AWS Marketplace Quickstart
This guide walks you through purchasing AGENTIC STAR from AWS Marketplace and completing the deployment. After subscribing, you launch a CloudFormation stack from the AWS Marketplace launch page; the nested CloudFormation templates then provision the VPC, EKS cluster, RDS, S3 buckets, and install the Kubernetes applications automatically.
Prerequisites
- An AWS account
- IAM permissions to create and manage the following AWS resources via CloudFormation:
- EKS, EC2, VPC, IAM, RDS, S3, CloudFormation, Bedrock
- Use a region where AWS Bedrock is available (the template provisions a Bedrock Guardrail)
- Examples:
ap-northeast-1,ap-southeast-1,us-east-1,us-west-2
- Examples:
kubectland AWS CLI v2 installed locally to connect to the cluster after deployment
Steps
1. Subscribe to AGENTIC STAR on AWS Marketplace
Search for "AGENTIC STAR" on AWS Marketplace and click [Continue to Subscribe]. After accepting the terms, [Continue to Configuration] becomes available.
2. Choose Delivery Method and Region
Click [Continue to Configuration] and select the following:
| Field | Value |
|---|---|
| Delivery Method | CloudFormation |
| Software Version | The latest version |
| Region | The deployment region (see prerequisites) |
Then click [Continue to Launch].
3. Launch CloudFormation
On the Launch this software page, choose "Launch CloudFormation" under Choose Action and click [Launch]. You will be redirected to the AWS CloudFormation console with main-template.yaml pre-loaded.
The Amazon EC2 Image ID (ImageId parameter) is set automatically by AWS Marketplace. Do not change it.
The MPS3BucketName, MPS3BucketRegion, and MPS3KeyPrefix parameters are also set automatically by AWS Marketplace and must not be changed.
4. Stack Name
| Field | Description |
|---|---|
| Stack name | Identifier for the CloudFormation stack (must be unique within the region) |
5. General Settings
| Parameter | Description | Default | Constraints |
|---|---|---|---|
| Environment Name | Identifier used as a prefix for resource names | agenticstar | 3–21 characters, must start with a lowercase letter; lowercase alphanumeric and hyphens |
| Administrator Email | Email address of the initial administrator | — | Valid email address format (up to 254 characters) |
| Administrator Password | Password for the initial administrator | — | 12–128 characters, must include at least one uppercase letter, one lowercase letter, one digit, and one special character (@$!%*?&) |
| Primary Language | UI display language | ja | ja / en / fr / es / th |
6. PostgreSQL Settings
| Parameter | Description | Default | Constraints |
|---|---|---|---|
| PostgreSQL Instance Identifier | RDS instance identifier | marketplace-db | 1–63 characters |
| PostgreSQL Admin Username | Database administrator username | db_admin | 1–16 characters |
| PostgreSQL Admin Password | Database administrator password | — | 8–128 characters. The characters /, @, ", and space cannot be used |
The DB engine (PostgreSQL 16.6), instance class (db.m5.2xlarge), Multi-AZ deployment, and storage (32 GiB with autoscaling up to 500 GiB) are fixed in the template.
7. EKS Advanced Settings
Two managed node groups are configured: a System Node Group and a User Node Group.
System Pool
| Parameter | Default | Range / Allowed Values |
|---|---|---|
| System Pool VM Size | m5.2xlarge | t3.medium / t3.large / m5.large / m5.xlarge / m5.2xlarge / m5.4xlarge |
| System Pool Node Count (Desired) | 2 | 1–20 |
| System Pool Min Count | 2 | 1–20 |
| System Pool Max Count | 8 | 1–20 |
User Pool
| Parameter | Default | Range / Allowed Values |
|---|---|---|
| User Pool VM Size | m5.2xlarge | t3.medium / t3.large / m5.large / m5.xlarge / m5.2xlarge / m5.4xlarge |
| User Pool Node Count (Desired) | 2 | 1–20 |
| User Pool Min Count | 2 | 1–20 |
| User Pool Max Count | 10 | 1–20 |
Selecting an instance type smaller than recommended may cause resource shortages.
