automation-suite
2.2510
true
- Overview
- Requirements
- Deployment templates
- Manual: Preparing the installation
- Manual: Preparing the installation
- Step 2: Configuring the OCI-compliant registry for offline installations
- Step 3: Configuring the external objectstore
- Step 4: Configuring High Availability Add-on
- Step 5: Configuring SQL databases
- Step 7: Configuring the DNS
- Step 8: Configuring the disks
- Step 9: Configuring kernel and OS level settings
- Step 10: Configuring the node ports
- Step 11: Applying miscellaneous settings
- Step 12: Validating and installing the required RPM packages
- Step 13: Generating cluster_config.json
- Cluster_config.json Sample
- General configuration
- Profile configuration
- Certificate configuration
- Database configuration
- External Objectstore configuration
- Pre-signed URL configuration
- ArgoCD configuration
- Kerberos authentication configuration
- External OCI-compliant registry configuration
- Disaster recovery: Active/Passive and Active/Active configurations
- High Availability Add-on configuration
- Orchestrator-specific configuration
- Insights-specific configuration
- Process Mining-specific configuration
- Document Understanding-specific configuration
- Automation Suite Robots-specific configuration
- AI Center-specific configuration
- Monitoring configuration
- Optional: Configuring the proxy server
- Optional: Enabling resilience to zonal failures in a multi-node HA-ready production cluster
- Optional: Passing custom resolv.conf
- Optional: Increasing fault tolerance
- Adding a dedicated agent node with GPU support
- Adding a Dedicated Agent Node for Automation Suite Robots
- Step 15: Configuring the temporary Docker registry for offline installations
- Step 16: Validating the prerequisites for the installation
- Running uipathctl
- Manual: Performing the installation
- Post-installation
- Cluster administration
- Managing products
- Getting Started with the Cluster Administration portal
- Migrating Redis from in-cluster to external High Availability Add-on
- Migrating data between objectstores
- Migrating in-cluster objectstore to external objectstore
- Migrating from in-cluster registry to an external OCI-compliant registry
- Switching to the secondary cluster manually in an Active/Passive setup
- Disaster Recovery: Performing post-installation operations
- Converting an existing installation to multi-site setup
- Guidelines on upgrading an Active/Passive or Active/Active deployment
- Guidelines on backing up and restoring an Active/Passive or Active/Active deployment
- Scaling a single-node (evaluation) deployment to a multi-node (HA) deployment
- Monitoring and alerting
- Migration and upgrade
- Migrating between Automation Suite clusters
- Upgrading Automation Suite
- Downloading the installation packages and getting all the files on the first server node
- Retrieving the latest applied configuration from the cluster
- Updating the cluster configuration
- Configuring the OCI-compliant registry for offline installations
- Executing the upgrade
- Performing post-upgrade operations
- Product-specific configuration
- Best practices and maintenance
- Troubleshooting
- How to troubleshoot services during installation
- How to reduce permissions for an NFS backup directory
- How to uninstall the cluster
- How to clean up offline artifacts to improve disk space
- How to clear Redis data
- How to enable Istio logging
- How to manually clean up logs
- How to clean up old logs stored in the sf-logs bucket
- How to disable streaming logs for AI Center
- How to debug failed Automation Suite installations
- How to delete images from the old installer after upgrade
- How to disable TX checksum offloading
- How to manually set the ArgoCD log level to Info
- How to expand AI Center storage
- How to generate the encoded pull_secret_value for external registries
- How to address weak ciphers in TLS 1.2
- How to check the TLS version
- How to work with certificates
- How to schedule Ceph backup and restore data
- How to collect DU usage data with in-cluster objectstore (Ceph)
- How to install RKE2 SELinux on air-gapped environments
- How to clean up old differential backups on an NFS server
- Error in downloading the bundle
- Offline installation fails because of missing binary
- Certificate issue in offline installation
- SQL connection string validation error
- Azure disk not marked as SSD
- Failure after certificate update
- Antivirus causes installation issues
- Automation Suite not working after OS upgrade
