# Installation
Integrating Karini AI into your secure enterprise environment is a streamlined, efficient process. Our deployment methodology prioritizes security, simplicity, and minimal disruption to your existing infrastructure.
Through our enterprise-grade Terraform implementation, Karini AI can be seamlessly deployed within your Virtual Private Cloud (VPC) with minimal configuration requirements. This infrastructure-as-code approach ensures consistent, repeatable deployments while maintaining the highest security standards.
To begin your deployment journey, simply contact the Karini AI implementation team for personalized deployment instructions and access to our Terraform modules customized for your specific environment.
Our technical specialists will guide you through the deployment process and ensure successful integration with your existing systems, enabling your organization to quickly leverage the full capabilities of our AI solutions.
For the deployment, you can optionally have Administrator role in your AWS account so other resources can be created or a scoped down policy as below
## Pre-requisites:
### AWS Console User
The AWS console user needs to have the following policy assigned to them:
***Substitute\*\*\*\* ****<\>**** \*\*\*\*with your own prefix***
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EKSManagement",
"Effect": "Allow",
"Action": [
"eks:CreateCluster",
"eks:DeleteCluster",
"eks:DescribeCluster",
"eks:ListClusters",
"eks:UpdateClusterConfig",
"eks:UpdateClusterVersion",
"eks:TagResource",
"eks:DescribeUpdate",
"eks:DescribeAddonVersions",
"eks:CreateAddon",
"eks:DeleteAddon",
"eks:DescribeAddon",
"eks:ListAddons",
"eks:UpdateAddon",
"eks:CreateNodegroup",
"eks:DeleteNodegroup",
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:UpdateNodegroupConfig",
"eks:UpdateNodegroupVersion",
"eks:CreateAccessEntry",
"eks:DeleteAccessEntry",
"eks:DescribeAccessEntry",
"eks:AssociateAccessPolicy",
"eks:DisassociateAccessPolicy",
"eks:ListAssociatedAccessPolicies"
],
"Resource": "*"
},
{
"Sid": "EC2VPCManagement",
"Effect": "Allow",
"Action": [
"ec2:CreateVpc",
"ec2:DeleteVpc",
"ec2:DescribeVpcs",
"ec2:DescribeVpcAttribute",
"ec2ModifyVpcAttribute",
"ec2:CreateSubnet",
"ec2:DeleteSubnet",
"ec2:DescribeSubnets",
"ec2:ModifySubnetAttribute",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress",
"ec2:CreateRouteTable",
"ec2:DeleteRouteTable",
"ec2:DescribeRouteTables",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:AssociateRouteTable",
"ec2:DisassociateRouteTable",
"ec2:CreateInternetGateway",
"ec2:DeleteInternetGateway",
"ec2:AttachInternetGateway",
"ec2:DetachInternetGateway",
"ec2:DescribeInternetGateways",
"ec2:CreateNatGateway",
"ec2:DeleteNatGateway",
"ec2:DescribeNatGateways",
"ec2:AllocateAddress",
"ec2:ReleaseAddress",
"ec2:DescribeAddresses",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:CreateLaunchTemplate",
"ec2:DeleteLaunchTemplate",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:CreateKeyPair",
"ec2:DeleteKeyPair",
"ec2:DescribeKeyPairs",
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:DescribeInstances",
"ec2:AssociateIamInstanceProfile",
"ec2:DescribeImages",
"ec2:DescribeImageAttribute",
"ec2:DescribeVolumes",
"ec2:DescribeAvailabilityZones",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeTags",
"ec2:CreateFlowLogs",
"ec2:DescribeFlowLogs",
"ec2:CreateTransitGatewayVpcAttachment",
"ec2:DeleteTransitGatewayVpcAttachment",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:AssociateTransitGatewayRouteTable",
"ec2:DisassociateTransitGatewayRouteTable",
"ec2:DescribeTransitGatewayRouteTables"
],
"Resource": "*"
},
{
"Sid": "IAMManagement",
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:GetRole",
"iam:ListRoles",
"iam:TagRole",
"iam:TagPolicy",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:GetPolicy",
"iam:ListPolicies",
"iam:GetPolicyVersion",
"iam:ListPolicyVersions",
"iam:AttachRolePolicy",
"iam:DetachRolePolicy",
"iam:PutRolePolicy",
"iam:DeleteRolePolicy",
"iam:GetRolePolicy",
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies",
"iam:CreateServiceLinkedRole",
"iam:CreateOpenIDConnectProvider",
"iam:DeleteOpenIDConnectProvider",
"iam:GetOpenIDConnectProvider",
"iam:ListOpenIDConnectProviders",
