# AWS Installation

This guide covers what you need to provide to install DuploCloud AI Helpdesk on AWS and what DuploCloud will set up in your environment.

***

## Overview

The installation deploys the following components into a dedicated namespace in your Kubernetes cluster:

| Component              | Description                                                      |
| ---------------------- | ---------------------------------------------------------------- |
| **Backend**            | ASP.NET Core API server — tickets, projects, agent orchestration |
| **Frontend**           | React web UI served via nginx                                    |
| **MongoDB**            | Embedded database (Kubernetes StatefulSet)                       |
| **Web Terminal**       | Browser-based terminal for agent command execution               |
| **Duplo Agent**        | Claude-powered AI agent runtime                                  |
| **MCP Server**         | Model Context Protocol server for tool integrations              |
| **Ingress (ALB)**      | AWS Application Load Balancer routing HTTPS traffic              |
| **Persistent Storage** | EFS-backed shared volume for agent working directories           |

All components run entirely within your AWS account.

***

## Deployment Scenarios

### Ideal: Fresh AWS Account (Recommended)

The cleanest path is to provide a **dedicated, empty AWS account** for DuploCloud AI HelpDesk. This gives DuploCloud full control to create all required infrastructure from scratch — VPC, EKS cluster, EFS, security groups, ACM certificates — with no risk of conflicting with existing workloads.

**What you do:**

1. Create a new AWS account (or sub-account in your AWS Organization)
2. Create an IAM user with full admin access and share the credentials with DuploCloud
3. DuploCloud handles everything from there

This is the fastest path to a clean, reproducible installation.

***

### Alternative: Existing AWS Account

If you prefer to install into an existing AWS account (e.g. alongside other workloads), this is fully supported. DuploCloud HelpDesk deploys into a dedicated Kubernetes namespace and does not modify any resource that was created outside of Duplo.

**What you need to ensure:**

* An existing EKS cluster with available node capacity
* A VPC with public subnets for the ALB
* Permission to create EFS, security groups, and ACM certificates in the account

***

## Installation Requirements

In either of the scenarios above, we will need:

### 1. AWS Access

| Item                              | Required | Notes                                                             |
| --------------------------------- | -------- | ----------------------------------------------------------------- |
| AWS Account ID                    | ✅        | 12-digit number (e.g. `774157348504`)                             |
| IAM credentials for the installer | ✅        | See [Granting Installer Access](#granting-installer-access) below |
| Target AWS region                 | ✅        | e.g. `us-east-1`                                                  |

### 2. Kubernetes Cluster

| Item                    | Required | Notes                                  |
| ----------------------- | -------- | -------------------------------------- |
| EKS cluster             | ✅        | Kubernetes v1.33+                      |
| Available node capacity | ✅        | Minimum 2 nodes, `t3a.large` or larger |

> **No cluster yet?** If you don't have an EKS cluster, DuploCloud will create one. Full admin access to the account is required for this.

> **Sharing a cluster:** Multiple applications can coexist in the same EKS cluster — each runs in its own namespace. HelpDesk deploys into `duploservices-<name>` by default.

### 3. Domain and DNS

| Item                                            | Required | Notes                                                  |
| ----------------------------------------------- | -------- | ------------------------------------------------------ |
| A domain or subdomain for the DuploCloud portal | ✅        | e.g. `helpdesk.duplo.company.com`                      |
| xterm subdomain                                 | ✅        | e.g. `xterm.duplo.company.com`                         |
| Access to DNS provider                          | ✅        | Route 53, Cloudflare, or equivalent                    |
| Existing ACM certificate                        | Optional | If not available, one will be requested during install |

### 4. Administrator Emails

| Item                  | Required | Notes                                                     |
| --------------------- | -------- | --------------------------------------------------------- |
| Super-user email list | ✅        | Comma-separated, e.g. `admin@company.com,ops@company.com` |

These accounts receive full administrative access to DuploCloud after installation.

***

## Granting Installer Access

DuploCloud requires full admin access to your AWS account to perform the installation — this is needed to create the VPC, EKS cluster, EFS, load balancer, security groups, and ACM certificates.

The recommended approach is to create a dedicated IAM user with `AdministratorAccess` and share the credentials securely with DuploCloud:

1. In the AWS Console → **IAM** → **Users** → **Create user**
2. Name it `duplocloud-installer` (or similar)
3. Attach the `AdministratorAccess` policy directly
4. Under **Security credentials** → create an **Access Key** (for CLI use)
5. Share the Access Key ID and Secret Access Key with DuploCloud

Alternatively, if your organization uses IAM roles, you can create a role with `AdministratorAccess` and add DuploCloud's IAM identity as a trusted principal so we can assume it. DuploCloud will confirm the exact trust policy configuration.

> **After installation:** Access can be revoked by deleting the IAM user or role. If you require tighter permission scoping, contact DuploCloud — scoped IAM policies are available for environments where full admin access is not permitted.

***

## What DuploCloud Will Do

Once credentials are shared, our team handles the full installation end-to-end:

* **Provision infrastructure** (if starting fresh) — create the VPC, EKS cluster, node groups, EFS filesystem, security groups, and ACM certificate
* **Deploy HelpDesk** — install all components via Helm chart into a dedicated namespace
* **Configure networking** — set up the ALB ingress, SSL termination, and DNS records for your portal domain
* **Set up your environment** — configure the first providers, skills, and workspaces so your team can get started right away
* **Verify and hand off** — confirm all services are healthy and provide the application URL

Total time is typically **30–60 minutes**.

***

## Connecting AWS to DuploCloud (Post-Installation)

Once the portal is live, you can connect AWS accounts to it so the AI agent can query and manage your infrastructure. See the [AWS Provider guide](/docs/getting-started/integrating-providers/amazon-web-services-aws.md) for full setup instructions, including using the CloudFormation template to create the required IAM roles.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.duplocloud.com/docs/getting-started/installation/aws-installation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.