELB UI in DuploCloud, note down the Host port that DuploCloud created for the given container endpoint. This will be in the range of 10xxx or the same as the container port. Now try connecting to the HostIP and DuploMappedHostPort that was obtained. If this also works but the service URL fails, contact your enterprise admin or duplolive-support@duplocloud.net.

Kubernetes FAQs

Is Kubernetes required to use DuploCloud? Is using Kubernetes better than using ECS?

No, Kubernetes is not required to use DuploCloud. DuploCloud supports AWS (ECS and EKS), Kubernetes, Azure, and GCP. Many customers use software from multiple vendors to create robust business solutions backed by DuploCloud's compliance assurance and automated low-code/no-code DevOps approach.

The main advantage of Kubernetes is its broad-based, highly customizable, third-party, open-source community that supports it as a delivery platform. For example, Astronomer (managed Airflow), time series database, Istio service mesh, and Kong API Gateway all require a Kubernetes deployment. However, if your business needs and use cases are met with an AWS solution, you may not need Kubernetes. Choose the software that best aligns with your use cases and requirements.

I want to have multiple replicas of my Model-View-Controller (MVC) service. How do I make sure that only one of them runs migration?

Enable health check for your service, and ensure the API does not return HTTP 200 status until migration. Since DuploCloud waits for a complete health check on one service before moving on to the next service, only one instance will run migration at a time.

DuploCloud's approach to container deployment emphasizes applications being self-contained and fungible, which facilitates independent updates of each service. Kubernetes automatically manages failing containers, and DuploCloud supports using Kubernetes health checks, including Liveness and Readiness Probes, to ensure containers function correctly and are ready to receive work.

Storage FAQs

Does DuploCloud Support custom S3 bucket naming?

DuploCloud supports the creation of S3 buckets with custom prefixes, enabling unique bucket names without the default numeric suffix. This feature can be activated by configuring a specific setting in the system, allowing for more personalized and easily identifiable bucket names that comply with Amazon S3's uniqueness requirements.

Container/Docker FAQs

One or more of my containers are pending. How can I debug them?

If the current status is Pending and the desired status is Running, wait a few minutes for the image to finish downloading. If it’s been more than five (5) minutes, check the faults from the button below the table. Ensure that your image name is correct and does not have spaces. Image names are case-sensitive, so they should be all lowercase, including image names in Docker Hub.

If the current state is Pending and the desired state is Delete, the container is the old service version. It is still running because the system is being upgraded, and the previous replica has not been upgraded yet. Check for faults for other containers in the same service with a current state of Pending and a desired state of Running.

Some of my container statuses say pending delete. What does this mean?

This means DuploCloud is going to remove these containers. DuploCloud supports the creation of on-demand testing environments, facilitating quick setup and tear-down of environments with different configurations through the console or Terraform. This capability is crucial for testing and development workflows, ensuring flexibility and efficiency in managing containerized applications. An upgrade might be blocked if a Service's replica is upgraded, but not functioning correctly. To unblock the upgrade, restore the Service configuration (image, environment, etc.) to an error-free state.

Terraform FAQs

Is DuploCloud generating Terraform code behind the scenes to configure the cloud?

If DuploCloud is not generating Terraform code behind the scenes, how can I use Infrastructure-as-Code?

The Terraform and DuploCloud Web UIs layer on top of the DuploCloud platform.

If my developers make changes via the DuploCloud UI, what happens to the Terraform code my DevOps engineers have written?

It is best to create separation between your developers and your DevOps team. Using the DuploCloud UI to iterate product changes quickly in non-production development environments can create inconsistency.

Use Terraform to set up cloud services and handle the initial deployment of applications in both production and critical non-production environments. Additionally, create a CI/CD workflow that updates only the application deployment calls for Docker and Lambda. The DevOps team should manage any cloud service changes using Terraform, and developers should thoroughly understand these changes. However, developers should still be able to trigger CI/CD for their application rollouts independently, without DevOps involvement.

