DuploCloud is a cloud infrastructure automation platform that enables developer self-service with built-in security and compliance for organizations hosting public cloud infrastructure.

You provide high-level application specifications, including cloud services, application containers, packages and configurations, interconnectivity, requirements for multiple environments, and scoped compliance standards. DuploCloud uses these specifications to auto-generate required lower-level configurations, provisioning them securely and compliantly while maintaining ongoing operations.

In addition, DuploCloud facilitates logging, monitoring, alerting, and reporting. The following figure shows the platform's various functions.

The customer interfaces with DuploCloud via the browser UI, the DuploCloud Terraform provider, and API calls while the data and configuration stay within the customer's cloud account. All configurations created and applied by DuploCloud can be reviewed and edited in the customer's cloud account.

Demo

Check out a 5-minute video overview of a DuploCloud deployment.

Workshops allow you to gain hands-on experience with DuploCloud in an interactive environment with instructor-led training. You'll learn about:

• The DuploCloud engagement and onboarding process

• How DuploCloud deploys a cloud infrastructure

• How an application is deployed in DuploCloud

• DuploCloud's simplified approach to DevOps, security, and compliance

• Logging and monitoring features in DuploCloud, including the Advanced Observability Suite (AOS)

Summary

To better support our customers and their approach to infrastructure, automation, security, and compliance, this workshop enables AWS teams to familiarize themselves with DuploCloud

In this workshop, we:

• Review what DuploCloud is and how we engage with customers.

• Deploy infrastructure.

• Deploy an application.

• Review how DuploCloud simplifies DevOps, security, and compliance.

• Introduce DuploCloud’s logging and monitoring features.

Customer setup

In preparation for the workshop, the DuploCloud team will do the following for you:

• Install DuploCloud in an AWS account.

• Grant Administrator access to the DuploCloud Portal.

• Define users and associated role-based access to the DuploCloud Portal.

Optional pre-event reading list

Using the user ID and URL provided by the workshop instructor, log in to the DuploCloud Portal using SSO with Microsoft or Google.

Follow the steps in this section to create a cloud Infrastructure and deploy and expose your application to the web using the DuploCloud Portal.

In the DuploCloud Portal, navigate to Administrator -> Infrastructure. Click Add, and enter the following details:

• Name: non-prod

• Region: us-west-2

• VPC CIDR: 10.221.0.0/16

• Subnet CIDR Mask: 24

• Availability Zones: 2

• Select the Enable EKS option

Click Create.

This takes about twenty (20) minutes. Once it’s ready, check that a DuploCloud Plan (Administrator -> Plans) has been created with the same name (non-prod).

2025 New User Interface

We’re excited to inform you that we’re rolling out a new user interface (UI) for the DuploCloud Portal! Since this update is being deployed gradually, you may notice differences between the UI in the documentation and what you see in your portal. Some key changes include:

• User Profile Access:

  • Old UI: The User tab was listed in the left-hand navigation bar.

  • New UI: User options are now accessible through your user profile. Click on the person icon at the top-right corner of the portal, and select Profile to access user options.

• Left Navigation Bar:

  • Old UI: You could click on navigation tabs to reveal sub-options.

  • New UI: The left navigation bar has been updated to a dark blue color, and now you can hover over a tab to display its sub-options, offering a more streamlined and intuitive navigation experience.

• Search Bar:

  • Old UI: The search bar was a visible input field.

  • New UI: The search is now represented by a magnifying glass icon at top of the portal next to the Tenant list box. Hover over it to type your query.

• New Help and Faults Icons:

  • New UI: Two new icons are located at the top-right, next to your user profile icon (person icon).

    • Help Icon: Click on this icon to access help options.

    • Faults Icon: Click on this icon to view and manage faults related to your services.

Q1 2025

• AWS
• Azure
• GCP

  • Support for GCP Virtual Private Cloud (VPC) Peering.
• Kubernetes
• General

  • DuploCloud UI redesign: updates to navigation, breadcrumbs, menus, and general appearance.

Q4 2024

• General

Q3 2024

• Azure
• GCP
• Kubernetes

Q2 2024

• AWS
• Azure
• GCP
• Kubernetes
• General

Q1 2024

• AWS
• GCP
• CI/CD
• Kubernetes
• General

Q4 2023

• AWS
• Azure
• Kubernetes
• General updates

  • The DuploCloud UI contains numerous design, navigation, and usability improvements, including new menus for managing an RDS, Containers, and Hosts. These improvements are cross-platform and apply to AWS, Azure, and GCP.

  • Quickly search the DuploCloud Portal for any navigation menus or tab labels, such as Kubernetes Secrets and Spend by Month, using the Search box at the top center of the DuploCloud Portal.

  • DuploCloud no longer supports launch configurations. Instead, launch templates are created. If you use launch configurations, DuploCloud automatically converts them to launch templates with no interruption in uptime.

August 2023 and September 2023

• AWS

June 2023 and July 2023

• AWS
• GCP
• General updates

May 2023

• AWS

  • The CloudFront feature and associated UI tab have been relocated in the DuploCloud Portal from the Cloud Services -> App Integration menu item to the Cloud Services -> Networking menu item.

• Azure
• GCP

April 2023

• AWS
• Azure
• General Updates

March 2023

• AWS
• GCP

  • Updated documentation for supported databases.

• CI/CD
• Terraform

February 2023

• AWS

  • Enable Elastic Kubernetes Service (EKS) for your existing infrastructure. EKS versions 1.22 and 1.23 are supported.
• General updates

December 2022 and January 2023

• AWS
• Azure
• GCP
• Kubernetes (K8s)

November 2022

October 2022

September 2022

August 2022

July 2022

To create a Tenant, navigate to Administrator -> Tenants, and click Add. The Create a Tenant pane displays. Add the following details:

• Name: dev[YOUR_INITIALS]01 (For example, devab01)

• Plan: non-prod (Specifying the Plan associates the new Tenant with the Infrastructure you created earlier)

Click Create.

This takes around two (2) minutes. You may see a generated fault in Administrator -> Faults or the exclamation (!) icon displayed in the top right during provisioning.

Once it’s ready, select your new Tenant using the Tenant list box at the top of the screen.

Navigate to Cloud Services -> Storage -> S3, and click Add. The Create an S3 Bucket pane displays.

Enter a Name for your S3 Bucket, and click Create.

To open the AWS S3 console using Just-In-Time (JIT) credentials, allowing you to work with the bucket in AWS, select the S3 Bucket to open the Details page. From this page, click the Console button.

Navigate to Kubernetes -> Services, and click Add. The Add Service page displays. Enter the following details:

• Name: nginx

• Docker image: nginx:latest (this is a sample public image)

Click Next, and then click Create.

Navigate to Kubernetes -> Services and select the nginx Service from the list.

Click Load Balancers -> Configure Load Balancer. The Add Load Balancer Listener pane displays. Complete the following fields:

• Type: Application LB

• Container port: 80

• External port: 443

• Visibility: Public

• Application mode: Docker Mode

• Health check: /

• Backend protocol: HTTP

• Certificates: WILDCARD.test04-apps.duplocloud.net

Click Add. When the Load Balancer is complete, the Service displays a status of Running and the Load Balancer displays a status of Ready.

