VMware Tanzu Application Platform on AWS

Partner Solution Deployment Guide

QS

October 2022
Satya Dillikar and Siteng Yu, VMware, Inc.
Elvis Pappachen, AWS VMware Partner team
Troy Lindsay, AWS Integration & Automation team

Refer to the GitHub repository to view source files, report bugs, submit feature ideas, and post feedback about this Partner Solution. To comment on the documentation, refer to Feedback.

This Partner Solution was created by VMware, Inc. in collaboration with Amazon Web Services (AWS). Partner Solutions are automated reference deployments that help people deploy popular technologies on AWS according to AWS best practices. If you’re unfamiliar with AWS Partner Solutions, refer to the AWS Partner Solution General Information Guide.

Overview

This Partner Solution deploys VMware Tanzu Application Platform (TAP) to the AWS Cloud. This Partner Solution is for users who want a repeatable and customizable reference deployment for VMware Tanzu Application Platform on Amazon Elastic Kubernetes Service (Amazon EKS) using AWS CloudFormation. This guide provides instructions for deploying the Tanzu Application Platform to Amazon EKS clusters. For more information about Tanzu Application Platform, refer to https://tanzu.vmware.com/application-platform.

Costs and licenses

There is no cost to use this Partner Solution, but you will be billed for any AWS services or resources that this Partner Solution deploys. For more information, refer to the AWS Partner Solution General Information Guide.

To purchase a license for VMware Tanzu Application Platform, contact VMware Tanzu.

Architecture

Deploying this Partner Solution with default parameters builds the following Tanzu Application Platform environment in the AWS Cloud.

Architecture
Figure 1. Partner Solution architecture for Tanzu Application Platform on AWS

As shown in Figure 1, this Partner Solution sets up the following:

  • A highly available architecture that spans either two or three Availability Zones.*

  • A virtual private cloud (VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*

  • An Amazon Route 53 private hosted zone for the TAP user interface.

  • In the public subnets:

    • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.

    • In one public subnet:

      • An Amazon Elastic Compute Cloud (Amazon EC2) Linux instance to bootstrap the installation of VMware Tanzu Application Platform in an Amazon EKS cluster and serve as administrator bastion host.

      • An Amazon EC2 Windows bastion host for access to the Tanzu Application Platform user interface.

  • In the private subnets:

    • A group of Amazon EKS nodes in an Auto Scaling Group with Contour Envoy ingress controller pods and the TAP installation. For a complete list of the Tanzu Application Platform packages, refer to Verify the installed packages.

    • A Network Load Balancer (NLB) attached to the private subnets to direct traffic to the Contour Envoy pod. The Contour Envoy container provides ingress and reverse proxy to the TAP pods for the TAP user interface and metadata store.

  • Amazon CloudWatch for storing Linux bastion host metrics and TAP bootstrap logs.

  • AWS Secrets Manager for storing VMware Tanzu Network credentials for the TAP cluster.

  • Amazon Elastic Container Registry (Amazon ECR) for five private repositories: three for TAP installation and two for sample workload installation.

  • Amazon EKS for the Kubernetes control plane cluster that runs TAP, Contour Envoy, and other containerized applications.

* The template that deploys the Partner Solution into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

Deployment options

This Partner Solution provides the following deployment options:

This Partner Solution provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and Tanzu Application Platform settings.

Predeployment steps

Technical Requirements

Before you launch the Partner Solution, review the following information and ensure that your account is properly configured. Otherwise, the deployment might fail.

An Amazon EC2 Key Pair is required for the deployment of this Partner Solution, and the key type must be RSA, not ED25519. For more information, refer to Amazon EC2 key pairs and Windows instances and Troubleshooting, later in this guide.

Resource quotas

If necessary, request service quota increases for the following resources. You might need to request increases if your existing deployment currently uses these resources and if this Partner Solution deployment could result in exceeding the default quotas. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, refer to What is Service Quotas? and AWS service quotas.

