LogoLogo
HomePlatformAsk DuploCloudPricing
  • Overview
  • Product Updates
  • Workshops
    • DuploCloud 101 for AWS
      • Create Your Infrastructure and Application
        • 1. Log in to the DuploCloud Portal
        • 2. Create a DuploCloud Infrastructure
        • 3. Create a DuploCloud Tenant
        • 4. Create an EKS Worker Node
        • 5. Deploy an Application
        • 6. Create a Load Balancer
        • 7. Deploy an S3 Bucket
        • 8. Deploy a Database
        • 9. Create an Alarm
      • Daily Operations using DuploCloud
        • 1. Host, Container, and Kubectl Shell
        • 2. Logging
        • 3. Metrics
        • 4. Billing and Cost Management
        • 5. Audit Logs
        • 6 - Tenant and Admin Just-In-Time (JIT) AWS Access
        • 7. CI/CD
        • 8. Security Hub and Dashboard
        • 9. Terraform Mode of Operations
      • Post-workshop Reference Guide
        • Post-Workshop Testing and Documentation Links
        • Connect With Us
        • DuploCloud Whitepapers
        • DuploCloud Terraform Provider
        • DuploCloud AWS Demo Video
  • Getting Started with DuploCloud
    • What DuploCloud Does
    • DuploCloud Onboarding
    • Application Focused Interface: DuploCloud Architecture
      • DuploCloud Tenancy Models
      • DuploCloud Common Components
        • Infrastructure
        • Plan
        • Tenant
        • Hosts
        • Services
        • Diagnostics
      • Management Portal Scope
    • GRC Tools and DuploCloud
    • Public Cloud Tutorials
    • Getting Help with DuploCloud
  • Container Orchestrators
    • Terminologies in Container Orchestration
  • DuploCloud Prerequisites
    • DNS Configuration
  • AWS User Guide
    • Prerequisites
      • Route 53 Hosted Zone
      • ACM Certificate
      • Shell Access for Containers
      • VPN Setup
      • Connect to the VPN
    • AWS Quick Start
      • Step 1: Create Infrastructure and Plan
      • Step 2: Create a Tenant
      • Step 3: Create an RDS Database (Optional)
      • Creating an EKS Service
        • Step 4: Create a Host
        • Step 5: Create a Service
        • Step 6: Create a Load Balancer
        • Step 7: Enable Additional Load Balancer Options (Optional)
        • Step 8: Create a Custom DNS Name (Optional)
        • Step 9: Test the Application
      • Creating an ECS Service
        • Step 4: Create a Task Definition for an Application
        • Step 5: Create the ECS Service and Load Balancer
        • Step 6: Test the Application
      • Creating a Native Docker Service
        • Step 4: Create an EC2 Host
        • Step 5: Create a Service
        • Step 6: Create a Load Balancer
        • Step 7: Test the Application
    • AWS Use Cases
      • Creating an Infrastructure and Plan for AWS
        • EKS Setup
          • Enable EKS endpoints
          • Enable EKS logs
          • Enable Cluster Autoscaler
        • ECS Setup
          • Enable ECS logging
        • Add VPC endpoints
        • Security Group rules
        • Upgrading the EKS version
      • Creating a Tenant (Environment)
        • Setting Tenant session duration
        • Setting Tenant expiration
        • Tenant Config settings
      • Hosts (VMs)
        • Adding Hosts
        • Connect EC2 instance
        • Adding Shared Hosts
        • Adding Dedicated Hosts
        • Autoscaling Hosts
          • Autoscaling Groups (ASG)
            • Launch Templates
            • Instance Refresh for ASG
            • Scale to or from Zero
            • Spot Instances for AWS
          • ECS Autoscaling
          • Autoscaling in Kubernetes
        • Configure Auto-reboot
        • Create Amazon Machine Image (AMI)
        • Hibernate an EC2 Host
        • Snapshots
        • Taints for EKS Nodes
        • Disable Source Destination Check
      • Auditing
      • Logs
        • Enable Default-Tenant logging
        • Enable Non-Default Tenant logging
        • Configure Logging per Tenant
        • Display logs
        • Create custom logs
      • Diagnostics and Metrics
        • Metrics Setup
        • Metrics Dashboard
        • Kubernetes Administrator dashboard
      • Faults and Alerts
        • Alert notifications
        • Automatic alert creation
        • Automatic fault healing
        • SNS Topic Alerts
