# Deployment Parameters

This article lists the definitions of parameters used in the CloudFormation stack [step 2](https://docs.codeocean.com/admin-guide/v3.0/cloudformation-deployment#step-2-specify-stack-details). We recommend to consult with end users of Code Ocean for parameters in Worker Configuration to optimize the user experience.

## Domain Configuration

* DNS Name - Code Ocean application subdomain (e.g. `codeocean`)
* DNS Root Domain - Root domain name (e.g. `acmecorp.com`)
* Existing Route 53 Hosted Zone ID - (Optional) Add Code Ocean DNS records to an existing Route 53 hosted zone. The hosted zone must reside in the same AWS account to which Code Ocean is deployed to.

## TLS Certificate Configuration

* Existing ACM Certificate ARN - (Optional) Existing ACM certificate ARN. The ceritificate must be a multi-domain (SAN) certificate, where the primary domain is the Code Ocean application subdomain (e.g. codeocean.acmecorp.com), with two additional domains in the Subject Alternative Name field of the certificate pointing to the registry and analytics subdomains (e.g. registry.codeocean.acmecorp.com and analytics.codeocean.acmecorp.com).
* Private Certificate Authority - Change to `true` if the above certificate is signed by a private certificate authority (CA)

## VPC Configuration (Should be specified only in the case of using existing VPC)

* VPC ID - Existing VPC ID. If not specified, a VPC will be created.
* Availability Zone 1 - Availability Zone 1 for the existing VPC
* Availability Zone 2 - Availability Zone 2 for the existing VPC
* Private Subnet 1 ID - Subnet ID for private subnet 1 located in Availability Zone 1 in Existing VPC
* Private Subnet 2 ID - Subnet ID for private subnet 2 located in Availability Zone 2 in Existing VPC
* Public Subnet 1 ID - Subnet ID for public subnet 1 located in Availability Zone 1 in Existing VPC
* Public Subnet 2 ID - Subnet ID for public subnet 2 located in Availability Zone 2 in Existing VPC

{% hint style="warning" %}
**Important!**

The existing VPC should be configured with a [VPC gateway endpoint for S3](https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html) to avoid routing S3 data through an internet path which can incur significant charges.
{% endhint %}

## VPC Configuration (For new VPC deployments)

* Availability Zone 1 - Availability Zone 1 for the new VPC
* Availability Zone 2 - Availability Zone 2 for the new VPC
* VPC CIDR - CIDR block for the VPC. Default value `10.0.0.0/16`
* Private Subnet 1 CIDR - CIDR block for private subnet 1 located in Availability Zone 1. Default value `10.0.0.0/20`
* Private Subnet 2 CIDR - CIDR block for private subnet 2 located in Availability Zone 2. Default value `10.0.16.0/20`
* Public Subnet 1 CIDR - CIDR block for public subnet 1 located in Availability Zone 1. Default value `10.0.96.0/20`
* Public Subnet 2 CIDR - CIDR block for public subnet 2 located in Availability Zone 2. Default value `10.0.112.0/20`

## **Deployment Type Configuration**

* Deployment Type - Choose "internet-facing" to make the deployment internet addressable (default) or choose "internal" to require a VPN to connect

## **Services Machine Configuration**

* Services Machine EC2 Instance Type - EC2 instance type for services machine. Instance type must be one of `m7i.large/m7i.xlarge/m7i.2xlarge/m7i4x.large/m7i.8xlarge`. Default value `m7i.large`

## **Worker Configuration**

* Worker EC2 Instance Type - EC2 instance type for general purpose workers. Instance type must be from the `r5d` family. Default value `r5d.4xlarge`
* Workers Auto Scale Group Max Size - Maximum number of running worker instances. Default value `10`
* Min Available Workers - Minimum number of worker instances the system keeps in its auto scaling warm pool that are ready to receive computations. Default value `1`
* GPU Worker EC2 Instance Type - EC2 instance type for GPU Workers. Instance type must be from the **P** or **G** [family](https://aws.amazon.com/ec2/instance-types/) (i.e p3.\*/ g4dn.\*/g4ad.\*). Default value `g4dn.4xlarge.` Note that not all instance types are available in every region, and you might need to replace the default value.
* GPU Workers Auto Scale Group Max Size - Maximum number of running GPU worker instances. Default value `10`
* Min Available GPU Workers - Minimum number of GPU worker instances the system keeps in its auto scaling warm pool that are ready to receive computations. Default value `1`
* Auto Scaling Idle Timeout - Number of minutes before system scales-in idle workers. Default value `60`

## **Analytics RDS Configuration**

* Analytics RDS Instance Type - RDS instance type for analytics DB. Instance type must be one of `db.t4g.small/db.t4g.medium`. Default value `db.t4g.small`

## **IAM Configuration**

* Assumable Roles - Comma delimited list of IAM role ARNs that the system can assume on behalf of users.

