reference deployment

Data Fabric Security on AWS

Container-based identity, credential, and access management

This solution deploys Data Fabric Security in the Amazon Web Services (AWS) Cloud using the AWS Cloud Development Kit (AWS CDK). It's for companies that want to build a data fabric foundation for their identity and access management infrastructure. It helps move data to a secure cloud environment for production or experimentation while maintaining security, control, and granular access. The solution installs RadiantOne and Immuta to Amazon Elastic Kubernetes Service (Amazon EKS) nodes. RadiantOne aggregates multiple identity stores and creates a global profile that you can tag with attributes such as clearance, area of responsibiity, and command. Immuta provides a flexible data-policy builder for attribute-based access control (ABAC). 


AWS logo

This solution was developed by AWS.

  •  What you'll build
  • This solution sets up the following:

    • An architecture that spans two Availability Zones.*
    • A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
    • In the public subnets, managed NAT gateways to allow outbound internet access for resources in the private subnets.*
    • Two Classic Load Balancers, one each for the Immuta and RadiantOne services in the private subnets.
    • In the private subnets:
      • Three-node Amazon EKS clusters containing highly-available deployments of Immuta and RadiantOne.
      • Amazon EKS to provide the Kubernetes control plane for the clusters.
      • Endpoints for other AWS services to access the Amazon EKS Kubernetes API server.
    • Amazon CloudWatch to collect, store, access, and monitor logs.
    • Amazon Route 53 for a private hosted zone and resolvers.
    • AWS Lambda to install Immuta and RadiantOne.

    * You can choose to use an existing VPC during deployment. The existing VPC must include two private subnets in separate Availability Zones.

  •  How to deploy
  • To deploy this solution, follow the instructions in the deployment guide, which includes these steps.

    1. Sign in to your AWS account. If you don’t have an AWS account, sign up at
    2. Install Node.js and the AWS Cloud Development Kit Command Line Interface (AWS CDK CLI).
    3. Obtain Immuta and RadiantOne licenses.
    4. Deploy this solution into a new VPC using AWS CDK. The deployment process takes about 15 minutes to complete.
  •  Costs and licenses
  • This deployment requires licenses for Immuta and RadiantOne. For more information, refer to the Immuta and Radiant Logic websites, respectively.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?