8. Datadog Settings (Optional)
Configure these parameters if you want to enable Datadog integration.
| Parameter | Description | Default | Allowed Values |
|---|---|---|---|
| Enable Datadog Integration | Enables Datadog integration | false | true / false |
| Datadog API Key | Datadog API key (required when set to true) | (empty) | — |
| Datadog Application Key | Datadog application key (required when set to true) | (empty) | — |
| Datadog Site | Datadog site | ap1.datadoghq.com | ap1.datadoghq.com / datadoghq.com / us3.datadoghq.com / us5.datadoghq.com / datadoghq.eu |
9. Acknowledge IAM and Create the Stack
In the Capabilities section, check the box that acknowledges The following resource(s) require capabilities: [AWS::IAM::Role], then click [Create stack].
The deployment automatically creates the following resources:
- VPC (public, EKS-private, and database-private subnets; NAT Gateway; Elastic IP)
- Amazon EKS cluster (Kubernetes 1.35, System and User managed node groups, 128 GiB per node)
- RDS for PostgreSQL (v16.6,
db.m5.2xlarge, Multi-AZ, pgvector extension pre-installed) - S3 buckets (private bucket with encryption, versioning, and lifecycle policies; public bucket with CORS)
- AWS Bedrock Guardrail (content safety)
- AGENTIC STAR application suite (automatically installed via Helm charts)
Deployment time depends on your environment. Monitor progress on the Events tab of the CloudFormation console.
After Deployment
Once the stack reaches CREATE_COMPLETE, retrieve the following values from the Outputs tab of the CloudFormation console.
| Output Key | Use |
|---|---|
EKSClusterName | EKS cluster name |
EKSKubectlConfigCommand | aws eks update-kubeconfig command to connect kubectl to the EKS cluster |
DBInstanceEndpoint | RDS endpoint |
S3PublicBucketURL | Website URL of the public S3 bucket |
Configure kubectl
Run the command shown in the EKSKubectlConfigCommand output value locally.
# Example of the command shown in Outputs (use the actual value from your stack)
aws eks update-kubeconfig --region <region> --name <EKSClusterName>
Then verify all Pods are Running:
kubectl get pods -A
Checking Access URLs
AGENTIC STAR creates 4 LoadBalancer services (AWS Network Load Balancers) for different purposes.
kubectl get svc -n ingress-nginx -o wide | grep LoadBalancer
| Service Name | Purpose | Access URL |
|---|---|---|
ingress-nginx-front | Main application | https://<ELB-DNS-NAME> |
ingress-nginx-admin | Admin console | https://<ELB-DNS-NAME> |
ingress-nginx-extapi | API endpoint | https://<ELB-DNS-NAME> |
The login page (ingress-nginx-auth) is intentionally omitted: due to how OAuth redirects work, opening it directly does not produce a working post-login navigation. Always start from the main application URL — the login page is invoked automatically when authentication is required.
Because AWS Network Load Balancers use ENIs spanning multiple Availability Zones, they are assigned a DNS name in the form xxxxxxxx.elb.<region>.amazonaws.com (an "ELB DNS name") rather than a fixed IP. AWS may change the underlying IPs over time, so always use the DNS name shown in the EXTERNAL-IP column of kubectl get svc.
Since self-signed certificates are used, your browser will display certificate warnings. Accept the warning to proceed on first access.
To configure custom domains, point each domain at its LoadBalancer's ELB DNS name using a CNAME record (A records pointing directly at IPs are not supported on AWS). See the Domain Settings Guide for details.
Logging In
Open the admin console URL in your browser and log in with the Administrator Email and Administrator Password you entered in CloudFormation.
As a next step, perform the initial setup in the admin console. See the Settings Guide for details.
To start using the API, see the Marketplace API Quickstart.