Enable HTTP to HTTPs Redirect

Navigate to Kubernetes -> Services and select the nginx Service.

Click the Load Balancers tab. On the Other Settings card, click Edit. Enable the HTTP to HTTPS redirect option.

You can find the created DNS Name displayed on this page, CNAME'd to your Load Balancer name. Copy the URL in the DNS Name card and paste into your browser. You should see the NGINX welcome page "Welcome to nginx!" or similar. It may take a few minutes for the application to start.

To create an EKS Worker Node, navigate to Cloud Services -> Hosts, and click Add. The Add Host page displays. Enter the following details:

Friendly Name: host01

Click Add. It may take a few minutes for the Worker Node to be complete. Wait until the Status displays Running and Fleet displays Connected.

Navigate to Cloud Services -> Database -> RDS, and click Add. The Create a RDS page displays. Complete the fields with the following details:

• Name: [add -demo to the name DuploCloud pre-populates]

• RDS Engine Version: MySQL 8.0.39

• RDS instance size: db.t3.small

• User name: demo

• User password: W5i6Uv6LQtyApVyJDrAq

Click Create.

The steps in this section provide an overview of DuploCloud features and tools to ensure the stability, performance, and scalability of your cloud infrastructure.

Browse the pages in this section for more information about DuploCloud's comprehensive DevSecOps suite of tools and services.

Creating the Alert

Navigate to Observability -> Alerts, and click Add. The Create Alert pane displays. Complete the fields with the following values:

• Resource Type: EC2

Click Next to proceed with defining metrics data.

Defining Metrics Data

After clicking Next, continue defining the metrics data:

• Metric Name: CPUUtilization

• Statistic: Average

• Operator: >=

• Threshold: 75

• Period: 5 Minutes

• Severity: Critical

Click Create.

Set the Alarm with a Third-Party Integration

Navigate to Observability -> Faults -> Update Notifications Config. The Set Alert Notifications Config pane displays.

If instructed, enter additional data and click Update to set the alarm.

Navigate to Kubernetes -> Services, and select the nginx Service.

Additionally, you can access a kubectl shell scoped to this Tenant's Kubernetes Namespace by clicking the Kubectl button.

Enable Metric Collection for Tenants

Navigate to Administrator -> Observability -> Basic -> Settings, and select the Monitoring tab.

Select the Tenant for which you want to enable metrics, and click Update.

Viewing Metrics

Navigate to Observability -> Basic -> Metrics.

Navigate to Administrator -> Billing to view billing across your AWS account.

Navigate to Cloud Services -> Billing to view the cost per Tenant.

View Container Logs

Navigate to Kubernetes -> Services, and select the nginx Service.

Enable Log Collection for Tenant

Navigate to Administrator -> Observability -> Standard -> Settings, and select the Logging tab. Select the Tenant for which you want to enable logging and click Update.

View Logging with OpenSearch

Navigate to Observability -> Standard -> Logging.

Logs are segregated by Tenant and then by Service.

JIT Access from the DuploCloud Portal

Navigate to User -> Profile to view options for obtaining JIT credentials with the JIT AWS Console button.

CLI

DuploCloud uses duplo-jit to access the CLI. You can use duplo-jit to retrieve Tenant-scoped temporary credentials.

Accessing the AWS CLI for Admin and Tenant Scopes

Accessing Kubectl

Administrators can obtain a cluster-wide kubeconfig file by navigating to Administrator -> Infrastructure.

Select the Infrastructure, and in the EKS tab, click the Download Kube Config button.

Navigate to Observability -> Audit. The Audit page displays.

Here is an example of the details of an audit event.

Your DuploCloud deployment will remain active for three (3 days) after the workshop to allow you to continue exploring the DuploCloud capabilities.

Click the tiles below to access the DuploCloud CI/CD documentation and the GitHub Actions repository.

SIEM

Navigate to Security -> SIEM.

Security Dashboard

Navigate to Security -> Standards.

Thanks for attending our AWS Workshop!

If you have questions or need assistance, feel free to contact us:

• Connect the DuploCloud support team via Slack, or Teams

• Email support@duplocloud.net

Phase 1. Kickoff and Delivery

During Kickoff and Delivery, your team learns about the DuploCloud onboarding flow and what to expect in each phase. Our team works closely with yours to review your project scope and objectives, technical specifications and information, and important dates and deadlines.

By the end of this phase, DuploCloud engineers will configure a DuploCloud Platform in your company's cloud account. We will ask your team for any feedback about the onboarding approach to improve the process in the future.

Your Team Provides:

• Project details, including objectives, technical specifications, and dates/deadlines.

• A list of project members and roles.

• A new cloud account with access for DuploCloud engineers.

• Read-only access to your existing accounts, documents, repositories, and artifacts.

DuploCloud Provides:

• Introduction to the onboarding process.

• A DuploCloud Platform in your new cloud account.

Phase 2. Assessment and Project Planning

In the Assessment and Project Planning phase, DuploCloud engineers create and review a high-level block diagram of your project architecture, verify your containerization needs, and confirm your service configurations, interdependencies, and data migration requirements. We also complete a compliance assessment to ensure your project meets all required compliance guidelines. Together, teams choose a working-session cadence that aligns with your project needs and timeline.

By the conclusion of this phase, we will provide you with a DuploCloud Portal your team can access and detailed information about the project plan.

Your Team Provides:

• Verification of your project's containerization needs, service configurations, interdependencies, and data migration requirements.

• Project plan questions or feedback.

• Input for the creation of a working session plan.

DuploCloud Provides:

• List of in-scope services and their statuses.

• Project plan for the initial workload deployment.

• Confirmation of Tenant structure.

• A DuploCloud Portal with access for your team.

• Recurring working session schedule.

Phase 3. Initial Workload Deployment

In this phase, DuploCloud engineers deploy your Dev environment, which includes all in-scope services and applications. During deployment working sessions, we provide your team with comprehensive DuploCloud Platform training. Teams discuss and complete any necessary application-level changes and move on to app containerization, secret management, and Kubernetes configuration (where required). Finally, we review the Dev deployment and your team's test plan.

Your Team Provides:

• Necessary application changes.

• Dev deployment testing and signoff.

DuploCloud Provides:

• A complete Dev environment deployment for testing.

• Training on the DuploCloud Platform during deployment work sessions.

• Terraform code that can be used as a template for new environments, if needed.

Phase 4. CI/CD & Release Management

The CI/CD & Release Management phase involves identifying Services and Tenants to implement pipelines, selecting and agreeing on a pipeline implementation logic, and building the pipelines. DuploCloud builds an operational CI/CD pipeline for each Service and trains your team to add and modify CI/CD pipelines in the future.

Your Team Provides:

• Input for CI/CD pipeline development.

• Participation in information/knowledge sharing, training, and demo.

DuploCloud Provides:

• An operational CI/CD pipeline for each of the project’s Services.

• Training so your team can add and modify pipelines.

