Amazon Managed Workflows for Apache Airflow uses the Amazon VPC, DAG code and supporting files in your Amazon S3 storage bucket to create an environment. This chapter describes the prerequisites and Amazon resources needed to get started with Amazon MWAA.
Topics
Prerequisites
To create an Amazon MWAA environment, you may want to take additional steps to ensure you have permission to the Amazon resources you need to create.
-
Amazon account – An Amazon account with permission to use Amazon MWAA and the Amazon services and resources used by your environment.
About this guide
This section describes the Amazon infrastructure and resources you'll create in this guide.
-
Amazon VPC – The Amazon VPC networking components required by an Amazon MWAA environment. You can configure an existing VPC that meets these requirements (advanced) as seen in About networking on Amazon MWAA, or create the VPC and networking components, as defined in Create the VPC network.
-
Amazon S3 bucket – An Amazon S3 bucket to store your DAGs and associated files, such as
plugins.zip
andrequirements.txt
. Your Amazon S3 bucket must be configured to Block all public access, with Bucket Versioning enabled, as defined in Create an Amazon S3 bucket for Amazon MWAA. -
Amazon MWAA environment – An Amazon MWAA environment configured with the location of your Amazon S3 bucket, the path to your DAG code and any custom plugins or Python dependencies, and your Amazon VPC and its security group, as defined in Create an Amazon MWAA environment.
Before you begin
To create an Amazon MWAA environment, you may want to take additional steps to create and configure other Amazon resources before you create your environment.
To create an environment, you need the following:
-
Amazon KMS key – An Amazon KMS key for data encryption on your environment. You can choose the default option on the Amazon MWAA console to create an Amazon owned key when you create an environment, or specify an existing Customer managed key with permissions to other Amazon services used by your environment configured (advanced). To learn more, see Using customer managed keys for encryption.
-
Execution role – An execution role that allows Amazon MWAA to access Amazon resources in your environment. You can choose the default option on the Amazon MWAA console to create an execution role when you create an environment. To learn more, see Amazon MWAA execution role.
-
VPC security group – A VPC security group that allows Amazon MWAA to access other Amazon resources in your VPC network. You can choose the default option on the Amazon MWAA console to create a security group when you create an environment, or provide a security group with the appropriate inbound and outbound rules (advanced). To learn more, see Security in your VPC on Amazon MWAA.
Available regions
Amazon MWAA is available in the following Amazon Regions.
-
Europe (Stockholm) - eu-north-1
-
Europe (Frankfurt) - eu-central-1
-
Europe (Ireland) - eu-west-1
-
Europe (London) - eu-west-2
-
Europe (Paris) - eu-west-3
-
Asia Pacific (Mumbai) - ap-south-1
-
Asia Pacific (Singapore) - ap-southeast-1
-
Asia Pacific (Sydney) - ap-southeast-2
-
Asia Pacific (Tokyo) - ap-northeast-1
-
Asia Pacific (Seoul) - ap-northeast-2
-
US East (N. Virginia) - us-east-1
-
US East (Ohio) - us-east-2
-
US West (Oregon) - us-west-2
-
Canada (Central) - ca-central-1
-
South America (São Paulo) - sa-east-1
What's next?
-
Learn how to create an Amazon S3 bucket in Create an Amazon S3 bucket for Amazon MWAA.