        • System Settings Flags
      • AWS Console link
      • Just-in-Time (JIT) Access
      • Billing and Cost management
        • Enable billing data
        • View billing data
        • Apply cost allocation tags
        • DuploCloud License Usage
        • Configure Billing Alerts
      • Resource Quotas
      • Big Data and ETL
      • Custom Resource tags
    • AWS Services
      • Containers and Services
        • EKS Containers and Services
          • Allocation Tagging
        • ECS Containers, Task Definitions and Services
        • Passing Configs and Secrets
        • Container Rollback
        • Docker Registry credentials
      • Load Balancers
        • Target Groups
        • EKS Load Balancers
        • ECS Services and Load Balancers
        • Native Docker Load Balancers
      • Storage
        • Storage Class and PVCs
        • GP3 Storage Class
      • API Gateway
      • Batch
      • CloudFront
      • Databases
        • AWS ElastiCache
        • AWS DynamoDB database
        • AWS Timestream database
        • RDS database
          • IAM authentication
          • Backup and restore
          • Sharing encrypted database
          • Manage RDS Snapshots
          • Add and manage RDS read replicas
            • Add Aurora RDS replicas
          • Add monitoring interval
          • Enable or disable RDS logging
          • Restrict RDS instance size
          • Add parameters in Parameter Groups
          • Manage Performance Insights
      • Data Pipeline
      • Elastic Container Registry (ECR)
        • Sharing ECR Repos
      • Elastic File System (EFS)
        • Mount an EFS in an EC2 instance
      • EMR Serverless
      • EventBridge
      • IoT (Internet of Things)
      • Kafka Cluster
      • Kinesis Stream
      • Lambda Functions
        • Configure Lambda with Container Images
        • Lambda Layers
      • Managed Airflow
      • NAT Gateway for HA
      • OpenSearch
      • Probes and Health Check
      • S3 Bucket
      • SNS Topic
      • SQS Queue
      • Virtual Private Cloud (VPC) Peering
      • Web App Firewall (WAF)
    • AWS FAQ
    • AWS Systems Settings
      • AWS Infrastructure Settings
      • AWS Tenant Settings
    • AWS Security Configuration Settings
      • Tenant Security settings
      • Infrastructure Security settings
      • System Security settings
      • AWS Account Security settings
      • Vanta Compliance Controls
  • GCP User Guide
    • Container deployments
      • Container orchestration features
      • Key DuploCloud concepts
    • Prerequisites
      • Docker Registry
      • Service Account Setup
      • Cloud DNS Zone
      • Certificates for Load Balancer and Ingress
      • Initial Infrastructure Setup
      • Tools Tenant
        • Enable Kubectl Shell
      • Docker
        • Docker Registry Credentials (Optional)
        • Shell Access for Docker (Optional)
      • VPN
        • VPN Setup
        • Connect to the VPN
      • Managed SSL Certificates with Certificate Manager (Optional)
    • GCP Quick Start
      • Step 1: Create Infrastructure and Plan
      • Step 2: Create a Tenant
      • Create a Service with GKE Autopilot
        • Step 3: Create a Service
        • Step 4: Create a Load Balancer
        • Step 5: Test the Application
      • Create a Service with GKE Standard
        • Step 3: Create a Node Pool
        • Step 4: Create a Service
        • Step 5: Create a Load Balancer
        • Step 6: Test the Application
    • GCP Use Cases
      • Creating an Infrastructure and Plan for GCP
        • Creating a GKE Autopilot Cluster
        • Creating GKE Standard Cluster
        • Kubectl token and config
        • Upgrading the GKE version
      • Creating a Tenant (Environment)
        • Tenant expiry
        • Tenant Config settings
      • Hosts (VMs)
      • Cost management for billing
        • Export Billing to BigQuery
        • Manage cross project billing in GCP
    • GCP Services
      • Containers and Services
      • GKE Containers and Services
        • Allocation Tagging
        • Docker Registry credentials
        • Container Rollback
        • Passing Config and Secrets
      • GCP Databases
        • Cloud SQL
        • Firestore Database
        • Managed Redis