"iam:TagOpenIDConnectProvider",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:AddRoleToInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:ListInstanceProfiles",
"iam:ListInstanceProfilesForRole",
"iam:PassRole",
"iam:UpdateAssumeRolePolicy"
],
"Resource": "*"
},
{
"Sid": "StorageServices",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:GetBucketAcl",
"s3:PutBucketAcl",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:PutBucketVersioning",
"s3:PutBucketPublicAccessBlock",
"s3:PutEncryptionConfiguration",
"s3:PutLifecycleConfiguration",
"elasticfilesystem:*"
],
"Resource": "*"
},
{
"Sid": "SecurityServices",
"Effect": "Allow",
"Action": [
"kms:*",
"secretsmanager:*"
],
"Resource": "*"
},
{
"Sid": "ObservabilityServices",
"Effect": "Allow",
"Action": [
"logs:*",
"cloudwatch:*",
"application-signals:*",
"xray:*",
"rum:*",
"synthetics:*"
],
"Resource": "*"
},
{
"Sid": "ComputeServices",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:DescribeImages",
"ecr:ListImages",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:ListFunctions",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"lambda:InvokeFunction",
"lambda:TagResource"
],
"Resource": "*"
},
{
"Sid": "SearchServices",
"Effect": "Allow",
"Action": [
"es:CreateDomain",
"es:DeleteDomain",
"es:DescribeDomain",
"es:DescribeDomains",
"es:DescribeElasticsearchDomainConfig",
"es:ListDomainNames",
"es:UpdateDomainConfig",
"es:AddTags",
"es:ListTags",
"es:ESHttpGet",
"es:ESHttpPut",
"es:ESHttpPost",
"es:ESHttpHead"
],
"Resource": "*"
},
{
"Sid": "NetworkServices",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:*",
"autoscaling:*",
"acm:*"
],
"Resource": "*"
},
{
"Sid": "InfrastructureServices",
"Effect": "Allow",
"Action": [
"cloudformation:*",
"scheduler:*",
"backup:*",
"batch:*",
"states:*"
],
"Resource": "*"
},
{
"Sid": "AIMLServices",
"Effect": "Allow",
"Action": [
"sagemaker:CreateProcessingJob",
"sagemaker:DescribeProcessingJob",
"sagemaker:StopProcessingJob",
"sagemaker:InvokeEndpoint",
"neptune-db:*",
"bedrock:*",
"bedrock-agentcore:*"
],
"Resource": "*"
},
{
"Sid": "IdentityServices",
"Effect": "Allow",
"Action": [
"sts:AssumeRole",
"sts:GetCallerIdentity"
],
"Resource": "*"
},
{
"Sid": "TerraformBackend",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"s3:DeleteObject",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:DeleteItem"
],
"Resource": [
"arn:aws:s3:::<>-terraform-statefiles",
"arn:aws:s3:::<>-terraform-statefiles/*",
"arn:aws:dynamodb:*:*:table/<>-terraform-lock"
]
}
]
}
```
### EC2 Role
The EC2 role needs to have the follwoing policy assigned:
***Substitute\*\*\*\* ****<\>**** \*\*\*\*with your own prefix***
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EKSManagement",
"Effect": "Allow",
"Action": [
"eks:CreateCluster",
"eks:DeleteCluster",
"eks:DescribeCluster",
"eks:ListClusters",
"eks:UpdateClusterConfig",
"eks:UpdateClusterVersion",
"eks:TagResource",
"eks:DescribeUpdate",
"eks:DescribeAddonVersions",
"eks:CreateAddon",
"eks:DeleteAddon",
"eks:DescribeAddon",
"eks:ListAddons",
"eks:UpdateAddon",
"eks:CreateNodegroup",
"eks:DeleteNodegroup",
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:UpdateNodegroupConfig",
"eks:UpdateNodegroupVersion",
"eks:CreateAccessEntry",
"eks:DeleteAccessEntry",
"eks:DescribeAccessEntry",
"eks:AssociateAccessPolicy",
"eks:DisassociateAccessPolicy",
"eks:ListAssociatedAccessPolicies"
],
"Resource": "*"
},
{
"Sid": "EC2VPCManagement",
"Effect": "Allow",
"Action": [
"ec2:CreateVpc",
"ec2:DeleteVpc",
"ec2:DescribeVpcs",
"ec2:DescribeVpcAttribute",
"ec2:ModifyVpcAttribute",
"ec2:CreateSubnet",
"ec2:DeleteSubnet",
"ec2:DescribeSubnets",
"ec2:ModifySubnetAttribute",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress",
"ec2:CreateRouteTable",
"ec2:DeleteRouteTable",
"ec2:DescribeRouteTables",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:AssociateRouteTable",
"ec2:DisassociateRouteTable",
"ec2:CreateInternetGateway",
"ec2:DeleteInternetGateway",
"ec2:AttachInternetGateway",
"ec2:DetachInternetGateway",
"ec2:DescribeInternetGateways",
"ec2:CreateNatGateway",
"ec2:DeleteNatGateway",
"ec2:DescribeNatGateways",
"ec2:AllocateAddress",
"ec2:ReleaseAddress",
"ec2:DescribeAddresses",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:CreateLaunchTemplate",