- Automation Suite requires backlog_wait_time to be set to 0
- Temporary registry installation fails on RHEL 8.9
- Frequent restart issue in uipath namespace deployments during offline installations
- DNS settings not honored by CoreDNS
- Upgrade fails due to unhealthy Ceph
- RKE2 not getting started due to space issue
- Upgrade fails due to classic objects in the Orchestrator database
- Ceph cluster found in a degraded state after side-by-side upgrade
- Service upgrade fails for Apps
- In-place upgrade timeouts
- Upgrade fails in offline environments
- snapshot-controller-crds pod in CrashLoopBackOff state after upgrade
- Upgrade fails due to overridden Insights PVC sizes
- Upgrade failure due to uppercase hostname
- Setting a timeout interval for the management portals
- Authentication not working after migration
- Kinit: Cannot find KDC for realm <AD Domain> while getting initial credentials
- Kinit: Keytab contains no suitable keys for *** while getting initial credentials
- GSSAPI operation failed due to invalid status code
- Alarm received for failed Kerberos-tgt-update job
- SSPI provider: Server not found in Kerberos database
- Login failed for AD user due to disabled account
- ArgoCD login failed
- Update the underlying directory connections
- Failure to get the sandbox image
- Pods not showing in ArgoCD UI
- Redis probe failure
- RKE2 server fails to start
- Secret not found in UiPath namespace
- ArgoCD goes into progressing state after first installation
- Missing Ceph-rook metrics from monitoring dashboards
- Mismatch in reported errors during diagnostic health checks
- No healthy upstream issue
- Redis startup blocked by antivirus
- Running High Availability with Process Mining
- Process Mining ingestion failed when logged in using Kerberos
- Unable to connect to AutomationSuite_ProcessMining_Warehouse database using a pyodbc format connection string
- Airflow installation fails with sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
- How to add an IP table rule to use SQL Server port 1433
- Automation Suite certificate is not trusted from the server where CData Sync is running
- Running the diagnostics tool
- Using the Automation Suite support bundle
- Exploring Logs
- Exploring summarized telemetry
Automation Suite on Linux installation guide
Last updated Mar 26, 2026
AWS Marketplace deployment architecture
Architecture diagram
Complete component list
Entry points
The UiPath AWS Marketplace deployment has a single entry point.
Nested stacks
- Uipath-sf:
- SSL stack
- Routing stack
- Server stack
- Database stack
- Backup stack
- Management stack
- Lambda functions (
AWS::Lambda::Function):FindAMIFunction- for finding a matching AMI Id.CreateInputJsonFunction- for creating the configuration used by the Automation Suite installer.ComputeResourceSizeFunction- for computing the minimum EC2 instances hardware configuration needed, based on the selected services and deployment type.
- IAM roles (
AWS::IAM::Role) for the Lambda functions to provide minimum permissions:FindAmiLambdaRoleCreateInputJsonLambdaRoleComputeResourceSizeLambdaRole
- Secrets (
AWS::SecretsManager::Secret) to store sensitive information:RDSPasswordOrgSecretPlatformSecretArgoCdSecretArgoCdUserSecretInputJsonSecretKubeconfigSecret
- SSL Stack (optional)
- Network stack (optional)
- Backup stack (optional):
ClusterBackupStorage(AWS::EFS::FileSystem) - Amazon Elastic File System used to store the backup.SharedStorageSecurityGroup(AWS::EC2::SecurityGroup) - Security group used to allow NFS network connections from the cluster nodes.SharedStorageMountTargetOne(AWS::EFS::MountTarget) - Resource that creates the mount target for the EFS file system and the first private subnet.SharedStorageMountTargetTwo(AWS::EFS::MountTarget) - Resource that creates the mount target for the EFS file system and the second private subnet.SharedStorageMountTargetThree(AWS::EFS::MountTarget) - Optional resource that creates the mount target for the EFS file system and the third private subnet.
- Database stack:
RDSDBInstance(AWS::RDS::DBInstance) - The Amazon RDS DB instance. The DB SKU isdb.m5.2xlarge.DBSubnetGroup(AWS::RDS::DBSubnetGroup) - Private subnet group that contains the private subnets.DbSecurityGroup(AWS::EC2::SecurityGroup) - Security Group allowing access to the DB instance.PMRDSDBInstance(AWS::RDS::DBInstance) - Dedicated Amazon RDS DB instance for Process Mining. Only deployed when Process Mining is enabled and the deployment isMulti Node. The DB SKU isdb.m5.4xlarge.
