One-click deployment on AWS is perhaps incomplete, with broken variable and documentation references

chrispenny · July 30, 2025, 9:08pm

Hi team,

I’m brand new to this space, so apologies in advanced for anything obvious that I may have missed.

I find it very useful to just get [stuck in] with Infrastructure in order to learn new concepts, and when I saw there was a “one-click deployment” for AWS, I thought that would be a great starting point. However, I’ve been encountering some issues, and I’m not sure how to progress.

Issue 1
I get started with this README:

github.com/mosip/inji-infra-cloud

aws/README.md

develop

# INJI, one-click deployment on AWS


### Description
Inji provides a comprehensive solution for managing verifiable credentials across their entire lifecycle. It offers a suite of tools for Create, Issue, Manage, Share, Verify and Consume Credentials.
 To learn more about INJI, please visit [INJI](https://docs.mosip.io/inji).

### Packaging overview
This packaging initiative offers a practical approach to increase the adoption, streamline deployment and management of INJI building blocks on AWS by providing a reference architecture and one-click deployment automation scripts. It allows builders to manage AWS resource provisioning and application deployment in a programmatic and repeatable way.

This repository contains the source code and configuration for deploying INJI stack that leverages the power of Amazon Web Services (AWS) **[Cloud Development Kit (CDK)](https://aws.amazon.com/cdk)** for infrastructure provisioning and **[Helm](https://helm.sh)** for deploying services within an Amazon Elastic Kubernetes Service (EKS) cluster.  

**Ensure you have already installed and setup the eSignet and Sunbird RC services to proceed for INJI deployment. If you dont have it installed, please visit this [link](https://github.com/dpgonaws/inji-certify-aws-automation/) to install and setup the esignet and Sunbird RC services.**

### INJI Deployment
The INJI one-click deployment packaging offers two mode of deployments on the AWS cloud, catering to different deployment scenarios.

#### Mode One: AWS CDK + Helm
This mode offers a comprehensive solution for users who prefer a one-click deployment approach to provisioning AWS infrastructure and deploying the INJI application stack.

This file has been truncated. show original

It states that you must already be setup with eSignet and Sunbird RC, and directs you to the following repository (which doesn’t seem to exist):

https://github.com/dpgonaws/inji-certify-aws-automation/

It’s unclear to me what prerequisites I need to get set up with before I start setting up the Inji stack.

It would also be good to know if any outputs from eSignet and Sunbird RC are needed for the Inji setup. I think at the moment that is also a little unclear.

Issue 2
I decided to push ahead even without eSignet/Sunbird RC (just to see what happens), so I went into this README:

github.com/mosip/inji-infra-cloud

aws/documentation/01-Deployment-CDK-INJI.md

develop

## AWS CDK One Click Deployment ##

### CDK Stack Overview
The CDK comprises stacks designed to perform unique provisioning steps, making the overall automation modular.

  1. CDK Stacks provisioning AWS Resources
  2. CDK Stacks provisioning HELM execution charts
  3. CDK Configuration files

#### 1. CDK Stacks provisioning AWS Resources
Designed and implemented Infrastructure as Code (IaC) using AWS CDK to automate and consistently provision AWS resources. The table below lists the stacks and their corresponding default provisioned AWS resources.

| CDK Stack   name   | File name/path   | Description                                                                                       | Default AWS Resources                                                                                                                                  |
|--------------------|------------------|---------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|
| vpcstackinji    | lib/vpc-stack.ts     | Foundation stack creation including VPC,   Subnets, Route   tables, Internet Gateway, NAT Gateway | One VPC with 4 subnets, divided into 2 public subnets, 2   private subnets across two availability zones.                      |
| eksec2stackinji | lib/eks-ec2-stack.ts | Creates EKS EC2 Cluster                                                                           | An Amazon EKS cluster   provisioned with on-demand EC2 instances of the t2.medium instance class. All   EC2 instances are deployed in private subnets. |


#### 2. CDK Stacks provisioning HELM execution charts
Helm charts were implemented using AWS CDK to automate and consistently deploy INJI services. The table below lists the stacks and their corresponding EKS pod names.

This file has been truncated. show original

All noted Prerequisites have been met.

A minor comment is that the instructions tell you to cd into a directory called inji-aws-automation (which doesn’t exist), but I assumed it meant the aws directory.