      • Load Balancers
      • Cloud Armour
      • Cloud Credentials
      • Cloud Functions
      • Cloud Run Service
      • Cloud Scheduler
      • Cloud Storage
      • Node Pools
      • Pub/Sub
      • Virtual Private Cloud (VPC) Peering
      • GCP Security Command Center
    • GCP FAQs
    • GCP Systems Settings
      • GCP Infrastructure Settings
      • GCP Tenant Settings
    • GCP Security Settings
      • Infrastructure Security settings
      • GCP Account Security settings
  • Azure User Guide
    • Container deployments
      • Container orchestration features
      • Key DuploCloud concepts
    • Prerequisites
      • Program DNS Entries
      • Import SSL certificates
      • Provision the VPN
      • Connect to the VPN
      • Managed Identity Setup
    • Azure Quick Start
      • Step 1: Create Infrastructure and Plan
      • Step 2: Create a Tenant
      • Step 3: Create Agent Pools
      • Step 4: Create a Service
      • Step 5: Create a Load Balancer
      • Step 6: Test the Application
    • Azure Use Cases
      • Creating an Infrastructure and Plan for Azure
        • AKS initial setup
        • Kubectl token and config
        • Encrypted storage account
        • Upgrading the AKS version
      • Creating a Tenant (Environment)
        • Tenant expiry
        • Tenant Config settings
      • Hosts (VMs)
        • Autoscaling for Hosts
          • Autoscaling Azure Agent Pools
        • Shared Hosts
        • Availability Sets
        • Snapshots
      • Logs
      • Metrics
      • Faults and alerts
        • Alert notifications
      • Azure Portal link
      • Billing and Cost management
        • Enable billing data
        • Viewing billing data
    • Azure Services
      • Containers and Services
        • AKS Containers and Services
          • Allocation Tagging
        • Docker Registry Credentials
        • Container Rollback
        • Passing Configs and Secrets
      • Agent Pools
        • Spot Instances for AKS Agent Pools
      • Azure Container Registry (ACR)
      • Databases
        • MSSQL Server database
        • PostgreSQL database
        • PostgreSQL Flexible Server
        • MySQL Server database
          • Azure Managed SQL Instances
        • MySQL Flexible Server
        • Redis database
      • Docker Web Application
      • Databricks
      • Data Factory
      • Infra Secrets
      • Key Vault
      • Load Balancers
      • Public IP Address Prefix
      • Serverless
        • App Service Plans and Web Apps
        • Function Apps
      • Service Bus
      • Storage Account
      • Subscription
      • VM Scale Sets
    • Azure FAQ
    • Azure Systems Settings
      • Azure Infrastructure Settings
      • Azure Tenant Settings
    • Azure Security Settings
      • Tenant Security Settings
  • Kubernetes User Guide
    • Kubernetes Quick Start
    • Kubectl
      • Local Kubectl Setup
        • Kubectl Shell
      • Kubectl Shell
        • Enable Kubectl Shell for GKE
        • Enable Kubectl Shell for AKS
      • Kubectl Tokens and Access Management
      • Read-only Access in Kubernetes
      • Mirantis Lens
    • Configs and Secrets
      • Setting Kubernetes Secrets
      • Creating a Kubernetes ConfigMap
      • Setting Environment Variables (EVs) from a ConfigMap or Secret
      • Mounting ConfigMaps and Secrets as files
      • Using Kubernetes Secrets with Azure Storage connection data
      • Creating the SecretProviderClass Custom Resource to mount secrets
      • Managing Secrets and ConfigMaps access for readonly users (AWS and GCP)
    • Jobs
    • CronJobs
    • DaemonSet
    • Helm Charts
    • Ingress Loadbalancer
      • EKS Ingress
      • GKE Ingress
      • AKS Shared Application Gateway
        • Using an Azure Application Gateway SSL policy with Ingress
    • InitContainers and Sidecar Containers
    • HPA
    • Pod Toleration
    • Kubernetes Lifecycle Hooks
    • Kubernetes StorageClass and PVC
      • Native Azure Storage Classes
    • Import an External Kubernetes Cluster
    • Managed Service Accounts (RBAC)
    • Create a Diagnostics Application Service
  • Security and Compliance
    • Control Groups
    • Isolation and Firewall
      • Cloud Account
      • Network Segmentation
      • IAM
      • Security Groups
