AWS Prerequisites and Planning

This guide covers AWS-specific prerequisites and planning considerations before deploying Kindo infrastructure using the Kindo Terraform modules.

Terraform Modules Overview

The Kindo infrastructure is organized into modular Terraform components:

kindo-terraform-modules/
+-- modules/
|   +-- kindo-infra/        # AWS infrastructure (VPC, EKS, RDS, etc.)
|   +-- kindo-secrets/      # Secrets management
|   +-- kindo-peripheries/  # Supporting services (Unleash, OTEL, etc.)
|   +-- kindo-applications/ # Core Kindo applications
+-- stacks/                  # Pre-configured deployment stacks
|   +-- infra-aws/          # AWS infrastructure deployment
|   +-- secrets/            # Secrets configuration
|   +-- peripheries/        # Peripheral services deployment
|   +-- applications/       # Application deployment

Deployment Order

Deploy modules in this sequence (each depends on outputs from the previous):

1. Infrastructure (stacks/infra-aws) — VPC, EKS, RDS, Redis, RabbitMQ, S3
2. Secrets (stacks/secrets) — AWS Secrets Manager entries
3. Peripheries (stacks/peripheries) — Unleash, External Secrets Operator, OTEL
4. Applications (stacks/applications) — API, Next.js, LiteLLM, workers

AWS Account Requirements

Account Setup

• Use a dedicated AWS account for production deployments
• Enable CloudTrail for audit logging
• Enable AWS Config for compliance monitoring
• Ensure your chosen region supports EKS, RDS, ElastiCache, Amazon MQ, and SES

IAM Permissions

You need an IAM user or role with permissions to create and manage the following AWS resources:

• Networking: VPC, Subnets, Gateways, Route Tables, Security Groups
• Compute: EKS, EC2 Instances, Auto Scaling, Load Balancers
• Database: RDS, ElastiCache, Amazon MQ
• Storage: S3, Secrets Manager, KMS
• Monitoring: CloudWatch, CloudWatch Logs
• DNS: Route 53, ACM
• Email: SES (if used)

Tip

For initial setup, Administrator Access simplifies the process. For production, use granular IAM policies scoped to the required services.

Service Quotas

Check and increase these AWS quotas if needed:

Service	Resource	Minimum	Recommended
EC2	Elastic IPs	5	10
EC2	VPCs per region	2	5
EC2	On-Demand vCPUs	32	64
EKS	Clusters per region	1	3
RDS	DB instances	4	10
ElastiCache	Nodes	5	20
MQ	Brokers	2	5

Required Tools

Tool	Version	Purpose
Terraform	1.12.0+	Infrastructure provisioning
Helm	3.8.0+	Kubernetes package management
kubectl	1.32+	Kubernetes CLI
AWS CLI	2.x	AWS resource management
jq	Latest	JSON processing

AWS CLI Configuration

export AWS_PROFILE=your-profile-name
export AWS_REGION=us-west-2

# Verify access
aws sts get-caller-identity
aws ec2 describe-vpcs
aws eks list-clusters

External Service Requirements

Before deploying, obtain credentials for:

• Vector database: Pinecone API key (if not using self-hosted Qdrant)
• AI providers: At least one of OpenAI, Anthropic, Azure OpenAI, or Groq API key
• Email: SMTP credentials or Amazon SES configuration
• Kindo registry: Credentials provided by Kindo

Network Planning

VPC Design

Component	CIDR Range (example)	Purpose
VPC	10.0.0.0/16	Primary network
Public subnets	10.0.0.0/20, 10.0.16.0/20, 10.0.32.0/20	Load balancers, NAT gateways
Private subnets	10.0.48.0/20, 10.0.64.0/20, 10.0.80.0/20	EKS nodes, applications
Database subnets	10.0.96.0/20, 10.0.112.0/20, 10.0.128.0/20	RDS, ElastiCache

DNS

Plan subdomains for your Kindo deployment:

• app.kindo.company.com — Frontend
• api.kindo.company.com — API
• sso.kindo.company.com — SSO authentication

Pre-Deployment Checklist

• Dedicated AWS account available
• IAM permissions configured
• Service quotas checked and increased
• Terraform 1.12+, Helm 3.8+, kubectl 1.32+ installed
• AWS CLI configured and verified
• VPC CIDR ranges planned
• DNS strategy decided
• SSL certificate strategy decided (ACM recommended)
• External service API keys obtained
• Kindo registry credentials received

Next Steps

Proceed to AWS Infrastructure Deployment to provision the base AWS resources.