Resource This deployment uses

VPCs

1

Subnets

6

Security groups

2

Internet gateways

1

NAT gateways

3

Amazon ECR repositories

5

Amazon EKS clusters

1

Secrets Manager secrets

1

EC2 instance (m5.xlarge)

1

EC2 instance (t3.medium)

1

Route 53 private hosted zones

1

VMware Tanzu Network account

This Partner Solution requires a VMware Tanzu Network account with a username, password, and a user account and authentication (UAA) refresh API token.

Create a new VMware Tanzu Network login

Complete the following steps to create a VMware Tanzu Network login.

  1. Navigate to https://network.tanzu.vmware.com/.

  2. Choose Sign In.

  3. Choose Create account.

  4. On the Create your VMware account page, complete the form, and choose Sign Up.

  5. Log in to VMware using the new user credentials.

Generate a VMware Tanzu Network API token

This Partner Solution requires an API token from the VMware Tanzu Network site to download the packages required to install Tanzu Application Platform.

  1. Log in to VMware Tanzu Network.

  2. Choose Edit Profile from the dropdown list next to your username.

  3. Choose Request new refresh token.

  4. Copy the refresh token. Enter it for the API Token (TanzuApiToken) parameter during deployment.

Accept VMware EULAs

Before deploying this Partner Solution, you must accept the following VMware End User License Agreements (EULAs) for the VMware Tanzu Network account used for the deployment. For more information, refer to Accept the End User License Agreements.

Failure to accept the EULAs before deployment will result in the failure of the Tanzu Application Platform installation.

VMware Customer Experience Improvement Program (CEIP)

VMware Tanzu Application Platform participates in the VMware CEIP. As part of CEIP, VMware collects technical information about your organization’s use of VMware products and services in association with your organization’s VMware license keys.

You may join or leave CEIP at any time. The CEIP Standard Participation Level provides VMware with information to improve its products and services, identify and fix problems, and advise you on how to best deploy and use VMware products. For example, this information can enable a proactive product deployment discussion with your VMware account team or VMware support team to help resolve your issues. This information cannot directly identify any individual.

You must acknowledge that you have read the VMware CEIP policy before you can proceed with the installation.

For more information, refer to Install your Tanzu Application Platform profile. To opt out of telemetry reporting after installation completes, refer to Opting out of telemetry collection.

Deployment steps

  1. Sign in to your AWS account, and launch this Partner Solution, as described under Deployment options. The AWS CloudFormation console opens with a prepopulated template.

  2. Choose the correct AWS Region, and then choose Next.

  3. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  4. On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    Unless you’re customizing the Partner Solution templates or are instructed otherwise in this guide’s Predeployment section, don’t change the default settings for the following parameters: QSS3BucketName, QSS3BucketRegion, and QSS3KeyPrefix. Changing the values of these parameters will modify code references that point to the Amazon Simple Storage Service (Amazon S3) bucket name and key prefix. For more information, refer to the AWS Partner Solutions Contributor’s Guide.
  5. On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.

  6. On the Review page, review and confirm the template settings. Under Capabilities, select all of the check boxes to acknowledge that the template creates AWS Identity and Access Management (IAM) resources that might require the ability to automatically expand macros.

  7. Choose Create stack. The stack takes about 1 hour to deploy.

  8. Monitor the stack’s status, and when the status is CREATE_COMPLETE, the VMware Tanzu Application Platform deployment is ready.

  9. To view the created resources, choose the Outputs tab.

Parameter reference

Parameters for deploying a Tanzu Application Platform cluster to a new VPC

Table 1. VMware Tanzu Network configuration
Parameter Parameter Label Default Value Description

AcceptEULAs

Have all applicable VMware Tanzu Network EULAs been accepted?

No

Choose Yes if you already accepted the Cluster Essentials for VMware Tanzu and VMware Tanzu Application Platform EULAs. TAP will fail to install if both EULAs are not accepted for the specified VMware Tanzu Network user account.