      • VPN
      • WAF
    • Access Management
      • Authentication Methods
      • Cloud Console, API and CLI
      • VM SSH
      • Container Shell
      • Kubernetes Access
      • Permission Sets
    • Encryption
      • At Rest Encryption
      • In Transit encryption
    • Tags and Label
    • Security Monitoring
      • Agent Management
      • SIEM
      • Vulnerabilities
      • Hardening Standards (CIS)
      • File Integrity Monitoring
      • Access Monitoring
      • HIDS
      • NIDS
      • Inventory Monitoring
        • Inventory Reports
      • Antivirus
      • VAPT (Pen Test)
      • AWS Security HUB
      • Alerting and Event Management
    • Compliance Frameworks
    • Security and Compliance Workflow
  • Terraform User Guide
    • DuploCloud Terraform Provider
    • DuploCloud Terraform Exporter
      • Install Terraform Exporter
      • Generate Terraform
      • Using Generated Code
      • Troubleshooting Guide
    • Terraform FAQ
  • Automation and Tools
    • DuploCtl CLI
    • Supported 3rd Party Tools
    • Automation Stacks
      • Clone from a Tenant
      • Create a deploy template
      • Deploy from a template
      • Customize deploy templates
  • CI/CD Overview
    • Service Accounts
    • GitHub Actions
      • Configure GitHub
      • Build a Docker image
      • Update a Kubernetes Service
      • Update an ECS Service
      • Update a Lambda function
      • Update CloudFront
      • Upload to S3 bucket
      • Execute Terraform
    • CircleCI
      • Configure CircleCI
      • Build and Push Docker Image
      • Update Service
    • GitLab CI/CD
      • Configure Gitlab
      • Build a Docker image
      • Update a service
    • Bitbucket Pipelines
      • Configure Bitbucket
      • Build a Docker image
      • Update the Service with Deploy Pipe
    • Azure Pipelines
      • Configure Azure DevOps
      • Build a Docker image from Azure DevOps
      • Update a Service
      • Troubleshooting
    • Katkit
      • Environments
      • Link repository
      • Phases
      • Katkit config
      • Advanced functions
    • ArgoCD
  • User Administration
    • User Logins
    • User access to DuploCloud
    • User Email Notifications
    • API tokens
    • Session Timeout
    • Tenant Access for Users
      • Add Tenant access over a VPN
      • Read-only access to a Tenant
      • Cross-tenant Access
      • Deleting a Tenant
    • VPN access for users
    • Database access for users
    • SSO Configuration
      • Azure SSO Configuration
      • Okta Identity Management
    • Login Banner/Button Customization
  • AI Suite
    • AI HelpDesk
      • Ticket
      • Out of the Box Agents
    • AI Studio
      • Agent
      • Tools
      • VectorDB
      • Developers
    • FAQ
  • Observability
    • Standard Observability Suite
      • Setup
        • Logging Setup
          • Custom Kibana Logging URL
        • Metrics Setup
        • Auditing
          • Custom Kibana Audit URL
      • Logs
      • Metrics
    • Advanced Observability Suite
      • Architecture
      • Dashboards
        • Administrator Dashboard
        • Tenant Dashboard
        • Customizing Dashboards
      • Logging with Loki
      • Metrics with Mimir
      • Tracing with Tempo
      • Profiles with Pyroscope
      • Alerts with Alert Manager
      • Service Level Objectives (SLOs)
      • OTEL Stack Resource Requirements
      • Application Instrumentation
      • Custom Metrics
      • Terraform
    • Faults and Alerts
      • Alert notifications
      • Automatic alert creation
    • Auditing
    • Web App Firewall (WAF)
  • Runbooks
    • Configuring Egress and Ingress for AKS Ingress Controllers in Private Networks
    • Configuring Retool to SSH into a DuploCloud Host with a Static IP Address for Secure Remote Database
  • FAQs
  • Extras
    • FluxCD
    • Deploying Helm Charts
    • Setting up SCPs (Service Control Policies) for DuploCloud
    • BYOH
    • Delegate Subdomains
    • Video Transcripts
      • DuploCloud AWS Product Demo
      • DuploCloud Azure Product Demo
      • DuploCloud GCP Product Demo
      • DevOps Deep Dive - Abstracting Cloud Complexity
      • DuploCloud Uses Infrastructure-as-Code to Stitch Together DevOps Lifecycle
Powered by GitBook
LogoLogo

