Before setting up the environment, gather the following details to ensure proper configuration:

• Region & Availability Zones
  • Choose the AWS region where resources will be deployed (e.g., us-east-1, eu-west-1).
  • Decide on Availability Zones. While Quix supports multiple AZs, we generally advise against it to reduce complexity and cost. Additionally, AWS charges for cross-AZ traffic, which can become expensive depending on workload patterns.
• Networking & CIDR Ranges
  • Identify any existing Virtual Private Clouds (VPCs) that this environment needs to peer with.
  • Define the primary CIDR range for this environment (e.g., 10.1.0.0/19 at least, but /16 preferred) that does not overlap with existing networks.
  • If overlapping CIDR range is chosen, communication channels can still be set up, but will be more involved.

Setup on your own

1. Strongly suggested to create a new AWS account through your internal process

   Steps:

   1. Login to your organisation’s root AWS account.
   2. Click on your user @ accountid (top right) > Organization.
   3. Click Add an AWS account (top).
   4. Fill in the required details and apply tags per company policy.
   5. Once created, switch to the new account.\

2. Follow https://github.com/quixio/terraform-quixplatform-aws

3. Grant Quix AWS Permissions.

Let Quix set up

1. Create a new AWS account through your internal process

   Steps:

   1. Login to your organisation’s root AWS account.
   2. Click on your user @ accountid (top right) > Organization.
   3. Click Add an AWS account (top).
   4. Fill in the required details and apply tags per company policy.
   5. Once created, switch to the new account.

2. Set up an IAM role for access

   Steps:

   1. Search for IAM in the AWS console and open the IAM service.

   2. Click Roles (left menu), then click Create role (top right).

   3. Select Custom trust policy.

   4. Replace the JSON content with the following:

      {
        "Version": "2012-10-17",
        "Statement": [
          {
            "Effect": "Allow",
            "Principal": {
              "AWS": "arn:aws:iam::662139353635:user/infrastructure"
            },
            "Action": "sts:AssumeRole"
          }
        ]
      }
      
      

   5. Click Next.

   6. Attach the AdministratorAccess policy, then click Next.

   7. Set the role name to QuixAdminRole

   8. Set the description to Allows Quix Admins to manage the Quix Platform

   9. Add any necessary tags according to company policy.

   10. Click Create role

<aside> 🚨

Once account and role are created, send the new Account’s id to us so we can begin the setup process. Also send us the gathered details asked at the beginning of this guide.

1. Account Id
2. Region / AZ
3. CIDR range </aside>

Frequently Asked Questions

Access & Permissions

Q: Can I assign a different role instead of AdministratorAccess? A: Not for setup. For setup we require AdministratorAccess to manage AWS IAM roles, policies, and networking configurations effectively. Alternative option is to run our terraform using an admin account of your own and assign permissions to the QuixAdminRole using this guide: Quix AWS Permissions.

Q: Do I need to create individual IAM users for each Quix engineer? A: No, you only need to set up the QuixAdminRole with the trust policy for arn:aws:iam::662139353635:user/infrastructure. Our internal team will manage access on our side.

Q: Can I remove Quix’s access after the setup is complete? A: You can restrict access after deployment, but without AdministratorAccess, we can only provide guidance, you’ll need to apply fixes manually. This will affect SLA commitments if an issue requires direct intervention. See Quix AWS Permissions for options.