"ec2:DeleteLaunchTemplate",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:CreateKeyPair",
"ec2:DeleteKeyPair",
"ec2:DescribeKeyPairs",
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:DescribeInstances",
"ec2:AssociateIamInstanceProfile",
"ec2:DescribeImages",
"ec2:DescribeImageAttribute",
"ec2:DescribeVolumes",
"ec2:DescribeAvailabilityZones",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeTags",
"ec2:CreateFlowLogs",
"ec2:DescribeFlowLogs",
"ec2:CreateTransitGatewayVpcAttachment",
"ec2:DeleteTransitGatewayVpcAttachment",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:AssociateTransitGatewayRouteTable",
"ec2:DisassociateTransitGatewayRouteTable",
"ec2:DescribeTransitGatewayRouteTables"
],
"Resource": "*"
},
{
"Sid": "IAMManagement",
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:GetRole",
"iam:ListRoles",
"iam:TagRole",
"iam:TagPolicy",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:GetPolicy",
"iam:ListPolicies",
"iam:GetPolicyVersion",
"iam:ListPolicyVersions",
"iam:AttachRolePolicy",
"iam:DetachRolePolicy",
"iam:PutRolePolicy",
"iam:DeleteRolePolicy",
"iam:GetRolePolicy",
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies",
"iam:CreateServiceLinkedRole",
"iam:CreateOpenIDConnectProvider",
"iam:DeleteOpenIDConnectProvider",
"iam:GetOpenIDConnectProvider",
"iam:ListOpenIDConnectProviders",
"iam:TagOpenIDConnectProvider",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:AddRoleToInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:ListInstanceProfiles",
"iam:ListInstanceProfilesForRole",
"iam:PassRole",
"iam:UpdateAssumeRolePolicy"
],
"Resource": "*"
},
{
"Sid": "StorageServices",
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:GetBucketAcl",
"s3:PutBucketAcl",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket",
"s3:PutBucketVersioning",
"s3:PutBucketPublicAccessBlock",
"s3:PutEncryptionConfiguration",
"s3:PutLifecycleConfiguration",
"elasticfilesystem:*"
],
"Resource": "*"
},
{
"Sid": "SecurityServices",
"Effect": "Allow",
"Action": [
"kms:*",
"secretsmanager:*"
],
"Resource": "*"
},
{
"Sid": "ObservabilityServices",
"Effect": "Allow",
"Action": [
"logs:*",
"cloudwatch:*",
"application-signals:*",
"xray:*",
"rum:*",
"synthetics:*"
],
"Resource": "*"
},
{
"Sid": "ComputeServices",
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:DescribeRepositories",
"ecr:DescribeImages",
"ecr:ListImages",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:ListFunctions",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"lambda:InvokeFunction",
"lambda:TagResource"
],
"Resource": "*"
},
{
"Sid": "SearchServices",
"Effect": "Allow",
"Action": [
"es:CreateDomain",
"es:DeleteDomain",
"es:DescribeDomain",
"es:DescribeDomains",
"es:DescribeElasticsearchDomainConfig",
"es:ListDomainNames",
"es:UpdateDomainConfig",
"es:AddTags",
"es:ListTags",
"es:ESHttpGet",
"es:ESHttpPut",
"es:ESHttpPost",
"es:ESHttpHead"
],
"Resource": "*"
},
{
"Sid": "NetworkServices",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:*",
"autoscaling:*",
"acm:*"
],
"Resource": "*"
},
{
"Sid": "InfrastructureServices",
"Effect": "Allow",
"Action": [
"cloudformation:*",
"scheduler:*",
"backup:*",
"batch:*",
"states:*"
],
"Resource": "*"
},
{
"Sid": "AIMLServices",
"Effect": "Allow",
"Action": [
"sagemaker:CreateProcessingJob",
"sagemaker:DescribeProcessingJob",
"sagemaker:StopProcessingJob",
"sagemaker:InvokeEndpoint",
"neptune-db:*",
"bedrock:*"
"bedrock-agentcore:*"
],
"Resource": "*"
},
{
"Sid": "IdentityServices",
"Effect": "Allow",
"Action": [
"sts:AssumeRole",
"sts:GetCallerIdentity"
],
"Resource": "*"
},
{
"Sid": "TerraformBackend",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket",
"s3:DeleteObject",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:DeleteItem"
],
"Resource": [
"arn:aws:s3:::<>-terraform-statefiles",
"arn:aws:s3:::<>-terraform-statefiles/*",
"arn:aws:dynamodb:*:*:table/<>-terraform-lock"
]
}
]
}
```
## Try Karini AI
* [Sign up ](/karini-ai-documentation/getting-started.md#sign-up)
* [Getting started ](/karini-ai-documentation/getting-started.md#getting-started)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://karini-ai.gitbook.io/karini-ai-documentation/installation.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.