Phase 5. Production Deployment

The fifth phase, Production Development, focuses on the Production environment. During this phase, the DuploCloud team works with your team to confirm your high-availability requirements and apply any needed adjustments. We also review and update infrastructure component scale parameters (e.g., CPU and memory utilization) and monitoring and alerting configurations. Lastly, we review data migration requirements and formulate a production cutover plan.

Shared Responsibilities

• Deploy the Production environment

• Test the Production environment

• Stabilize production applications

Phase 6. Onboarding Signoff

Onboarding Signoff ensures that your team is prepared for the following stages of support and operations, where you’ll receive ongoing maintenance assistance. We review your ongoing support needs, discuss your plans for the next 3 to 6 months, and establish the next steps with the Operations team to ensure a smooth handover and continuity of service. On top of that, the DuploCloud team delivers an updated architecture diagram, providing a clear and current overview of the system's structure. Lastly, we ask you for feedback about the onboarding experience, which is crucial for assessing the process and identifying areas for improvement.

Your Team Provides:

• Feedback about the onboarding experience.

DuploCloud Provides:

• An outline of your next steps with the Operations team.

• An updated architecture diagram.

Existing Approach

Technology organizations today typically have people with two distinct skill sets: Software Engineers and DevOps Engineers. Compliance functions may be managed by these engineers or by a separate team. In startups and smaller companies, engineers may wear all three hats.

Software Engineers design high-level application architectures that typically include multiple environments (Dev, Stage, QA, Production, etc.), CI/CD pipelines, and diagnostics like central logging, monitoring, and alerting. The business dictates specific compliance standards like PCI, HIPAA, SOC 2, etc. All this information is passed to the DevOps team, who translates it into cloud infrastructure configurations.

DevOps Engineers must manually convert requirements into hundreds or thousands of lower-level configurations, best practices, and compliance controls such as IAM Roles, Instance profiles, KMS Keys, PEM keys, vulnerability scanning systems, virus scanners, VPC, Security Groups, Intrusion detection, etc. This translation is usually done based on human knowledge and subject matter expertise and often requires thousands of lines of code using languages like Terraform, Python, and Bash.

A common misconception is that tools like Terraform fully automate DevOps workflows. Terraform is only a programming language. One needs substantial infrastructure know-how to build automation using Terraform. DevOps engineers often lack awareness of compliance nuances beyond best practices and must revisit and redo their work frequently to ensure compliance.

DevOps essentially requires one to be a programmer, an operator, and a compliance expert: three distinct skill sets that have never traditionally co-existed in the IT industry. This is the primary challenge in the DevOps space.

DuploCloud Approach

DuploCloud simplifies and automates cloud infrastructure management by enabling users to deploy and operate applications without knowledge of lower-level DevOps nuances. The platform requires only three high-level inputs:

1. Application architecture

2. Compliance standards (SOC 2, PCI, HIPAA, etc.)

3. Public cloud provider

With these inputs, DuploCloud generates all the lower-level configurations to adhere to DevOps best practices and required compliance standards.

Users interact with their applications through the No-Code DuploCloud UI or our Low-Code Terraform provider, operating directly on cloud constructs like S3 buckets, DynamoDB, Lambda functions, and more, without sacrificing flexibility or scalability. The DuploCloud Terraform provider enables users to achieve the same automation with a tenth of the code and significantly fewer DevOps skills than native Terraform.

DuploCloud uses APIs to handle tasks in the background (e.g., processing user requests, generating configurations synchronously, and calling the cloud provider). Other operations with asynchronous processing require a state machine with retries that continuously identifies and corrects configuration drift and continuously monitors faults and compliance controls.

DuploCloud eliminates the need for extensive manual coding and drastically reduces the need for specialized DevOps expertise. At the same time, the platform ensures efficient, scalable, and compliant cloud infrastructure deployment and management, making it a superior alternative to traditional methods.

DuploCloud is a comprehensive solution for DevOps and SecOps, bringing cloud infrastructure management to businesses, regardless of expertise level.

DuploCloud uses templates to create cloud infrastructures comprising hundreds of scaled, managed components. Microservices can be created in minutes, accelerating time to market. Advanced DevOps users can leverage Kubernetes and Terraform to create custom solutions.

For a flat rate per year, personalized onboarding, cloud migration, SecOps questionnaire completion, and auditing support are included.

If there is a way to do something in the cloud, it can be done faster and more efficiently with DuploCloud.

1. Turbo-Charging Infrastructure and Workspace Creation

This acceleration is critical to many of the business value propositions DuploCloud offers. It is why we can perform cloud migrations at such an advanced pace, minimizing downtime and simultaneously ensuring security and compliance (and peace of mind).

2. Built-In Scaling and Managed Services

Virtually all of the services DuploCloud supports are designed to auto-scale as your cloud environment grows exponentially. These Managed Services include automated "set and forget" configurations that dovetail neatly into developer self-service.

As with creating Infrastructures and Tenants, DuploCloud Services are designed for the most common use cases. They enable users to supply a minimum number of inputs to get their service up and running quickly. At the same time, DuploCloud retains the ability to customize, using native Kubernetes YAML coding and custom scripting if needed.

Turnkey access to scalable Kubernetes constructs and managed services ensures minimal implementation detail, making DuploCloud the DevSecOps platform for the rapidly expanding AI/ML cloud space. In this arena, the power of an automated platform becomes readily apparent, not only in setting up your cloud infrastructure but also in maintaining it.

DuploCloud’s ready-made templatized approach to K8s makes adjustments to Kubernetes parameters, such as Horizontal Pod Autoscalers (HPA) for CPU and RAM requirements, easy to access and adjust.

DuploCloud is an efficient, user-friendly means of helping developers automate their environment, reducing the need for constant monitoring or "babysitting." More information on fewer screens and improved ease of navigation enhance monitoring performance.

3. Intuitive Self-Service DevOps for Developers

DuploCloud's simplified UI guides developers and less savvy DevOps users in creating and managing DevOps components and constructs. Even advanced features such as AWS Batch, CloudFront, or setting up a Lambda function are simplified through procedural documentation, step-by-step UI panels, and even sample code blocks that can be accessed through info-tips in the UI.

Using a templatized approach, potentially complex Kubernetes constructs such as Ingress and Terraform scripting can be managed by developers with minimal exposure to such functionality. Experts who have invested time and money in creating custom solutions using such tools do not need to discard their work. DuploCloud can help integrate existing solutions and workflows, often automating them during onboarding at no additional cost.

4. Ease of Use and Expedited Navigation with JIT Access

Complex navigation and workflows can be a huge headache for DevOps and cloud engineers. Using DuploCloud, you can minimize the time you spend logging in and out of AWS, Azure, and GCP consoles. Every DevOps and SecOps task can be completed from within the DuploCloud portal, often with significantly reduced clicks.

Compare the keystrokes and navigation between DuploCloud and using a native cloud portal. Often, DevOps engineers "get used to the pain" inherent in many daily DevOps tasks, unaware they can gain back minutes, hours, and days by using DuploCloud.

Some commonly used tools that can be accessed directly within DuploCloud include kubectl, shell access, and JIT access to cloud consoles.