AcceptCEIP

Have you read and accepted the VMware CEIP policy?

No

Choose Yes if you have read and accepted the VMware CEIP policy.

TanzuNetUsername

Username

VMware Tanzu Network user name. To create an account, sign up at https://account.run.pivotal.io/z/uaa/sign-up.

TanzuNetPassword

Password

VMware Tanzu Network password.

TanzuApiToken

API Token

VMware Tanzu Network UAA API refresh token. For more information, refer to VMware Tanzu Network API documentation.

TanzuNetRelocateImages

Relocate TAP images

No

Choose Yes to relocate TAP images from the VMware Tanzu Network registry to your ECR registry. If you do not relocate the images, Tanzu Application Platform uses the VMware Tanzu Network registry to operate.

Table 2. VMware Tanzu Application Platform configuration
Parameter Parameter Label Default Value Description

TAPVersion

Version

1.3.0

Version of TAP to deploy. The selected version must also support the selected Kubernetes version. For more information, refer to Kubernetes cluster requirements.

TAPDomainName

Domain name

Private DNS domain name that will be used for accessing the TAP graphical user interface (GUI) and project URLs.

Table 3. Sample app configuration
Parameter Parameter Label Default Value Description

SampleAppName

Name

tanzu-java-web-app-workload

Name of sample application to deploy into the Amazon EKS cluster.

Table 4. Basic configuration
Parameter Parameter Label Default Value Description

AvailabilityZones

Availability Zones

List of Availability Zones to use for the subnets in the VPC. Three Availability Zones are used for this deployment.

NumberOfAZs

Number of Availability Zones

3

Number of Availability Zones to use in the VPC. This must match the value entered for the AvailabilityZones parameter.

KeyPairName

EC2 key pair name

The name of the EC2 key pair used for SSH access to the Linux bastion host/bootstrap instance and EKS cluster nodes, as well as for encrypting the Windows bastion host password. As of June 21, 2022, only RSA key types are supported due to Windows instances not supporting ED25519. For more information, refer to Amazon EC2 key pairs and Windows instances.

RemoteAccessCidr

Remote access CIDR

IPv4 CIDR block permitted to connect to the Windows and Linux bastion hosts. We recommend that you set this value to a trusted network.

Table 5. Default VPC configuration
Parameter Parameter Label Default Value Description

VPCCIDR

VPC CIDR

10.0.0.0/16

CIDR block for the VPC.

PrivateSubnet1CIDR

Private subnet 1 CIDR

10.0.0.0/19

CIDR block for private subnet 1, located in Availability Zone 1.

PrivateSubnet2CIDR

Private subnet 2 CIDR

10.0.32.0/19

CIDR block for private subnet 2, located in Availability Zone 2.

PrivateSubnet3CIDR

Private subnet 3 CIDR

10.0.64.0/19

CIDR block for private subnet 3, located in Availability Zone 3.

PublicSubnet1CIDR

Public subnet 1 CIDR

10.0.128.0/20

CIDR block for the public subnet 1, located in Availability Zone 1.

PublicSubnet2CIDR

Public subnet 2 CIDR

10.0.144.0/20

CIDR block for the public subnet 2, located in Availability Zone 2.

PublicSubnet3CIDR

Public subnet 3 CIDR

10.0.160.0/20

CIDR block for the public subnet 3, located in Availability Zone 3.

Table 6. Amazon EKS configuration
Parameter Parameter Label Default Value Description

EKSClusterName

EKS cluster name

Name of the EKS cluster where TAP deploys.

KubernetesVersion

Kubernetes version

1.22

Version of Kubernetes control plane to deploy. The selected version must support the selected version of TAP. For more information, refer to Kubernetes cluster requirements.

NodeInstanceType

Instance type

m5.xlarge

Amazon EKS cluster node instance type.

NodeVolumeSize

Volume size

80

Amazon EBS root volume size for Amazon EKS nodes.

