CNE AWS Ready: Running Liferay on AWS GovCloud

Use the Liferay Cloud Native Experience (CNE) installer to provision a Liferay environment on AWS GovCloud (US). The installer creates the required infrastructure and deploys Liferay using Kubernetes and Helm.

Subscribe to the Installer

1. Open the AWS Marketplace.

2. Search for Liferay DXP Cloud Native Installer for AWS GovCloud.

3. Subscribe to the product.

Launch the Installer Instance

1. In AWS Marketplace, navigate to Your AWS Marketplace Account → Manage your software subscriptions, and select the installer.

2. Click Launch new instance, then choose Launch from EC2 Console.

3. Configure the instance:

   • Select the latest available version.
   • Choose your target region.
   • Set an instance name.
   • Select an instance type (for example, t3.micro).
   • Select or create a key pair.

4. Configure networking.

   Use a VPC with access to AWS APIs, including AWS STS (sts.[region].amazonaws.com). Avoid private subnets without outbound access.

5. Select an IAM instance profile.

   Attach a role with sufficient permissions for provisioning resources.

   Note

   Attach the AdministratorAccess policy during setup. Replace it with a least-privilege policy after identifying required permissions.

6. (Optional) Provide additional configuration using user data.

   Use cloud-init to pass configuration files to the installer, such as a values.yaml file for the Liferay Helm chart.

   Example:

   #cloud-config
   write_files:
   - path: /opt/liferay/values.yaml
     content: |
       liferay-default:
         configmap:
           data:
             license.xml: |
               <!-- license contents -->
   

7. Launch the instance.

Connect to the Instance

1. Open the EC2 instance.

2. Click Connect and use EC2 Instance Connect.

3. Switch to the liferay user:

   su liferay
   

Verify the Deployment

1. Check the Liferay rollout status:

   cd ~/terraform/dependencies
   
   kubectl rollout status statefulset/liferay-default \
      --namespace "$(terraform output -raw deployment_namespace)" \
      --timeout=1200s
   

2. Get the public ingress host name:

   kubectl get ingress liferay-default \
      --namespace "$(terraform output -raw deployment_namespace)" \
      --output jsonpath='{.status.loadBalancer.ingress[0].hostname}'
   

3. Retrieve the admin password:

   kubectl get secret liferay-default \
      --namespace liferay-system \
      --output jsonpath='{.data.LIFERAY_DEFAULT_PERIOD_ADMIN_PERIOD_PASSWORD}' \
      | base64 --decode
   

4. Open the ingress host name in your browser.

   • Email: test@liferay.com
   • Password: the value retrieved in the previous step

Next Steps

• Add a license to your Liferay installation.
• Configure domains and TLS certificates.
• Deploy customizations using overlays or CI pipelines.