5. Turn-Key Compliance and Security

When you let DuploCloud manage your DevOps environment, a scalable and robust SecOps framework and implementation strategy are included. Aligned with industry best practices, our staff of SecOps experts analyzes how your data is stored and transmitted, helps identify the standards you must meet, and then constructs a detailed implementation strategy to meet and exceed those requirements. In addition, we create a scalable model that adapts as your customer base and workloads grow.

Using easy-to-access "Single Pane of Glass" dashboards, DuploCloud provides a granular view of all security issues and compliance controls. Completing questionnaires and passing audits is simple, especially with our 24/7 support.

6. Seamless CI/CD Pipeline Integrations

Some of the tools we support, such as GitHub Actions, include ready-to-run scripts for quickly creating Docker images, updating Services or Lambdas, uploading data to an S3 Bucket, or executing Terraform scripts.

Whatever your tool of choice, our DevOps experts can help you find the best workflow that requires the least effort to build and maintain.

7. Optimizing DevOps Spending

One of the biggest reasons to consider an automated DevSecOps solution comes down to dollars and cents. It's too easy to spend a lot on a public cloud solution without knowing precisely where your money goes. Sometimes, the components and services you've created (and even ones you've forgotten about) cost you more than they're earning you.

DuploCloud provides several billing dashboards that break down your spending by workspace and component. These dashboards are navigable with just a few clicks. Our support team can help you identify redundancies in services and tools and possibly cut costs by suggesting solutions leveraging the many third-party tools built into DuploCloud.

8. Scalable, Simplified, Faster Terraform Scripting

As with most platforms, the work required to set up and configure a Terraform environment can adversely impact accuracy, productivity gains, and effectiveness. Crafting scalable Terraform requires more skills than simply programming. In addition, as with any code base, it requires constant updating, refactoring, and other maintenance tasks.

Using DuploCloud’s proprietary Terraform provider removes the need to write specifically for one public cloud. You can effectively use the same DuploCloud Terraform code — as it maps to DuploCloud’s constructs, not one specific cloud — with several public clouds. You don’t need to worry about differentiating platform-specific specifications. DuploCloud handles all of this for you in a transparent, replicable manner. You use utilities such as DuploCloud’s Terraform Exporter to quickly clone Tenants and modify configuration details when needed for specific Infrastructures and Tenants.

9. Single Pane of Glass for Enhanced Observability

Attempting to monitor your cloud infrastructure from the numerous UIs offered by public providers often obscures problems or causes confusion. DuploCloud's monitoring interfaces combine multiple functionalities on one screen; our SIEM dashboard is a primary example of such flexibility and comprehensiveness. Leveraging Wazuh, DuploCloud offers unprecedented insights from a single interface.

Using OpenSearch, Grafana, and Prometheus, you can get single snapshots of logging, auditing, compliance and security vulnerabilities, custom alerting, and fault lists with one click.

10. Cost-reduction leveraging DuploCloud Third-Party tools

Read DuploCloud whitepapers for comprehensive information about:

The DuploCloud Platform is an application-infrastructure-centric abstraction created atop the user's cloud provider account. Users can deploy and operate their applications using DuploCloud's simple, user-friendly UI, or use the Low-Code Terraform provider to consume cloud services like S3, DynamoDB, Lambda functions, GCP Redis, Azure SQL, etc., from their cloud provider.

The following diagram shows the high-level abstractions within which applications are deployed, and users operate.

DuploCloud supports a variety of deployment models, from basic multi-Tenant applications to complex single-Tenant deployments within customer environments. These models cater to different security needs, allowing customers to achieve their desired isolation level while maintaining operational efficiency.

DuploCloud-supported tenancy models, outlined below, include:

Tenancy Deployment Models

Application-Managed Multi-Tenancy

• Description: The application manages Tenant isolation with DuploCloud structured pooled tenancy.

• Use Case: The most common scenario is where the application logic isolates customer data. DuploCloud Tenants are then used to isolate development environments (i.e., Nonprod and Prod).

• Infrastructure:

  • Shared DuploCloud Infrastructure (VPC, Tenant, VM/instances, S3 bucket, RDS). Cluster/namespace can also be shared.

  • Scaling: Increase compute instances for Kubernetes worker nodes as needed.

DuploCloud Tenant-per-Customer

• Description: Each customer gets a separate DuploCloud Tenant.

• Use Case: Suitable for older applications not designed for multi-tenancy, or security and compliance needs.

• Infrastructure:

  • Shared network layer (VPC).

  • Separate Tenants per customer with security boundaries (security group, KMS key, SSH key, Kubernetes namespace).

  • Kubernetes cluster is shared and boundaries are through the namespace.

DuploCloud Infrastructure-per-Customer

• Description: Each customer gets a separate DuploCloud Infrastructure.

• Use Case: Provides a higher security boundary at the network layer where customer access and data are separated.

• Infrastructure:

  • Separate VPC and network resources for each customer.

  • Clusters are inherently separate through Tenants isolated in different Infrastructures.

  • Higher cost due to duplicated resources and operational overhead.

Cloud Account-per-Customer

• Description: Each customer gets a separate cloud account.

• Use Case: The least common model, used for customers requiring complete isolation.

• Infrastructure:

  • Separate accounts with a DuploCloud Platform installed in each.

  • Each account then has its own DuploCloud Infrastructure and Tenant.

Hybrid Model

• Description: Combination of the above models as needed to meet specific requirements.

• Use Case: Diverse customer needs.

• Infrastructure:

  • A combination of previous models.

  • Organization-specific depending on requirements: some organizations may be in a pooled application environment whereas others may be more isolated through Tenant boundaries.

Special Hybrid Case: Single-Tenant Deployment in an External Kubernetes Cluster

• Description: DuploCloud imports existing Kubernetes clusters from external environments.

• Use Case: A cluster and resources already exist, or customers require the application or services solution running inside their client's cloud account. Customers are comfortable creating their own Kubernetes environments.

• Infrastructure:

  • Customer's cloud account or On-premises cluster (EKS, AKS, GKE, Oracle, DOKS, etc.) in conjunction with a DuploCloud Infrastructure. This could be any Kubernetes cluster not created by DuploCloud.

  • Manages both multi-Tenant and single-Tenant environments from the DuploCloud UI.

Documentation and Support

Several DuploCloud components are used with AWS, GCP, Azure, and hybrid/On-premises Services. These include Infrastructures, Plans, Tenants, Hosts, and Load Balancers. This section provides a conceptual explanation of the following common DuploCloud components:

For instructions to implement these common components in your DuploCloud account, see the documentation for your cloud provider:

Tenant as a Logical Concept

A Tenant is a project or a workspace and is a child of the Infrastructure. It is the most fundamental construct in DuploCloud. While Infrastructure is a VPC level isolation, Tenant is the next level of isolation implemented by segregating Tenants using concepts like Security Groups, IAM roles, Instance Profiles, K8S Namespaces, KMS Keys, etc.

For instructions to create a Tenant in the DuploCloud Portal, see:

At the logical level, a Tenant is fundamentally four things:

• Container of Resources: All resources (except those corresponding to Infrastructure) are created within the Tenant. If we delete the Tenant, all resources within it are terminated.