- Routing stack:NOTE: The Alb and Nlb stacks are mutually exclusive configurations
- Alb stack:
ExternalLoadBalancer(AWS::ElasticLoadBalancingV2::LoadBalancer) - Application load balancer used to distribute Automation Suite traffic. It can be internal or internet-facing.ELBSecurityGroup(AWS::EC2::SecurityGroup) - The security group applied to the load balancer.HttpsTargetGroup(AWS::ElasticLoadBalancingV2::TargetGroup) - The target group of the load balancer.HttpsListener(AWS::ElasticLoadBalancingV2::Listener) - The listener for the load balancer.
- Nlb stack:
ExternalLoadBalancer(AWS::ElasticLoadBalancingV2::LoadBalancer) - Network load balancer used to distribute Automation Suite traffic. It can be internal or internet-facing.TcpTargetGroup(AWS::ElasticLoadBalancingV2::TargetGroup) - The target group of the load balancer.TcpListener(AWS::ElasticLoadBalancingV2::Listener) - The listener for the load balancer.
KubeLoadBalancer(AWS::ElasticLoadBalancingV2::LoadBalancer) - Private network load balancer used for node registration.KubeApiTcpTargetGroup(AWS::ElasticLoadBalancingV2::TargetGroup) - The target group for the node registration traffic of theKubeLoadBalancer.KubeApiTcpListener(AWS::ElasticLoadBalancingV2::Listener) - The listener for the node registration traffic of theKubeLoadBalancer.Rke2RegistrationTcpTargetGroup(AWS::ElasticLoadBalancingV2::TargetGroup) - The target group for the node registration traffic of theKubeLoadBalancer.Rke2RegistrationTcpListener(AWS::ElasticLoadBalancingV2::Listener) - The listener for the node registration traffic of theKubeLoadBalancer.RootRecordSet(AWS::Route53::RecordSet) - DNS A record for the FQDN.SubdomainRecordSet(AWS::Route53::RecordSet) - DNS A record for the subdomains of the FQDN.
- Alb stack:
- Management stack:
LifecycleAutomationLogs(AWS::Logs::LogGroup) - Log group for logging events from the SSM automation.ClusterOperationsAutomationLogs- Log group for logging events related to cluster operations.OnDemandRestoreStateMachine(AWS::StepFunctions::StateMachine) - Step function used to orchestrate the restore flow.- SSM Documents (
AWS::SSM::Document) sets of steps used to provide graceful node removal:ServerRemoveInstanceDocumentAgentRemoveInstanceDocumentUpdateAMIDocument- Updates the AMI ID for the Auto Scaling Groups.RegisterAiCenter- Registers AI Center to an external Orchestrator provided at deployment time.OnDemandBackup- Creates a manual snapshot of the Automation Suite cluster.GetBackupList- Retrieves all available snapshots for the Automation Suite cluster.OnDemandRestoreDocument- Restores the Automation Suite cluster from a given snapshot.
- Autoscaling Lyfecycle hooks (
AWS::AutoScaling::LifecycleHook) that allow us to run the SSM documents when an EC2 instance receives an instance termination event:ServerAsgLifeCycleHookTerminatingAgentAsgLifeCycleHookTerminatingAsRobotsAsgLifeCycleHookTerminating
- Event rules (
AWS::Events::Rule) that trigger the execution of the SSM Documents:ServerTerminateEventRuleAgentTerminateEventRuleAsRobotsTerminateEventRule
- IAM roles (
AWS::IAM::Role) needed for running SSM Documents and adding logs to the Log Group:AutomationAssumeRoleEventsBridgeAssumeRoleStateMachinesAssumeRole
Note:AutomationAssumeRoleandStateMachinesAssumeRoleallow full access to Amazon SSN. For more information, see AmazonSSMFullAccess. - Server stack:
ServerLaunchConfiguration(AWS::EC2::LaunchTemplate) - EC2 instance configuration for the server nodes. Disk configuration:- OS disk - sku gp3, capacity 256GB
- Cluster disk - sku gp3, capacity 300GB
- etcd disk - sku io1, capacity 32GB
- Data disk - sku gp3, capacity 512GB regardless of the selected services.