NumberOfNodes

Number of nodes

4

Minimum number of nodes to create for the TAP EKS cluster.

MaxNumberOfNodes

Maximum number of nodes

6

Maximum number of available nodes for the TAP EKS cluster in auto scaling.

Table 7. Linux bastion host/bootstrap instance configuration
Parameter Parameter Label Default Value Description

LinuxBastionOS

OS

Ubuntu-Server-22.04-LTS-HVM

Operating system for the Linux bastion host/bootstrap instance.

LinuxBastionSshPort

SSH port

22

TCP port to use for the Linux bastion host listening port.

Table 8. AWS Partner Solution S3 bucket configuration
Parameter Parameter Label Default Value Description

QSS3BucketName

Name

aws-quickstart

Name of the S3 bucket for your copy of the Partner Solution assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Partner Solution location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). For more information, refer to https://aws-quickstart.github.io/option1.html.

QSS3BucketRegion

Region

us-east-1

AWS Region where the Partner Solution S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Partner Solution location. When using your own bucket, specify the Region. For more information, refer to https://aws-quickstart.github.io/option1.html.

QSS3KeyPrefix

Key prefix

S3 key prefix that is used to simulate a directory for your copy of the Partner Solution assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Partner Solution location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. For more information, refer to https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html.

Parameters for deploying a Tanzu Application Platform cluster to an existing VPC

Table 9. VMware Tanzu Network configuration
Parameter Parameter Label Default Value Description

AcceptEULAs

Have all applicable VMware Tanzu Network EULAs been accepted?

No

Choose Yes if you already accepted the Cluster Essentials for VMware Tanzu and VMware Tanzu Application Platform EULAs. TAP will fail to install successfully if both EULAs are not accepted for the specified VMware Tanzu Network user account.

AcceptCEIP

Have you read and accepted the VMware CEIP policy?

No

Choose Yes if you have read and accepted the VMware CEIP policy.

TanzuNetUsername

Username

VMware Tanzu Network user name. To create an account, sign up at https://account.run.pivotal.io/z/uaa/sign-up.

TanzuNetPassword

Password

VMware Tanzu Network password.

TanzuApiToken

API Token

VMware Tanzu Network UAA API refresh token. For more information, refer to the VMware Tanzu Network API documentation.

TanzuNetRelocateImages

Relocate TAP images

No

Choose Yes to relocate TAP images from the VMware Tanzu Network registry to your ECR registry. If you do not relocate the images, Tanzu Application Platform uses the VMware Tanzu Network registry to operate.

Table 10. VMware Tanzu Application Platform configuration
Parameter Parameter Label Default Value Description

TAPVersion

Version

1.3.0

Version of TAP to deploy. The selected version must also support the selected Kubernetes version. For more information, refer to Kubernetes cluster requirements.

TAPDomainName

Domain name

Private DNS domain name to access the TAP user interface and project URLs.

Table 11. Sample app configuration
Parameter Parameter Label Default Value Description

SampleAppName

Name

tanzu-java-web-app-workload

Name of sample application to deploy into the Amazon EKS cluster.

Table 12. Basic configuration
Parameter Parameter Label Default Value Description

KeyPairName

EC2 key pair name

The name of the EC2 key pair used for SSH access to the Linux bastion host / bootstrap instance and EKS cluster nodes, and for encrypting the Windows bastion host password. As of June 21, 2022, only RSA key types are supported due to Windows instances not supporting ED25519. For more information, refer to Amazon EC2 key pairs and Windows instances.

RemoteAccessCidr

Remote access CIDR

IPv4 CIDR block permitted to connect to the Windows and Linux bastion hosts. We recommend that you set this value to a trusted network.

Table 13. VPC network configuration
Parameter Parameter Label Default Value Description

VpcId

VPC ID

ID of your existing VPC (for example, vpc-0343606e).

PrivateSubnet1Id

Private subnet 1 ID

ID of the private subnet in Availability Zone 1 of your existing VPC (for example, subnet-fe9a8b32).