• Security Boundary: All resources within the Tenant can talk to each other. For example, a Docker container deployed in an EC2 instance within a Tenant will have access to S3 buckets and RDS instances in the same Tenant. By default, RDS instances in other Tenants cannot be reached. Tenants can expose endpoints to each other via ELBs or explicit inter-Tenant SG and IAM policies.

• User Access Control: Self-service is the bedrock of the DuploCloud Platform. To that end, users can be granted Tenant-level access. For example, an administrator may be able to access all Tenants while developers can only access the Dev Tenant and a data scientist the data-science Tenant.

• Billing Unit: Since a Tenant is a container of resources, all resources in a Tenant are tagged with the Tenant's name in the cloud provider, making it easy to segregate usage by Tenant.

• Mechanism for Alerting: Alerts generate faults for all of the resource within a Tenant.

• Mechanism for Logging: Each Tenant has a unique set of logs.

• Mechanism for metrics: Each Tenant has a unique set of metrics.

Tenants and Kubernetes

Each Tenant is mapped to a Namespace in Kubernetes.

When you create a Tenant in an Infrastructure, a Namespace called duploservices-TENANT_NAME is created in the Kubernetes cluster. For example, if a Tenant is called Analytics in DuploCloud, the Kubernetes Namespace is called duploservices-analytics.

All application components in the Analytics Tenant are placed in the duploservices-analytics Namespace. Since nodes cannot be part of a Kubernetes Namespace, DuploCloud creates a tenantname label for all the nodes launched within the Tenant. For example, a node launched in the Analytics Tenant is labeled tenantname: duploservices-analytics.

Any Pods launched using the DuploCloud UI have an appropriate Kubernetes nodeSelector that ties the Pod to the nodes within the Tenant. Ensure kubectl deployments use the proper nodeSelector.

Tenant Use Cases

DuploCloud customers often create at least two Tenants for their Prod and Nonprod cloud environments (Infrastructures).

You can map Tenants in each (or all) of your production environments.

For example:

• Production Infrastructure

  • Pre-production Tenant: for preparing or reviewing production code

  • Production Tenant: for deploying tested code

• Nonproduction Infrastructure

  • Development Tenant: For writing and reviewing code

  • Quality Assurance Tenant: For automated testing

Some customers in larger organizations create Tenants based on application environments: one Tenant for data science applications, another for web applications, etc.

Tenants can also isolate a single customer workload allowing more granular performance monitoring, flexibility scaling, or tighter security. This is referred to as a single-Tenant setup. In this case, a DuploCloud Tenant maps to an environment used exclusively by the end client.

With large sets of applications accessed by different teams, it is helpful to map Tenants to team workloads (Dev-analytics, Stage-analytics, etc.).

Tenant Naming Conventions

Ensure Tenant names in DuploCloud are unique and not substrings of one another. For example, if you have a Tenant named dev, you cannot create another named dev2. This limitation arises because IAM policies and other security controls rely on pattern matching to enforce Tenant security boundaries. If Tenant names overlap, the patterns may not work correctly.

To avoid issues, we recommend using distinct numerical suffixes like dev01 and dev02.

DuploCloud Plans

• Certificates available to be attached to Load Balancers in the Plan's Tenants

• Machine images

• WAF web ACLs

• Common IAM policies and SG rules to be applied to all resources in the Plan's Tenants

• Unique or shared DNS domain names where applications provisioned in the Plan's Tenants can have a unique DNS name in the domain

• Resource Quota that is enforced in each of the Plan's Tenants

• DB Parameter Groups

• Policies and feature flags applied at the Infrastructure level on the Plan's Tenants

The figure below shows a screenshot of the plan constructs:

DuploCloud Plans and DNS Considerations

When creating DuploCloud Plans and DNS names, consider the following to prevent DNS issues:

• Plans in different portals will delete each other's DNS records, so each portal must use a distinct subdomain for its Plans.

• DuploCloud Plans in the same portal can share a DNS domain without deleting each other's records. Duplo-created DNS names will always include the Tenant name, which prevents collisions.

• The recommended practice for most portals is to set all Plans to the same DNS name, including the default Plan.

• Ideally, custom subdomains will be set in the Plans before turning on shell, monitoring, or logging. If the DNS is changed later, those services may need to be updated.

When pursuing specific compliance certifications such as SOC2, HIPAA, or PCI, specific controls must be implemented across an organization, from data management to infrastructure. Governance, Risk, and Compliance (GRC) tools such as Drata, Vanta, Thoropass, Secureframe, A-LIGN (A-SCEND), Sprinto, Scytale, ControlMap, and TrustCloud.ai help define and maintain these controls, ensuring they are kept up to date. Understanding how these tools complement DuploCloud is essential for meeting compliance requirements.

Implementing Compliance Controls vs Assessing Compliance

DuploCloud automates cloud infrastructure provisioning, configuration, and monitoring to meet compliance standards like SOC 2, HIPAA, and PCI DSS. By using Infrastructure as Code (IaC), prebuilt templates, and compliance checks, DuploCloud creates cloud environments that meet the these frameworks' requirements. While DuploCloud has built-in dashboards which provide compliance scores against well known Compliance standards, auditors prefer using dedicated compliance monitoring systems that are independent from the process of infrastructure provisioning.

This is where GRC tools come in. GRC tools automate compliance monitoring, reporting, and evidence collection organization-wide. Acting as independent observers, they assess compliance without implementing controls themselves, ensuring impartiality. Beyond cloud infrastructure, GRC tools cover areas like HR policies, IT systems, and company processes. They streamline audits by automating evidence collection and providing a centralized platform for auditors to verify compliance.

Overall, DuploCloud and GRC tools serve different functions, but complement each other to support overall compliance efforts. For organizations seeking the most streamlined compliance strategy, combining DuploCloud with a GRC tool offers the best of both worlds.

How Does DuploCloud Complement GRC Tools?

GRC tools monitor compliance but do not implement the controls needed to maintain it. DuploCloud complements these tools by ensuring cloud infrastructure controls are implemented and ready for assessment. Together, they streamline and maintain compliance, each focusing on distinct aspects of the process: GRC tools oversee compliance across broader organizational domains, and DuploCloud ensures cloud infrastructure controls are in place and audit-ready.

DuploCloud adds value through:

Infrastructure Orchestration: DuploCloud provisions and manages cloud resources in line with compliance frameworks such as SOC 2, ISO 27001, and HIPAA, automating the technical implementation of controls.

Continuous Compliance: By enforcing policies and automatically remediating misconfigurations, DuploCloud ensures that cloud infrastructure remains compliant over time, delivering a consistent "green" status for infrastructure controls.

Evidence for Auditors: DuploCloud generates detailed, audit-ready evidence for cloud infrastructure compliance. This evidence can be used directly by auditors or integrated with GRC tools to simplify compliance reporting.

Do I Need a GRC Tool if I Use DuploCloud?

It depends on your compliance needs.

For external-facing compliance activities, such as preparing for audits and certifications like SOC 2, a GRC tool may be essential. These tools systematically and continuously monitor controls across organizational areas, including IT and HR, that are critical for certifications and beyond DuploCloud’s scope. They provide real-time pass/fail insights, offering immediate visibility into compliance status as changes are made to organization, practices, or infrastructure. This makes evidence collection and audit coordination much more efficient than manual tracking.