Platform

  • Overview
  • Demo Videos
  • Pricing Guide
  • Documentaiton

Solutions

  • DevOps Automation
  • Compliance
  • Platform Engineering
  • Edge Deployments

Resources

  • Blog & News
  • Customer Stories
  • Webinars
  • Privacy Policy

Company

  • Careers
  • Press
  • Events
  • Contact

© DuploCloud, Inc. All rights reserved. DuploCloud trademarks used herein are registered trademarks of DuploCloud and affiliates

On this page
  • General FAQs
  • AWS Copilot seems to be a Low-Code, developer-friendly monitoring tool that uses existing AWS tools. Can it be used with/instead of DuploCloud?
  • What keys should I use in my application to connect to the AWS resources I have created in DuploCloud (S3, Dynamo, SQS)?
  • Does Duplo use an AWS instance profile or access keys to access AWS accounts?
  • If I have an S3 bucket in one Tenant, how would I give a DuploCloud Service in another Tenant access to it?
  • How do I allow DuploCloud Services to access an S3 bucket in a non-DuploCloud AWS account?
  • How is AWS Control Tower managed in DuploCloud?
  • Security and Compliance FAQs
  • Will using DuploCloud be more secure and compliant out-of-the-box, as opposed to using a default AWS configuration?
  • We are considering enabling Amazon GuardDuty for our account. How much does it cost per month?
  • If we enable Amazon GuardDuty, will we lose vulnerability and security standards insights from DuploCloud?
  • CI/CD FAQs
  • Do I need an AWS access key for my application when using AWS?
  • Kubernetes FAQs
  • How do I look at detailed Load Balancer settings for my Kubernetes (K8s) Service?
  • Terraform FAQs
  • Why use Terraform when CloudFormation is AWS native?
  • Performance FAQs
  • Is the Duplocloud instance a single point of failure, and if so, to what extent? Who manages this instance?
  • Is scaling handled like in ECS, where you set thresholds and min/max instances to spin up/down?
  • AWS Secrets Manager FAQs
  • How can I change environment variables to use AWS Secrets Manager instead of hardcoded AWS secrets in DuploCloud?
  • Where can I find documentation for using AWS Secrets Manager in DuploCloud?
  • Is there documentation available for using Tenant-specific AWS Secrets Manager in DuploCloud?
  • Do we have to use Kubernetes to use AWS Secrets Manager with DuploCloud?
  • We are currently using Native Docker. Can we can use AWS Secrets Manager?
  • Can permissions granted in DuploCloud be used to access AWS Secrets Manager, or do I need to grant access in AWS?
  • Relational Database Service (RDS) FAQS
  • Is attaching an RDS instance to each application for spin-up/down purposes expensive? Some of our RDS instances are small.
  • Can an RDS be left intact if I only want to destroy the application and not the database?
  • Can I upgrade the RDS versions?
  • Our current RDS logs are sent to CloudWatch. Does DuploCloud support this?
  • EKS Version Upgrade FAQs
  • What is the process for EKS upgrades, and how does DuploCloud support them?
  • How do EKS and DuploCloud version upgrades align?
  • How will we be notified when we are ready for an EKS upgrade?
  • What is the upgrade plan scope?

Was this helpful?

Edit on GitHub
Export as PDF
  1. AWS User Guide

AWS FAQ

Popular and frequently asked questions about DuploCloud and AWS

PreviousWeb App Firewall (WAF)NextAWS Systems Settings

Last updated 9 months ago

Was this helpful?

General FAQs

AWS Copilot seems to be a Low-Code, developer-friendly monitoring tool that uses existing AWS tools. Can it be used with/instead of DuploCloud?

AWS Copilot is used only for ECS cluster management, which is a small subset of overall cloud operations. The chart below shows that DuploCloud includes container management and multiple other functions. You can still use Copilot with DuploCloud for ECS management. Other clients have used tools like Harness or Helm with DuploCloud for Kubernetes management.

What keys should I use in my application to connect to the AWS resources I have created in DuploCloud (S3, Dynamo, SQS)?

Use the AWS constructor that takes only the region (e.g., us-west-2) as the argument. DuploCloud setup links your instance profile and resources. The DuploCloud Host already has access to the resources within the Tenant. DuploCloud AWS resources are reachable only from DuploCloud Hosts on the same account.

IMPORTANT: You cannot connect to DuploCloud AWS resources from your local machine.

Does Duplo use an AWS instance profile or access keys to access AWS accounts?

Duplo uses an IAM role, specifically an instance profile, to access AWS accounts. This methodology does not involve access keys.