Security and Compliance FAQs

How does DuploCloud manage my data securely and compliantly?

DuploCloud automatically generates a wildcard SSL certificate in ACM for each DNS domain it manages and applies it to the relevant resources.

To configure in-transit encryption, navigate to “Administrator -> Plan -> Certificates” and add the SSL/TLS certificates you want DuploCloud to use.

DuploCloud’s encryption capabilities help ensure your data is protected at rest and in transit, simplifying the management of encryption for your cloud infrastructure.

How can I set up Multi-Factor Authentication (MFA) for OpenVPN authentication?

From the DuploCloud Portal, click on your name in the top right corner and select Profile. Click on the VPN URL and enter the required credentials. On the first login, scan the barcode displayed on the screen. Download the Profile and add it to the OpenVPN Connect. Next time you log in with OpenVPN, you will be prompted to enter the authentication code.

How much are SOC 2 Type 2 compliance costs?

Achieving SOC 2 Type 2 compliance is crucial for organizations looking to demonstrate high security and data protection. The process involves various costs, including using a Compliance Automation Platform, which may range from $10,000 to $15,000 or more for larger companies. The use of such platforms changes how the audit process is conducted. Understanding and managing these changes can cost between $7,500 and $15,000. Some companies offer both compliance tools and services. They may provide discounts if you bundle these services, offering a cost-saving opportunity. Companies starting their compliance journey should consult detailed resources to understand the expenses fully.

Do I need a GRC tool like Vanta or Drata if I am using DuploCloud?

CI/CD FAQs

How does CI/CD work with DuploCloud?

How do I uninstall Chocolatey?

Removing Chocolatey from your system is a straightforward process using PowerShell. Begin by executing Remove-Item -Recurse -Force C:\ProgramData\chocolatey to delete the Chocolatey directory and all its contents. Next, it's essential to clean up your system's PATH environment variable to eliminate any references to Chocolatey bin and lib\bin directories. This cleanup process ensures that Chocolatey and its components are thoroughly removed from your system, preventing potential conflicts or issues with other software installations or system operations. The DevOps team should do the same.

Does DuploCloud have an integration for Jenkins CI/CD?

Yes, CI/CD is a layer on top of DuploCloud, and CI/CD systems like Jenkins seamlessly integrate with DuploCloud by either calling our REST APIs or via Terraform."

This means that you can build your Jenkins pipelines and workflows to invoke DuploCloud functionality through its APIs or by using the DuploCloud Terraform provider. DuploCloud's integration with Jenkins allows you to automate your entire CI/CD workflow, from building and testing to deploying your applications in a secure and compliant manner.

Some key integration points between Jenkins and DuploCloud include:

  1. Accessing cloud resources: DuploCloud can provide just-in-time (JIT) access to cloud resources for your Jenkins build agents, allowing them to securely connect to your cloud infrastructure.

  2. Deploying self-hosted runners: You can deploy build containers within the same DuploCloud tenant as your application, enabling your Jenkins builds to seamlessly access tenant resources like registries, APIs, and databases.

  3. Integrating with cloud security services: DuploCloud integrates with cloud-native security solutions like AWS SecurityHub and Azure Defender, which can be leveraged in your Jenkins pipelines.

Upgrade FAQs

What is a rolling upgrade, and how do I enable it?

When you update (e.g., change an image or environment variable) a service with multiple replicas, DuploCloud changes one container at a time. If an updated container fails to start or the health check URL does not return HTTP 200 status, DuploCloud will pause the upgrade of the remaining containers. If no health check URL is specified, DuploCloud only checks to see if an updated container is running before moving on to the next. To specify Health Check, use the Elastic Load Balancer menu to find the Health Check URL suffix.

Diagnostic Tool FAQs

How do I use Datadog and other diagnostics tools?

DuploCloud's out-of-the-box diagnostics stack is optional. To integrate with third-party toolset changes like Datadog, follow the guidelines and deploy collector agents as if running an application within the respective DuploCloud Tenant(s).

Error Messages

I'm receiving the error message: Could not load credentials from any providers.