Most customers use DuploCloud in conjunction with GRC tools, but some choose to manage their cloud infrastructure controls with DuploCloud while handling audits manually. This approach requires significant effort, including manually collecting evidence via spreadsheets and coordinating directly with the auditor.

For instructions to create an Infrastructure in the DuploCloud Portal, see:

Each Infrastructure represents a network connection to a unique VPC/VNET, in a region with a Kubernetes cluster. For AWS, it can also include an ECS. An Infrastructure can be created with four basic inputs: Name, VPC CIDR, Number of AZs, Region, and a choice to enable or disable a K8S/ECS cluster.

When you create an Infrastructure, DuploCloud automatically creates the following components:

• VPC with two subnets (private, public) in each availability zone

• Required security groups

• NAT Gateway

• Internet Gateway

• Route tables

Additional requirements like custom Private/Public Subnet CIDRs can be configured in the Advanced Options area.

Plans and Infrastructures

These tutorials are specific to various public cloud environments and demonstrate some of DuploCloud's most common use cases:

DuploCloud offers hands-on 24/7 support for all customers via Slack or email. Automation and developer self-service are at the heart of the DuploCloud Platform. We are dedicated to helping you achieve hands-off automation as fast as possible via rapid deployment of managed services or customized Terraform scripts using our exclusive Terraform provider. Additionally, you can access various help options, including product documentation and customer support, directly from the DuploCloud Portal. For real-time answers tailored specifically to your organization's needs, ask customer support about Ask DuploCloud, our AI-powered assistant.

How to Contact DuploCloud for Support

• Use the customer Slack or Microsoft Teams channel created during onboarding.

• Email us at support@duplocloud.net.

DuploCloud Support Features

Some of the support features we offer include:

• Configuring changes in your public cloud infrastructures and associated Kubernetes (K8s) constructs managed by DuploCloud.

• Setting up CI/CD pipelines.

• Cloud Migration from any existing platform.

• Proactive, tailored EKS cluster upgrades designed for minimum downtime impact.

• Accelerated onboarding of existing Services.

• Troubleshooting and debugging for:

  • Apps and Services crashing.

  • Slow of crashing OpenSearch or database instances.

  • Proof-of-Concepts (PoCs) for third-party integrations, including roll-out to the development environment.

  • Downtime during rolling Upgrades.

  • Investigation and clarification of public cloud provider billing increases. Many times DuploCloud can suggest a more cost-effective alternative

  • Consolidation of third-party tools for which you currently subscribe that are included with your DuploCloud subscription.

  • Adding a CI/CD pipeline for a new Service.

What DuploCloud Does Not Support or Supports Conditionally

We cover most of your DevOps needs, but there are some limitations. Examples of needs we do not or only partially support include:

• Patching an application inside a Docker image

• Monitoring alerts in a Network Operations Center (NOC)

• Troubleshooting application code

• Database configuration

How to get help from within the DuploCloud Portal

• What's New: Stay informed about the latest features and updates in the DuploCloud platform.

• FAQs: Access frequently asked questions to quickly find answers to common inquiries.

• Documentation: Browse through our comprehensive product documentation to help you navigate the platform and optimize your usage.

A Service could be a Kubernetes Deployment, StatefulSet, or DaemonSet. It can also be a Lambda function or an ECS task or service, capturing a microservice. Each Service (except Lambda) is given a Load Balancer to expose itself and is assigned a DNS name.

DuploCloud Supported Services

For information on cloud-specific Services supported by DuploCloud, see:

DuploCloud supports a simple, application-specific interface to configure dozens of cloud services, such as S3, SNS, SQS, Kafka, Elasticsearch, Data Pipeline, EMR, SageMaker, Azure Redis, Azure SQL, Google Redis, etc. Almost all commonly used services are supported, and new ones are constantly added. DuploCloud Engineers fulfill most requests for new Services within days, depending on their complexity.

Below is an image of some properties of a Service:

DuploCloud Diagnostics Functions

The DuploCloud platform automatically orchestrates the following main diagnostic functions:

Central Logging

A shared Elasticsearch cluster is deployed and Filebeat is installed in all worker nodes to fetch logs from various applications across Tenants. The logs are injected with metadata corresponding to the Tenant, Service, container ID, Host, etc. Further, each Tenant has a central logging dashboard which includes the Kibana view of logs from applications within the Service. See the screenshot below:

Metrics

Metrics are fetched from Hosts, containers, and Services and displayed in Grafana. Service metrics are collected behind the scenes by calling cloud provider APIs like CloudWatch and Azure Monitor. For nodes and containers, metrics are collected using Prometheus, Node Exporter, and cAdvisor. The Metrics dashboards are Tenant-centric and segregated per application and Service as shown in the image below:

Alarms and Faults

The platform creates faults for many failures automatically. For example, health check failures, container crashes, node crashes, deployment failures, etc. Further, users can easily set alarms like CPU and memory for EC2 instances or free disk space for RDS databases. Failures are displayed as faults under their respective Tenants. Sentry and Pager Duty projects can be linked to Tenants, and DuploCloud will send faults there so the user can set notification configurations.

Audit Trail

All system changes are logged in an audit trail in Elasticsearch where they can be sorted and viewed by Tenant, Service, change type, user, and dozens of other filters.

Container Orchestration Terms

Hosts

These are virtual machines (EC2 Instances, GCP Node pools, or Azure Agent Pools). By default, apps within a Tenant are pinned to VMs in the same Tenant. One can also deploy Hosts in one Tenant that can be leveraged by apps in other Tenants. This is called the shared-host model. The shared-host model does not apply to ECS Fargate.

Services

Service is a DuploCloud term and is not the same as a Kubernetes Service. In DuploCloud, a Service is a micro-service defined by a name, Docker Image, number of replicas, and other optional parameters. Behind the scenes, a DuploCloud Service maps 1:1 to a Deployment or StatefulSet, based on whether it has stateful volumes. There are many optional Service configurations for Docker containers. Among these are:

• Environment variables

• Host Network Mode

• Volume mounts

• Entrypoint or command overrides

• Resource caps

• Kubernetes health checks

Allocation Tags

A Service can be configured to run only a specific set of Hosts by setting allocation tags on the Hosts and Service. Allocation tags are case-insensitive substrings. On a Service, allocation tags should be a substring of the Host tag. For example, if a Host is tagged HighCpu;HighMem, a Service tagged highcpu can be placed on it. Services without allocation tags can be placed on any Host.

For Kubernetes Deployments, allocation tags are implemented using labels on nodes and then applying node selectors in your Deployment or StatefulSet configurations.

Host Networking

By default, Docker containers have network addresses. Sometimes, containers share the VM network interface. This reuse is called host networking mode.

Load Balancer

A DuploCloud Service that communicates with other Services, must be exposed by a Load Balancer. DuploCloud supports the following Load Balancers (LBs).

