Prerequisites
Ensure the following prerequisites are met:
AWS Setup:
- A Protegrity Provisioned Cluster (PPC) is available.
For more information about PPC, refer to Protegrity Provisioned Cluster. - An AWS account with CLI credentials for configuring AWS is available.
- An existing VPC with at least two private subnets is available.
- An S3 bucket for storing Synthetic Data artifacts is available. The S3 bucket should not be KMS encrypted. The bucket must use default SSE-S3 encryption or no encryption.
- An IAM role (for example,
arn:aws:iam::<Account_ID>:role/<Role_Name>) with the required S3 permissions (s3:ListBucket,s3:GetObject,s3:PutObject,s3:DeleteObject) must exist before installation. - Ensure that the jumpbox can connect to the required repositories. If not already authenticated, then log in to the required repository.
- A Protegrity Provisioned Cluster (PPC) is available.
- For connecting and deploying from the Protegrity Container Registry (PCR), use the following command and the credentials obtained from the My.Protegrity portal during account creation:
helm registry login registry.protegrity.com:9443
- For connecting and deploying to the local repository, use your local credentials and local repository endpoint as required.
- Obtain the AMI ID for the EKS GPU-optimized image (
al2023-x86_64-nvidia-1.34-*) that corresponds to your deployment region.
Note: Each AWS region has a unique AMI ID.
Option A: The following table provides the list of AMI IDs using the image amazon-eks-node-al2023-x86_64-nvidia-1.34-v20260318.
| Region | AMI ID |
|---|---|
| us-east-1 | ami-0f7f4d7faa23356aa |
| us-east-2 | ami-0a141ce97ca2c1af3 |
| us-west-1 | ami-04a45eb5f6059b9d9 |
| us-west-2 | ami-00e8faebba1a101ef |
| ca-central-1 | ami-02c2ad3c354a88163 |
| eu-central-1 | ami-0aa92277e9e206598 |
| eu-north-1 | ami-0874c52f23e149b20 |
| eu-west-1 | ami-02f2605e47dbbcb50 |
| eu-west-2 | ami-01e015a107c483424 |
| eu-west-3 | ami-0cff81abc55208298 |
| ap-south-1 | ami-01e2773386d0b5694 |
| ap-northeast-1 | ami-0c8df61d509a15cc0 |
| ap-northeast-2 | ami-03b2e2c4cf0061b02 |
| ap-northeast-3 | ami-00e67c624db51074d |
| ap-southeast-1 | ami-08b7a3ccd049b8575 |
| ap-southeast-2 | ami-0037bc089c3a280e9 |
| sa-east-1 | ami-040480fd2f61a5da1 |
**Option B**: If your region is not listed in the AMI IDs table, run the following AWS CLI command to find the AMI ID dynamically.
```bash
aws ec2 describe-images \
--region <YOUR_REGION> \
--owners 602401143452 \
--filters "Name=name,Values=amazon-eks-node-al2023-x86_64-nvidia-1.34-*" \
--query "sort_by(Images, &CreationDate)[-1].{Id:ImageId,Name:Name,Created:CreationDate}" \
--output table
```
Note:
Synthetic Data requires static IAM access keys for AWS authentication. IRSA (IAM Roles for Service Accounts) is not supported for this release.
Create a static access key for an IAM user. These static keys are required to create the Kubernetes secret for S3 access during deployment.
For more information about creating new access keys for an IAM user, refer to Create new access keys for an IAM user - Amazon Keyspaces.
Check with your IT department for permission to launch AWS nodes with
instanceFamily: "g4dn"andinstanceSize: "2xlarge".
Tools:
helmandkubectlare installed and configured with access to your Kubernetes cluster.- Sufficient permissions to create namespaces, deployments, secrets, and services.
Feedback
Was this page helpful?