I then attempt to run cdk bootstrap aws://<ACCOUNT-NUMBER>/<REGION> (replacing values appropriately), but I receive the following error:

From “lib/eks-ec2-stack.ts” I can see that no definition for this variable exists:

Because it has been commented out:

I thought about just adding the line back in, but it looks like this configuration was also quite purposefully commented out from configuration requirements, and there is no reference to it in the required environment variables:

Issue 3 (maybe?)
I also spotted some hardcoded accounts in files that aren’t mentioned in the README, and I’m wondering if those might be problematic for future steps. EG:

Issue 4 (maybe?)
I’m not sure if this bin file is used at any point, but I noticed that aws/inji-certify-aws-automation/bin/inji-certify-aws-automation.ts also has an import for a file that doesn’t exist (though, also, the import doesn’t appear to be used, so perhaps it can just be removed):

Rewinding back to the start
So, I absolutely appreciate that there are lot of complex topics that go into this technology, and it’s probably not ideal that I’m trying to dive right in, but again, this is how I find that I learn best, so it would be amazing if there were some step by step (and end to end) instructions (even if they are far more manual and not “one-click”) that will get folks like myself up and running at some basic level so that we’re free to start playing around.

Thank you so much for reading, and thank you in advance for any help!

sanchi-singh24 · July 31, 2025, 2:20pm

Hi @chrispenny

Thank you again for raising this and for your continued engagement.

To support a smoother setup and to address the gaps you encountered, we are sharing a detailed deployment guide covering the end-to-end environment setup, tool prerequisites, cluster configuration, and Wireguard access required for Inji stack deployment. Below are the prerequisites given, and for the detailed doc, click here!

Prerequisites

Tools and Utilities:

Ansible
Rancher
Command line utilities:
- kubectl
- helm
- rke (v1.3.10)
- istioctl (v1.15.0)

Helm Repositories:

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add mosip https://mosip.github.io/mosip-helm

System Requirements

Hardware, Network, and Certificate Requirements

Purpose	vCPUs	RAM	Storage	VMs	Notes
Bastion Host (Wireguard)	2	4 GB	8 GB	1	Active-passive setup
Observation Cluster	2	8 GB	32 GB	2	For Rancher & logs
Observation Nginx	2	4 GB	16 GB	1	Load balancer
Inji Cluster Nodes	8	32 GB	64 GB	3	Include nginx, etcd, control plane

Network Requirements:

Stable internal & external connectivity
All VMs must be on the same internal network
Public IP or NAT forwarding for Wireguard and Inji nginx servers (51820/udp, 443/tcp)

DNS Requirements (Sample)

Domain	Maps To	Purpose
`rancher.xyz.net`	Observation nginx	Rancher dashboard
`api.sandbox.xyz.net`	Inji nginx public IP	Public-facing APIs
`injiverify.sandbox.xyz.net`	Inji nginx	Access Inji Verify portal
…and others listed in full guide

SSL Certificate Requirements

Wildcard certificates for *.org.net (Observation) and *.sandbox.xyz.net (Inji)
Must be installed inside corresponding nginx VMs

Tools to Install on Developer Machine

Includes:

Wireguard setup (client & bastion)
Docker setup via Ansible
Secure access with preconfigured peer confs
Peer assignment and client configuration for private access

Observation Cluster Setup (Optional, Not required as a mandatory step can be skipped for now)

Setup cluster nodes with passwordless SSH
Clone and run playbooks from k8s-infra
Install rke, kubectl, helm, istioctl
Follow step-by-step scripts to:
- Install Kubernetes via RKE
- Configure Ingress and Nginx
- Deploy Rancher and monitoring apps

Once the prerequisites are completed, then we can move to the next steps to set up each module

Let us know if you face any blockers during any prerequisite steps. We’ll prioritize support and keep updating this thread as we resolve open variables or missing references.

Best regards,
MOSIP Team

Topic		Replies	Views
Inji stack one-click cdk deployment on AWS Inji inji	1	94	December 10, 2024
Not able to deploy inji-certify via docker-compose or helm Support inji	3	83	July 7, 2025
Documentation for deploying the Sunbird application and integrating it with Inji Inji inji	5	111	October 7, 2025
Not able to build Helm chart for standalone INJI deployment Inji inji	5	72	March 29, 2025
Esignet Associated with Inij-certify keeps restarting Inji inji , esignet	11	192	May 14, 2025