Application Elastic Load Balancer (ELB)

Classic ELB (Only applicable to Built-in container orchestration)

Cluster IP (Kubernetes only)

Most application workloads deployed on DuploCloud are in Docker containers. The rest consist of serverless functions, and big data workloads like Amazon EMR jobs, Airflow, and Sagemaker. DuploCloud abstracts the complexity of container orchestration technologies, allowing you to focus on deploying, updating, and debugging your containerized application.

Among the technologies DuploCloud supports are:

• Kubernetes: On AWS, DuploCloud supports orchestration using Elastic Kubernetes Service (EKS). On GCP we support GKE auto pilot and node-pool based. On Azure we support AKS and Azure web apps.

• Built-in (DuploCloud): DuploCloud platform's Built-in container management has the same interface as the docker run command, but it can be scaled to manage hundreds of containers across many hosts, providing capabilities such as associated load balancers, DNS, and more.

• AWS ECS Fargate: Fargate is a technology you can use with Elastic Container Service (ECS) to run containers without having to manage servers or clusters of EC2 instances.

Container Orchestration Feature Matrix

You can use the feature matrix below to compare the features of the orchestration technologies that DuploCloud supports. DuploCloud can help you implement whatever option you choose through the DuploCloud Portal or the Terraform API.

Feature Definitions

See the sections below for a detailed explanation of the cloud orchestrator's feature matrix ratings.

Ease of Use

Kubernetes is extensible and customizable, but not without a cost in ease of use. The DuploCloud Platform reduces the complexities of Kubernetes, making it comparable with other container orchestration technologies in ease of use/adoption.

ECS Fargate contains proprietary constructs (such as task definitions, tasks, or services) that can be hard to learn. As Fargate is serverless, you can't control the host Docker, so commands such as docker ps and docker restart are unavailable. This makes debugging a container crash very difficult and time-consuming. DuploCloud simplifies Fargate with an out-of-the-box setup for logging, shell access, and abstraction of proprietary constructs and behavior.

Features and Ecosystem Tools

Kubernetes is rich in additional built-in features and ecosystem tools like Secrets and ConfigMaps. Built-in and ECS rely on native AWS services such as AWS Secrets Manager, SSM, S3, and others. While Kubernetes features have AWS equivalents, third parties like Influx DB, Time Series DB, Prefect, etc. tend to publish their software as Kubernetes packages (Helm charts).

Suitability for Stateful Apps

Stability and Maintenance

Although Kubernetes is highly stable, it is an open-source product. Kubernetes' native customizability and extensibility can lead to points of failure. For example, when a mandatory cluster upgrade is needed. This complexity often leads to support costs from third-party vendors. Maintenance can be especially costly with EKS, as versions are frequently deprecated, requiring you to upgrade the control plane and data nodes. DuploCloud automates this upgrade process but still requires careful planning and execution.

AWS Cost

EKS control plane is fairly inexpensive, but operating an EKS environment without business support (at an additional premium) is not recommended. Small businesses may reduce costs by adding the support tier only when needed.

Multi-Cloud

For many enterprises and independent software vendors, multi-cloud capabilities are, or will soon be a requirement. While Kubernetes provides this benefit, DuploCloud's implementation is much easier to maintain and implement.

DuploCloud automatically creates and manages DNS records for many resources you deploy, such as Kubernetes Services or VM hosts with public IPs, by integrating with your cloud provider’s DNS service. These DNS records are essential for routing traffic to your workloads and Services.

In most cases, DNS names are created automatically and can be customized within the DuploCloud Platform. However, you may sometimes need to manually configure or troubleshoot DNS entries, such as when using custom domain names, ensuring DuploCloud doesn’t overwrite DNS records you manage outside of the platform, or resolving DNS failures.

Prerequisites

• Configure your DNS zones: Make sure your DNS zones are properly configured in both DuploCloud and your cloud provider. This often involves setting up subdomain zones (like apps.mycompany.com) and connecting them to DuploCloud. See DNS setup instructions for your cloud provider:

Adding Custom DNS Names

You can configure a custom DNS name for resource directly in the DuploCloud Platform, or manually in your cloud provider’s platform.

Creating Custom DNS Names in DuploCloud

For resources that DuploCloud manages (like services behind Load Balancers), you can customize the automatically generated DNS name:

1. In the Tenant list box, select the Tenant.

2. Navigate to the Services page (Kubernetes -> Services, or Docker -> Services). The Services page displays.

3. Select your Service from the NAME column.

4. Click the Load Balancers tab.

5. In the DNS Name card, click Edit.

6. The prefix in the DNS Name is editable. Select a meaningful DNS Name prefix.

7. Click Save. A success message briefly displays at the top center of the DuploCloud Portal. Your new DNS name is now registered.

Creating Custom DNS Names in Your Cloud Provider

For resources that don’t have DNS configuration in DuploCloud (e.g., non-Kubernetes services), you will need to manually add DNS entries in your cloud provider’s DNS service.

Configuring DuploCloud to Ignore DNS Entries

If you create a DNS entry directly in your cloud provider’s platform (AWS, Google Cloud, or Azure), DuploCloud may delete it during updates, as it automatically deletes any DNS entries it did not create. To prevent this from happening, configure Systems Settings to ignore specific DNS entries.

1. From the DuploCloud Portal, navigate to Administrator -> System Settings -> System Config.

2. Click Add. The Add Config pane displays.
3. Fill the fields:

1. Click Submit. DuploCloud will ignore the specified DNS prefixes.

Resolving DNS Failures

Occasionally, DNS resolution can fail on local machines, especially for private resources behind VPNs. This is often caused by incorrect DNS server settings or local DNS caching.

To fix this:

• Use public DNS servers like 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare).

• Flush your DNS cache.

• Verify VPN connection if accessing private resources.

DuploCloud integrates natively with OpenVPN by provisioning VPN users in the Duplocloud Portal. As a DuploCloud user, you can access resources in the private network by connecting to the VPN with the OpenVPN client.

Obtaining VPN Credentials

VPN credentials are listed on your user profile page in the DuploCloud Portal. It can be accessed by clicking the person icon and selecting Profile.

Setting up the OpenVPN User Profile and Client App

1. Click on the VPN URL link in the VPN Details section of your user profile. Modern browsers will call the link unsafe since it uses a self-signed certificate. Make the necessary selections to proceed.

2. Log into the OpenVPN Access Server user portal using the username and password from the VPN Details section of your DuploCloud user profile page.

1. Click on the OpenVPN Connect Recommended for your device icon to install the OpenVPN Connect app for your local machine.

1. Navigate to your downloads folder, open the OpenVPN Connect file you downloaded in the previous step, and follow the prompts to finish the installation.

2. In the OpenVPN access server dialog box, click on the blue Yourself (user-locked profile) link to download your OpenVPN user profile.

3. Navigate to your Downloads folder and click on the .ovpn file downloaded in the previous step. The Onboarding Tour dialog box displays.

4. In the Onboarding Tour dialog box, click the > button twice. Click Agree and OK as needed to proceed to the Import .ovpn profile dialog box, and click OK.

1. Click OK, and select Connect after import. Click Add in the upper right. If prompted to enter a password, use the password in the VPN Profile area of your user profile page in the DuploCloud Portal. You are now connected to the VPN.