Your duplo-jit local cache must be cleared. To do this, run the following command: rm -rf ~/Library/Caches/duplo-jit/

When creating a Service, I'm receiving the message: DuploCloud Fault Conditions Unschedulable because 0/N nodes are available: one node(s) didn't match pod anti-affinity rules, and one node(s) was unschedulable.

Two possible reasons for receiving this message are:

  • You are not allocating enough Hosts to process your workload.

I do not see logs displayed for a Tenant. I get the error: Docker native collection agent Filebeat is not running for Tenant.

Ensure logging is set up and the correct Tenant is selected. If logs are still not appearing in the DuploCloud console and Filebeat indicates a bulk send failure, Elasticsearch may be out of disk space. In this case, check the disk space in the Default Tenant diagnostics history. If necessary, follow the steps to recognize and expand the volume on Linux as outlined in the AWS documentation to resolve this issue.

I'm receiving the message: It took too long to check if you are authorized to access DuploCloud. Try refreshing the page and logging in again.

Clear your browser cache or use a private browsing window. If the problem persists, request assistance from DuploCloud to ensure a smooth login experience.

Although the onboarding process can take thirty to seventy (30-70) hours, DuploCloud staff performs about 90% of the work. Contact with any additional questions.

DuploCloud uses a third-party SIEM solution called . Wazuh is open-source software running in an independent VM in your cloud account, and you have full permission to retain it "as-is." However, in the future, you would need to integrate any new systems that need compliance monitoring into the SIEM.

DuploCloud allows you to program unsupported features directly in your cloud provider. If you're using Terraform, you can use the DuploCloud provider and the native cloud provider together. For an example, visit .

DuploCloud provides flexibility when a feature not supported by DuploCloud can be programmed directly in your cloud provider. If you are using Terraform, then the DuploCloud provider and the native cloud provider can be used in tandem. For an example of this use case, see . Additionally, for specific needs such as creating short-lived one-shot ECS tasks, which are not directly supported through the Duplo UI or Terraform provider, DuploCloud offers the capability via its API. Customers have utilized this approach for tasks like database migrations on ECS, showcasing the platform's adaptability to unique operational requirements.

No. DuploCloud is calling the cloud provider's API directly. Based on user requirements, the software interacts with the cloud provider API asynchronously, maintaining a of operations with built-in retries to ensure robustness. Interacting with the cloud provider continuously monitors configuration drift, system faults, security, and compliance controls.

DuploCloud provides Terraform with a Software Development Kit (SDK) called the . This SDK allows users to configure their cloud infrastructure using DuploCloud constructs rather than lower-level cloud provider constructs. It enables users to benefit from Infrastructure-as-Code while significantly reducing the needed code. The DuploCloud Terraform Provider calls DuploCloud APIs. Our provides detailed examples.

The best strategy for your organization will ultimately depend on your specific compliance needs and priorities. To learn more about the differences between compliance support offered by traditional GRC tools like Vanta or Drata and DuploCloud, see the on this topic.

CI/CD is the topmost layer of the DevOps stack. DuploCloud should be viewed as a deployment and monitoring solution invoked by your CI/CD pipelines, written with tools such as CircleCI, Jenkins, GitHub Actions, etc. You build images and push them to container registries without DuploCloud, but you invoke DuploCloud to update the container image. An example of this is in the . DuploCloud offers its called KitKat.

The you assigned to your existing Hosts limit additional Service workloads.

AWS FAQ
Azure FAQ
GCP FAQs
DuploCloud Support
official documentation
whitepapers
DuploCloud Support
Wazuh
DuploCloud DevOps White Papers
https://duplocloud.com/white-papers/devops/#PAAS
state machine
DuploCloud Terraform Provider
DevOps white paper
https://docs.duplocloud.com/docs/welcome-to-duplocloud/security-and-compliance
DuploCloud documentation
CI/CD documentation
own CI/CD tool
allocation tags
User Interaction with the DuploCloud Platform
Page cover image