If I have an S3 bucket in one Tenant, how would I give a DuploCloud Service in another Tenant access to it?

How do I allow DuploCloud Services to access an S3 bucket in a non-DuploCloud AWS account?

To give DuploCloud Services (i.e., Cronjobs) access to an S3 bucket created in a non-DuploCloud AWS account, add the following permissions to your AWS accounts.

{
    "Sid": "AllowCrossAccount",
    "Effect": "Allow",
    "Principal": {
        "AWS": "arn:aws:iam::123456789012:duploservices-dev01"
    },
    "Action": "s3:GetObject",
    "Resource": [
        "arn:aws:s3:::my-source-bucket/*",
        "arn:aws:s3:::my-souce-bucket"
    ]
}
{
    "Sid": "CustomAllowS3",
    "Effect": "Allow",
    "Action": "s3:GetObject",
    "Resource": [
        "arn:aws:s3:::my-souce-bucket/*",
        "arn:aws:s3:::my-souce-bucket"
    ]
}

After you add these permissions, s3GetObject permission is configured in the source and destination accounts respectively, enabling cross-account data sharing for the objects in the S3 bucket.

Depending on the use case, you may need to add additional permissions. For example, in addition to the s3:GetObject permission shown in the snippets above, you may need to add s3:ListBuckets or s3:PutObject. Be sure to add permissions to both policies, respectively, as shown in the example.

How is AWS Control Tower managed in DuploCloud?

In DuploCloud, AWS Control Tower is not directly managed. DuploCloud installs in an EC2 instance within your AWS account and provides a web interface, API, and Terraform provider to manage your AWS infrastructure. It handles the lower-level nuances of AWS configuration, such as access control, security, and compliance, through its automation and best practices.

DuploCloud's concept of "Tenants" is a logical construct above AWS that represents an application's entire lifecycle, including dev, stage, and production environments. It automatically configures the necessary AWS services, IAM policies, and other resources within each Tenant, without the need for complex AWS Control Tower setup and management.

Additionally, DuploCloud provides Just-In-Time (JIT) access to the AWS console and CLI, with least-privileged IAM permissions and short-lived access, making it more secure and easier to manage than traditional AWS access methods.

Security and Compliance FAQs

Will using DuploCloud be more secure and compliant out-of-the-box, as opposed to using a default AWS configuration?

Yes. This is a major advantage of using DuploCloud. All controls are mapped to various compliance standards. DuploCloud is also very flexible, enabling you to add custom policies (resource quotas, the ability to create public-facing endpoints, etc.).

We are considering enabling Amazon GuardDuty for our account. How much does it cost per month?

If we enable Amazon GuardDuty, will we lose vulnerability and security standards insights from DuploCloud?

No, enabling or disabling Amazon GuardDuty does not affect the vulnerabilities and security standards insights DuploCloud provides.

CI/CD FAQs

Do I need an AWS access key for my application when using AWS?

Kubernetes FAQs

How do I look at detailed Load Balancer settings for my Kubernetes (K8s) Service?

DuploCloud provisions a Load Balancer for your K8s service. If you want to look at detailed Load Balancer settings like idle timeout, access logs, and more, you can view them in AWS by following these steps:

Find the Load Balancer name for your service by navigating to Kubernetes -> Services, selecting your Service from the list, and clicking the Load Balancer tab. If you're using K8s Ingress, go to the K8s Ingress tab to find the Load Balancer configuration.

Terraform FAQs

Why use Terraform when CloudFormation is AWS native?

Many customers prefer Terraform to CloudFormation. There are many non-AWS cloud DevOps elements (e.g., native Kubernetes, MongoDB, Data Dog, Okta, etc.), and all support Terraform providers.

Performance FAQs

Is the Duplocloud instance a single point of failure, and if so, to what extent? Who manages this instance?

No. DuploCloud achieves High Availability (HA) using cluster management. You own your AWS account, so your data is always secure in AWS.

Our customers have never been blocked from performing urgent configuration updates because DuploCloud is unavailable. If DuploCloud is down, it is similar to your DevOps engineer being unavailable. In this case, someone else can take their place by directly configuring AWS.

Our customers consider this single-platform approach beneficial for centralizing operations and maximizing developer access. DuploCloud runs in a VM in your account. We manage this VM with your permission, and we can also give you simple steps to troubleshoot or install new updates. We are available 24x7 and work as your extended DevOps team.