- Objectstore disk - sku gp3, capacity 512GB
- Optional disk for Automation Suite Robots package caching - sku gp3, capacity 32GB. The disk is deployed only if the the Automation Suite Robots service is enabled in a single-node deployment
AgentLaunchConfiguration(AWS::EC2::LaunchTemplate) - EC2 instance configuration for the agent nodes. Disk configuration:- OS disk - sku gp3, capacity 128GB
- Cluster disk - sku gp3, capacity 256GB
ASRobotsLaunchTemplate(AWS::EC2::LaunchTemplate) - EC2 instance configuration for the ASRobots nodes. Disk configuration:- OS disk - sku gp3, capacity 128GB
- Cluster disk - sku gp3, capacity 256GB
- Robot package caching disk - sku gp3, capacity 32GB
GpuEnabledNode(AWS::EC2::Instance) - Optional GPU node. It has the same disk configuration as an agent.BastionHost(AWS::EC2::Instance) - Optional EC2 instance used to SSH to cluster nodes. It has thet3.largeinstance type and a 200GB gp3 disk.ServerAutoScalingGroup(AWS::AutoScaling::AutoScalingGroup) - Auto scaling group for the servers.AgentAutoScalingGroup(AWS::AutoScaling::AutoScalingGroup) - Auto scaling group for the agents.ASRobotsAutoScalingGroup- Auto scaling Group for dedicated Automation Suite Robots nodes. The capacity of this scaling group is 1 if the deployment isMulti Nodeand the Automation Suite Robots service is enabled, and 0 otherwise.- Optional
ServiceFabricIamRole(AWS::IAM::Role) that has permissions to:- write logs
- read EC2 instances configurations
- download AWS Quickstart resources
- access the Automation Suite installation configuration secret
- access the cluster kubeconfig configuration secret
ServiceFabricSecurityGroup(AWS::EC2::SecurityGroup) - Security Group allowing access to UiPath® applications.BastionSecurityGroup(AWS::EC2::SecurityGroup) - Optional Security Group allowing SSH access to BastionAsgProcessModifierFunction(AWS::Lambda::Function) - Used to modify the ASG processes during CF stack creation.AsgProcessModificationRole(AWS::IAM::Role) - IAM role to provide minimum permissions for theAsgProcessModifierFunction- SSM parameters (
AWS::SSM::Parameter):InstanceAMIIdSSMParameter- Stores the AMI ID of the nodes.InstanceAMIImageNameSSMParameter- Holds the Image Name used at deployment time or updated via theUpdateAMIDocument.
- Autoscaling Lyfecycle hooks (
AWS::AutoScaling::LifecycleHook) that allow us to transition EC2 instances to InService state after the installer succeeded:ServerAsgLifeCycleHookLaunchingAgentAsgLifeCycleHookLaunchingASRobotsAsgLifeCycleHookLaunching
Deployment and instance type mapping
The template dynamically computes the hardware needed for the deployment as follows:
- Depending on the services installed, it sets minimum requirements at cluster level.
- Depending on the deployment profile (multi-node or single-node profile), it sets minimum requirements for a single VM.
- Selects the instance types based on their availability in the region you deploy and the aforementioned requirements.
The following table shows the mappings between deployment and possible instance types:
| Deployment type | Instance types |
|---|---|
| Single-node, services selection that needs less than 16 CPUs | c5.4xlarge, c5a.4xlarge, m5.4xlarge, m5a.4xlarge |
| Single-node, services selection that needs more than 16 CPUs | c5a.8xlarge, c5.9xlarge, m5.8xlarge |
| Multi-node, services selection that needs less than 48 CPUs | c5.4xlarge, c5a.4xlarge, m5.4xlarge, m4.4xlarge |
| Multi-node, services selection that needs more than 48 CPUs | c5a.8xlarge, c5.9xlarge, m5.8xlarge, m5a.8xlarge |