## **Pipelines Configuration**

* Batch Max vCpus - Maximum number of vCPUs that can be used by all batch instances. Default value `256`
* Batch Volume Size - Size, in gigabytes, of the Docker's EBS volumes for batch instances. The value must be in the range of 300 to 16384. Default value `300`
* Batch Volume IOPS - IOPS, number of I/O operations per second, of the Docker's EBS volumes for batch instances. The value must be in the range of 5000 to 16000. Default value: `5000`
* Batch Volume Throughput - Throughput, in MiB/s, of the Docker's EBS volumes for batch instances. The value must be in the range of 500 to 1000. Default value `500`

## **Network Extension Configurations for Existing VPC (Optional)**

* Availability Zone 3 - Availability Zone 3 for the existing VPC
* Availability Zone 4 - Availability Zone 4 for the existing VPC
* Availability Zone 5 - Availability Zone 5 for the existing VPC
* Availability Zone 6 - Availability Zone 6 for the existing VPC
* Private Subnet 3 ID - Subnet ID for private subnet 3 located in Availability Zone 3 in Existing VPC
* Private Subnet 4 ID - Subnet ID for private subnet 4 located in Availability Zone 4 in Existing VPC
* Private Subnet 5 ID - Subnet ID for private subnet 5 located in Availability Zone 5 in Existing VPC
* Private Subnet 6 ID - Subnet ID for private subnet 6 located in Availability Zone 6 in Existing VPC
* Public Subnet 3 ID - Subnet ID for public subnet 3 located in Availability Zone 3 in Existing VPC
* Public Subnet 4 ID - Subnet ID for public subnet 4 located in Availability Zone 4 in Existing VPC
* Public Subnet 5 ID - Subnet ID for public subnet 5 located in Availability Zone 5 in Existing VPC
* Public Subnet 6 ID - Subnet ID for public subnet 6 located in Availability Zone 6 in Existing VPC

## **Network Extension Configurations for New VPC (Optional)**

* Availability Zone 3 - Availability Zone 3 for the new VPC.
* Availability Zone 4 - Availability Zone 4 for the new VPC.
* Availability Zone 5 - Availability Zone 5 for the new VPC.
* Availability Zone 6 - Availability Zone 6 for the new VPC.
* Private Subnet 3 CIDR - CIDR block for private subnet 3 located in Availability Zone 3. Default value `10.0.32.0/20`
* Private Subnet 4 CIDR - CIDR block for private subnet 4 located in Availability Zone 4. Default value `10.0.48.0/20`
* Private Subnet 5 CIDR - CIDR block for private subnet 5 located in Availability Zone 5. Default value `10.0.64.0/20`
* Private Subnet 6 CIDR - CIDR block for private subnet 6 located in Availability Zone 6. Default value `10.0.80.0/20`
* Public Subnet 3 CIDR - CIDR block for public subnet 3 located in Availability Zone 3. Default value `10.0.128.0/20`
* Public Subnet 4 CIDR - CIDR block for public subnet 4 located in Availability Zone 4. Default value `10.0.144.0/20`
* Public Subnet 5 CIDR - CIDR block for public subnet 5 located in Availability Zone 5. Default value `10.0.160.0/20`
* Public Subnet 6 CIDR - CIDR block for public subnet 6 located in Availability Zone 6. Default value `10.0.176.0/20`

{% hint style="info" %}
Verify the *Support for Multiple Availability Zones* section on the [prerequisites](https://docs.codeocean.com/admin-guide/v3.0/deployment-guide/prerequisites) page is satisfied prior to applying changes to the above parameters.
{% endhint %}

## **Backup Configuration**

* Backup Schedule - Backup schedule CRON expression for EBS and RDS snapshots. Default value `cron(0 4 ? * * *)` defines a daily snapshot at 4AM UTC.
* Backup Retention Period - Backup retention period in days for EBS and RDS snapshots and non-current versions of objects in S3. Default value `14`
* Destination Backup Vault ARN - (Optional) Copy backup snapshots to a destination backup vault
* Destination Backup Retention Period - (Optional) Backup retention period in days for snapshots copied to the destination backup vault. Default value `90`
* Destination Backup S3 KMS Key - (Optional) AWS KMS key ARN to use for encrypting S3 object backup replicas
* Destination Backup S3 Storage Class - (Optional) AWS S3 storage class for backup object replicas. Default value `GLACIER_IR` (Glacier Instant Retrieval)
* Destination Backup S3 Bucket ARNs - (Optional) Destination backup S3 bucket ARNs

## Restore Configuration

* Restore source account ID - (Optional) AWS Account ID to restore backups from