Is scaling handled like in ECS, where you set thresholds and min/max instances to spin up/down?

Yes. DuploCloud manages scale in the same way. We expose these thresholds in a simple form that is much easier to configure, even for a user with no DevOps experience. Behind the scenes, DuploCloud maps to the same native AWS constructs.

AWS Secrets Manager FAQs

How can I change environment variables to use AWS Secrets Manager instead of hardcoded AWS secrets in DuploCloud?

You can create AWS secrets from within the DuploCloud Portal and the Tenant-scoped permissions will work. If you encounter any issues, please let us know.

Where can I find documentation for using AWS Secrets Manager in DuploCloud?

Is there documentation available for using Tenant-specific AWS Secrets Manager in DuploCloud?

Do we have to use Kubernetes to use AWS Secrets Manager with DuploCloud?

Yes, Kubernetes is necessary to integrate AWS Secrets Manager with DuploCloud using the SecretProviderClass.

We are currently using Native Docker. Can we can use AWS Secrets Manager?

Can permissions granted in DuploCloud be used to access AWS Secrets Manager, or do I need to grant access in AWS?

The existing permissions in DuploCloud are sufficient to access AWS Secrets Manager.

Relational Database Service (RDS) FAQS

Is attaching an RDS instance to each application for spin-up/down purposes expensive? Some of our RDS instances are small.

Small instances are generally no problem. DuploCloud can manage dynamic database spin-up/down with a single RDS database. Sharing AWS services in dynamic environments also helps reduce costs.

Can an RDS be left intact if I only want to destroy the application and not the database?

Yes.

Can I upgrade the RDS versions?

Our current RDS logs are sent to CloudWatch. Does DuploCloud support this?

Yes.

EKS Version Upgrade FAQs

What is the process for EKS upgrades, and how does DuploCloud support them?

DuploCloud creates and tests changes to the DuploCloud platform to support the new EKS version. Once testing is complete, updates are rolled out on the DuploCloud customer platform. Then, users can update the EKS version.

How do EKS and DuploCloud version upgrades align?

There may be a delay between the release of a new EKS version and a DuploCloud version that supports it. This is due to the time needed to develop and test changes to the DuploCloud Platform. DuploCloud ensures customers are always on a supported/non-deprecated version of EKS.

How will we be notified when we are ready for an EKS upgrade?

DuploCloud notifies users when an EKS upgrade is planned.

What is the upgrade plan scope?

The upgrade plan scope includes everything (by DuploCloud or Helm) deployed on the cluster.

If your application runs in a DuploCloud , you do not need a long-term credential like an AWS access key. After your application runs in the Tenant, test your connection using the AWS CLI to verify access.

See the DuploCloud documentation on .

To estimate Amazon GuardDuty pricing, you can use the .

CI/CD is the topmost layer of the DevOps stack. DuploCloud should be viewed as a deployment and monitoring solution invoked by your CI/CD pipelines, written with tools such as CircleCI, Jenkins, GitHub Actions, etc. You build images and push them to container registries without involving DuploCloud, but you invoke DuploCloud to update the container image. An example of this is in the section. DuploCloud also offers its own CI/CD tool (KatKit).

If your application runs in a DuploCloud , you do not need a long-term credential, such as an AWS access key. After your application runs in the Tenant, test your connection using the AWS CLI to verify access.

Once you have the Load Balancer name, you can access the AWS Console via the . In the AWS Console, navigate to the EC2 service view and select Load Balancers from the left navigation menu. Find your Load Balancer name and scroll down to view detailed attributes.

The documentation for using AWS Secrets Manager in DuploCloud can be found ; however, this documentation does not provide instructions on how to use Tenant-specific AWS Secrets Manager.

Yes. provides more details about using the SecretProviderClass and mounting AWS Secrets Manager secrets in DuploCloud.

For Native Docker, we recommend loading the secrets as part of your entry point script using the AWS CLI. For more information, refer to the .

Another option is to use the AWS Software Development Kit (SDK) and the .

Yes. See and your cloud provider for compatibility requirements. While versions 5.7.40, 5.7.41, and 5.7.42 cannot be upgraded to version 8.0.28, you can upgrade these versions to version 8.0.32 and higher.

Tenant
Cross-Tenant Access
AWS pricing calculator
CI/CD
Tenant
DuploCloud U
I
here
This documentation
AWS documentation
associated documentation
AWS Console
DuploCloud features