PrivateSubnet2Id

Private subnet 2 ID

ID of the private subnet in Availability Zone 2 of your existing VPC (for example, subnet-be8b01ea).

PrivateSubnet3Id

Private subnet 3 ID

ID of the private subnet in Availability Zone 3 of your existing VPC (for example, subnet-abd39039).

PublicSubnet1Id

Public subnet 1 ID

ID of the public subnet in Availability Zone 1 of your existing VPC (for example, subnet-a0246dcd)

Table 14. Amazon EKS configuration
Parameter Parameter Label Default Value Description

EKSClusterName

EKS cluster name

Name of the EKS cluster where TAP will be deployed.

KubernetesVersion

Kubernetes version

1.22

Version of Kubernetes control plane to deploy. The selected version must support the selected version of TAP. For more information, refer to Kubernetes cluster requirements.

NodeInstanceType

Instance type

m5.xlarge

Amazon EKS cluster node instance type.

NodeVolumeSize

Volume size

80

Amazon EBS root volume size for Amazon EKS nodes.

NumberOfNodes

Number of nodes

4

Minimum number of nodes to create for the TAP EKS cluster.

MaxNumberOfNodes

Maximum number of nodes

6

Maximum number of available nodes for the TAP EKS cluster in auto scaling.

Table 15. Linux bastion host/bootstrap instance configuration
Parameter Parameter Label Default Value Description

LinuxBastionOS

OS

Ubuntu-Server-22.04-LTS-HVM

Operating system for the Linux bastion host/bootstrap instance.

LinuxBastionSshPort

SSH port

22

TCP port to use for the Linux bastion host listening port.

Table 16. AWS Partner Solution S3 bucket configuration
Parameter Parameter Label Default Value Description

QSS3BucketName

Name

aws-quickstart

Name of the S3 bucket for your copy of the Partner Solution assets. Keep the default name unless you are customizing the template. Changing the name updates code references to point to a new Partner Solution location. This name can include numbers, lowercase letters, uppercase letters, and hyphens, but do not start or end with a hyphen (-). For more information, refer to https://aws-quickstart.github.io/option1.html.

QSS3BucketRegion

Region

us-east-1

AWS Region where the Partner Solution S3 bucket (QSS3BucketName) is hosted. Keep the default Region unless you are customizing the template. Changing this Region updates code references to point to a new Partner Solution location. When using your own bucket, specify the Region. For more information, refer to https://aws-quickstart.github.io/option1.html.

QSS3KeyPrefix

Key prefix

S3 key prefix that is used to simulate a directory for your copy of the Partner Solution assets. Keep the default prefix unless you are customizing the template. Changing this prefix updates code references to point to a new Partner Solution location. This prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). End with a forward slash. For more information, refer to https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html and https://aws-quickstart.github.io/option1.html.

Postdeployment steps

CloudFormation outputs

After deployment, refer to the Outputs tab in the AWS CloudFormation console for the following information:

  1. The Elastic IP addresses associated with the Amazon EC2 Linux and Windows bastion host instances.

  2. The Tanzu Application Platform website URL. For more information, refer to Access the VMware Tanzu Application Platform user interface, later in this guide.

Security configuration and management tasks

After you successfully deploy this Partner Solution, confirm that your resources and services are updated and configured (including any required patches) to meet your security and other needs. For more information, refer to the AWS Shared Responsibility Model.

Access the VMware Tanzu Application Platform user interface

Access the VMware Tanzu Application Platform user interface using the Amazon EC2 Windows bastion host instance that is deployed into a public subnet.

To retrieve the password for the Windows bastion host instance, refer to How do I retrieve my Windows administrator password after launching an instance? To connect to the bastion host, refer to Connect to your Windows instance.

The VMware Tanzu Application Platform user interface is not available as a public URL. You can use Site‑to‑Site VPN or AWS Direct Connect to configure direct access to the VPC from your enterprise network.

