Installing Try Snowplow on AWS (old version)

Page contents show page contents

Installation process

The installation process for Try Snowplow takes around 15 minutes and comprises the following steps:

Sign up to Try Snowplow
Install the infrastructure into your cloud account
Connect to your pipeline

Security note

Snowplow will never ask you to disclose your Amazon, Google or database credentials.

Pre-requisites

Required IAM permissions

Setting up Try Snowplow in your AWS account requires following IAM roles:

cloudformation:CreateStack
cloudformation:DescribeStackEvents
cloudformation:DescribeStacks
cloudformation:ListStacks
cloudformation:GetTemplateSummary
ec2:AssociateRouteTable
ec2:AttachInternetGateway
ec2:AuthorizeSecurityGroupIngress
ec2:CreateInternetGateway
ec2:CreateRoute
ec2:CreateRouteTable
ec2:CreateSecurityGroup
ec2:CreateSubnet
ec2:CreateTags
ec2:CreateVpc
ec2:ModifySubnetAttribute
ec2:ModifyVpcAttribute
ecs:CreateCluster
ecs:CreateService
ecs:DescribeClusters
ecs:DescribeServices
ecs:RegisterTaskDefinition
ec2:DescribeVpcs
ec2:DescribeAvailabilityZones
ec2:DescribeSecurityGroups
ec2:DescribeAccountAttributes
ec2:DescribeSubnets
ec2:DescribeRouteTables
elasticloadbalancing:AddTags
elasticloadbalancing:CreateLoadBalancerListeners
elasticloadbalancing:CreateLoadBalancer
elasticloadbalancing:CreateTargetGroup
elasticloadbalancing:DescribeListeners
elasticloadbalancing:DescribeLoadBalancers
elasticloadbalancing:DescribeTargetGroups
health:DescribeEventAggregates
iam:CreateRole
iam:GetRole
iam:GetRole
iam:GetRole
iam:GetRolePolicy
iam:PutRolePolicy
iam:PassRole
rds:AddTagsToResource
rds:CreateDBInstance
rds:CreateDBParameterGroup
rds:CreateDBSubnetGroup
rds:DescribeDBInstances
rds:DescribeDBSubnetGroups
rds:DescribeEngineDefaultParameters
rds:ModifyDBParameterGroup
Code language: CSS (css)

Installation steps

Install the infrastructure

In the Try Snowplow console, click on “Install your Try Snowplow infrastructure”.
Read the notes and then select either the “Basic Installer” or the “Advanced Installer” and launch the installer.

What is the difference between the Basic and Advanced installers?

The Basic Installer is the quickest and simplest installer and should be sufficient for most use cases. The Advanced Installer provides a couple of extra configuration options; allowing you to secure your database with an IP AllowList and to set an AWS Permissions Boundary for your install.

You will be taken to AWS console to deploy the components in your AWS account; at this point you may need to sign into AWS if you are not already signed in.

You’ll be taken to AWS Console to start install

Most fields on the installation script are pre-filled, but you can
- optionally edit the stack name, should you wish to
- set a login username for the database that will be created
- set a login password for the database that will be created
- set an IP allow list for database access (advanced template only)
- set an AWS permission boundary (advanced template only)
Check the boxes under “Capabilities” to allow the creation of an IAM security role for pushing CloudWatch logs
Click “Create stack” to start the deployment of your Try Snowplow application

You have just started deployment of Try Snowplow into your own Virtual Private Cloud environment.

During installation

This installation takes around 10 minutes to run. At this point you can close AWS console and you will receive an email from Try Snowplow once the deployment is complete.

Once the infrastructure is installed, the system will assign you a dedicated, secure .try-snowplow.com URL that you will use to track events. This can take a minute or two, in the meantime you can get started with tracking events.

Further security considerations

Try Snowplow is designed to be secure by default, however if you wish to further tighten security you can take the following measures using

Limited deployment privileges

Some organizations impose limited access policies by using AWS Permissions Boundary. If your organization has this setup you can specify the Permissions Boundary ARN during setup in the PermissionsBoundaryArn field.

Requires you to select the Advanced Install option.

Restricting access to the database

You can physically restrict access to your database to IPs matching a filter by editing the Security Groups definitions.

As part of install

You can specify an IP address range to limit access to your database during install in the DatabaseAccessIPs field.

Post-install

If you use the basic installer and later decide you wish to add this security layer you can do so by following these steps:

Navigate to EC2 Service in your AWS console account, making sure you are in the same region where you installed your Try Snowplow stack.
Go to Security Groups.

Find and select the security group named $snowplow-sg-db with the description “Frontend Access to Database” (snowplow may also be your custom stack name if you provided one).
In the panel that opens select the Inbound rules tab and click “Edit inbound rules”.
Remove the existing rule if it is no longer needed (ie. 0.0.0.0/0 filter will allow for anyone with database credentials to initiate connection).

In editor change the Source value. There can be many rules applied to the same security group, so you can even set individual IP addresses in separate rules. Set a description for future reference.
Accept by clicking the “Save rules” button.

Traffic to your Try Snowplow pipeline will be dropped for a very brief period of time while the new rule is created.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_159566509_1	1 minute	Set by Google to distinguish users.
_gh_sess	session	GitHub sets this cookie for temporary application and framework state between pages like what step the user is on in a multiple step form.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
pardot	past	The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.
tk_ai	5 years	JetPack sets this cookie to store a randomly-generated anonymous ID which is used only within the admin area and for general analytics tracking.
tk_tc	session	JetPack sets this cookie to record details on how user's use the website.

Cookie	Duration	Description
driftt_aid	2 years	The driftt_aid cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
sp	1 year	This cookie is set by the host c.jabmo.app. This cookie is used to serve the content based on user interest and improve content creation.

Cookie	Duration	Description
_octo	1 year	No description available.
_sp_gtm_id.e3cb	2 years	No description
_sp_gtm_ses.e3cb	30 minutes	No description
_sp5_id.e3cb	2 years	No description available.
_sp5_ses.e3cb	30 minutes	No description available.
drift_aid	2 years	No description
drift_campaign_refresh	30 minutes	No description available.
logged_in	1 year	No description available.
lpv571483	30 minutes	No description
visitor_id571483	10 years	No description
visitor_id571483-hash	10 years	No description

Guest

Try Snowplow

Installation process

Pre-requisites

Required IAM permissions

Installation steps

Install the infrastructure

During installation

Further security considerations

Limited deployment privileges

Restricting access to the database

As part of install

Post-install