What resources are created for Turbot?

Turbot meets AWS Well Architected Framework and uses AWS services to run the Cluster web application, worker jobs and securely store cluster data. Turbot runs solely in one AWS Account that the customer owns (this is the Turbot Master Account). There is no management required of the customer as Turbot is self-healing and autoscaling across multiple availability zones (AWS Datacenters). For small clusters, these services will usually work within the free tier for AWS accounts. For larger, high availability clusters the AWS costs grow slowly with the size of the resources to be managed by Turbot.

After approval by the Cluster owner during Turbot setup, Turbot creates:

  • CloudFormation stacks to manage resources.
  • ELB + EC2 Autoscaling groups for web and compute tiers
  • IAM roles, groups, policies.
  • A Key Management Service key to encrypt sensitive data.
  • S3 bucket for bootstrap configuration data.
  • DynamoDB tables for data storage.
  • SQS queues for task management.
  • SNS topics to move tasks between queues.
  • CloudWatch Logs to record audit trail and operational errors.

Networking Configurations:

  • Ingress: no ports needed
  • Egress:
    • HTTP(80) & HTTPS(443) for AWS
    • SSH(22), RDP(3389) and Powershell Remote(5985) for OS Guardrails
    • Customized Ports for DB Guardrails
    • LDAP, AD, NTP, DNS, etc. for Core Services
  • Minimum Bandwidth: 10 – 100+ Mbps based on scale


High Level Architecture of Turbot Master Account



High Level Architecture of Turbot Master Account (Gov Cloud)


Was this article helpful?
1 out of 1 found this helpful