Troubleshooting

For troubleshooting common Partner Solution issues, refer to the AWS Partner Solution General Information Guide and Troubleshooting CloudFormation.

VMware Tanzu Application Platform documentation

Refer to the following resources to troubleshoot VMware Tanzu Application Platform.

I can’t access the Tanzu Application Platform user interface

The following issues can cause you to not be able to access the Tanzu Application Platform user interface after deployment.

  • The deployment failed to complete successfully.

    1. Verify that the CloudFormation stack deployment completed successfully.

    2. If the stack deployed successfully, review the Tanzu Application Platform bootstrap logs.

      1. Sign in to the AWS Management Console, and open the CloudWatch console.

      2. In the left navigation pane, choose Log groups.

      3. Choose the /aws/quickstart/tanzu-application-platform/<stack ID> log group.

      4. Choose the <instance ID>_/var/log/cloud-init-output.log log stream.

      5. On the Log events page, verify that the bootstrapping completed successfully. If the bootstrapping completed successfully, then the issue might be the location you are connecting from.

  • Logs can also be found in the /var/log/cloud-init-output.log file on the Linux bastion host.

  • <stack ID> used in the CloudWatch log group name is the ID of the AWS CloudFormation stack, and <instance ID> used in the CloudWatch log stream name is the ID of the Amazon EC2 Linux bastion host, respectively.

  • You are attempting to accessing the site from a location that doesn’t have connectivity to the Tanzu Application Platform GUI. The Tanzu Application Platform website GUI URL can only be accessed from endpoints with a route to the private VPC network, such as from the Amazon EC2 Windows bastion host instance.

Tanzu Application Platform installation failed with a EULA error

You must accept the relevant EULAs before you can download the Tanzu Application Platform packages from the VMware Tanzu Network. For more information, refer to Accept the End User License Agreements.

For more details about the .status.usefulErrorMessage error, connect to the Linux bastion host using SSH. Then run the following commands. For <PACKAGE-NAME>, substitute the name of the package to target.

tanzu package installed list -A
tanzu package installed get <PACKAGE-NAME> --namespace tap-install

If you have chosen to relocate Tanzu Application Platform images to Amazon ECR and this did not complete successfully, run the following command. This command takes 30–45 minutes to complete.

/home/ubuntu/tap-setup-scripts/src/tap-main.sh -c relocate

Run the following command to install Tanzu Application Platform.

/home/ubuntu/tap-setup-scripts/src/tap-main.sh -c install

One or more Tanzu Application Platform packages failed to reconcile

Potential causes include:

  • An infrastructure issue causing the task to take longer to run than the timeout value allows.

  • A race condition between components.

Connect to the Linux bastion host using SSH. Then run the following command to verify the installation status.

tanzu package installed list -A

If the installation has stopped running, one or more reconciliations have likely failed. If so, run the following command.

/home/ubuntu/tap-setup-scripts/src/tap-main.sh -c install

It’s been more than four minutes and the Windows bastion host administrator password still isn’t available

It is likely that during deployment an ED25519 key pair was used instead of an RSA key pair. If you select an ED25519 key pair for this deployment, the CloudFormation stack deploys successfully, but you will be unable to retrieve the automatically generated password for the Windows bastion host.

As of June 23rd, 2022, Amazon EC2 Windows instances do not support ED25519 key pairs. For more information, refer to Amazon EC2 key pairs and Windows instances.

Verify that an RSA key pair used during deployment. If not, try the following options:

Customer responsibility

After you deploy a Partner Solution, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.

Feedback

To submit feature ideas and report bugs, use the Issues section of the GitHub repository for this Partner Solution. To submit code, refer to the Partner Solution Contributor’s Guide. To submit feedback on this deployment guide, use the following GitHub links:

Notices

This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided "as is" without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at https://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "as is" basis, without warranties or conditions of any kind, either expressed or implied. Refer to the License for specific language governing permissions and limitations.