For example, if the Route 53 Hosted Zone created is apps.acme.com, the ACM certificate specifies *.apps.acme.com. You can add additional domains to this certificate (for example, *.acme.com).

Once the certificate is issued, add the Amazon Resource Name (ARN) of the certificate to the DuploCloud Plan (starting with the DEFAULT Plan) so that it is available to subsequent configurations

Adding an ACM Certificate with ARN to a DuploCloud Plan

1. In the DuploCloud Platform, navigate to Administrator -> Plans. The Plans page displays.

2. Select the default Plan from the NAME column.

3. Click the Certificates tab.

4. Click Add.

5. In the Name field, enter a certificate name.

6. In the Certificate ARN field, enter the ARN.

7. Click Create. The ACM Certificate with ARN is created.

Enabling Automatic AWS ACM Certificate Creation

Configure DuploCloud to automatically generate Amazon Certificate Manager (ACM) certificates for your Plan's DNS.

1. From the DuploCloud portal, navigate to Administrator -> Systems Settings.

2. Select the System Config tab, and click Add. The Add Config pane displays.

3. From the Config Type list box, select Flags.

4. From the Key list box, select Other.

5. In the Key field that displays, enter enabledefaultdomaincert.

6. In the Value list box, select True.

7. Click Submit. DuploCloud automatically generates Amazon Certificate Manager (ACM) certificates for your Plan's DNS.

DuploCloud integrates with OpenVPN by provisioning VPN users that you add to the DuploCloud Portal. OpenVPN setup is a comprehensive process that includes accepting OpenVPN, provisioning the VPN, adding users, and managing connection limits to accommodate a growing team.

Accepting OpenVPN

Accept OpenVPN Free Tier (Bring Your Own License) in the AWS Marketplace:

2. Accept the agreement. Other than the regular EC2 instance cost, no additional license costs are added.

Provisioning the VPN

1. In the DuploCloud Portal, navigate to Administrator -> System Settings.

2. Select the VPN tab.

3. Click Provision VPN.

After the OpenVPN is provisioned, it is ready to use. DuploCloud automates the setup by launching a CloudFormation script to provision the OpenVPN.

Managing VPN Connection Limits

To support a growing team, you may need to increase the number of VPN connections. This can be achieved by purchasing a larger license from your VPN provider. Once acquired, update the license key in the VPN's web user interface through the DuploCloud team's assistance. Ensure the user count settings in the VPN reflect the new limit and verify team access to manage these changes efficiently.

Adding or Deleting a VPN User

Opening a VPN Port

To enable users connected to the VPN to access various services, including databases and ElastiCache, specific ports must be opened:

1. In the DuploCloud Portal, navigate to Administrator -> Tenants.

2. Select the Tenant from the NAME column.

3. Click the Security tab.

4. Click Add. The Add Tenant Security pane displays.

5. From the Source Type list box, select IP Address.

6. From the IP CIDR list box, select your IP CIDR.

7. Click Add.

This comprehensive guide ensures your VPN setup is not only up and running but also scalable to meet the needs of your growing team.

The DuploCloud Platform needs a unique Route 53 hosted zone to create DNS entries for Services that you deploy. The domain must be created out-of-band and set in DuploCloud. The zone is a subdomain such as apps.[MY-COMPANY].com.

Creating a Route 53 Hosted Zone Using AWS Console

2. Navigate to Route 53 and Hosted Zones.

3. Create a new Route53 Hosted Zone with the desired domain name, for example, apps.acme.com.

5. Go to your root domain provider's site (e.g., acme.com), and create an NS record that references the domain name of the Hosted Zone you created (apps.acme.com). Add the zone name to the name servers that you noted above.

Once this is complete, provision the Route53 domain in every DuploCloud Plan, starting with the DEFAULT Plan. Add the Route53 Hosted Zone ID and domain name, preceded with a dot (.).

Enable and access shells for your DuploCloud Docker, EKS, and ECS containers directly through the DuploCloud Portal. This provides quick and easy access for managing and troubleshooting your containerized environments.

Native Docker Shell Access

Enabling the Shell for Docker

1. In the DuploCloud Portal, navigate to Docker -> Services.

2. From the Docker list box, select Enable Docker Shell. The Start Shell Service pane displays.

1. In the Platform list box, select Docker Native.

2. From the Certificate list box, select your certificate.

3. From the Visibility list box, select Public or Internal.

4. Click Update. DuploCloud provisions the dockerservices-shell Service, enabling you to access your Docker container shell.

Accessing the Shell for Docker

1. From the DuploCloud portal, navigate to Docker -> Containers.

3. Select Container Shell. A shell session launches directly into the running container.

EKS Shell Access

Enabling the Shell for Kubernetes

1. In the Tenant list box, select the Default Tenant.

2. In the DuploCloud Portal, navigate to Docker -> Services.

3. Click the Docker button, and select Enable Docker Shell. The Start Shell Service pane displays.

1. In the Platform list box, select Kubernetes.

2. In the Certificate list box, select your certificate.

3. In the Visibility list box, select Public or Internal.

4. Click Update. DuploCloud provisions the dockerservices-shell Service, enabling you to access your Kubernetes container shell.

Accessing the Shell for Kubernetes

1. From the DuploCloud Portal, navigate to Kubernetes -> Services.

2. Click the KubeCtl Shell button. The Kubernetes shell launches in your browser.

ECS Shell Access

Accessing the Shell for ECS

1. From the DuploCloud Portal, navigate to Cloud Services -> ECS. The ECS Task Definition page displays.

2. Select the name from the TASK DEFINITION FAMILY NAME column.

3. Select the Tasks tab.

4. In the row of the task you want to access, click the actions icon (>_).

5. Select the Task Shell option. The ECS task shell launches in your browser.

This Quick Start tutorial shows you how to set up an end-to-end cloud deployment. You will create DuploCloud Infrastructure and Tenants and, by the end of this tutorial, you can view a deployed sample web application.

Estimated time to complete tutorial: 75-95 minutes.

AWS Tutorial Roadmap

When you complete the AWS Quick Start Tutorial, you have three options or paths, as shown in the table below.

EKS (Elastic Kubernetes Service): Create a Service in DuploCloud using AWS Elastic Kubernetes Service and expose it using a Load Balancer within DuploCloud.

ECS (AWS Elastic Container Service): Create an app and Service in DuploCloud using AWS Elastic Container Service.

Native Docker: Create a Service in Docker and expose it using a Load Balancer within DuploCloud.

* Optional

AWS Video Demo

Click the card below to watch DuploCloud video demos.

Estimated time to complete Step 3: 5 minutes.

Prerequisites

Before creating an RDS, verify that you accomplished the tasks in the previous tutorial steps. Using the DuploCloud Portal, confirm that:

Creating an RDS Database

1. In the Tenant list box, select the dev01 Tenant that you created.

2. Navigate to Cloud Services -> Database.

3. Select the RDS tab, and click Add. The Create a RDS page displays.

4. From the table below, enter the values that correspond to the fields on the Create a RDS page. Accept default values for fields not specified.

5. Click Create. The database displays with a status of Submitted in the RDS tab. Database creation takes approximately ten (10) minutes.