Amazon Nimble Studio

(1)

Amazon Nimble Studio

User Guide

(2)

Amazon Nimble Studio: User Guide

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be aﬃliated with, connected to, or sponsored by Amazon.

(3)

What is Amazon Nimble Studio?

Welcome to the user guide for Amazon Nimble Studio.

Amazon Nimble Studio is an AWS service that builds the infrastructure that you need to operate a cloud-based studio for producing visual eﬀects (VFX), animation, and interactive content. Nimble Studio provides virtual workstations, cloud rendering, and shared storage to content creators so they can quickly scale resources to meet an increased demand for content.

With Nimble Studio, production studios can leverage a global workforce securely in the cloud, thus reducing the costs of added physical infrastructure and technical staﬀ. Using state-of-the-art AWS security, your admins can keep your valuable studio resources secure, while allowing your teams to access the tools they need, such as scalable high-speed storage, licenses, and near-limitless rendering.

Supported software and operating systems

You can use Linux or Windows operating systems (OS) with Nimble Studio. Most user-based credential logins from Foundry, Autodesk, and Adobe can be used.

Nimble Studio supports bring your own (BYO) ﬂoating licenses for industry software. This includes industry standard digital content creation applications such as Houdini, Nuke, Maya, Vray, and many more. Nimble Studio doesn’t support node-locked licenses.

Blender is included on Nimble Studio workstation Amazon Machine Images (AMIs). Whereas, for Farm worker AMIs, you can ﬁnd Nuke, Houdini, and Blender in the AWS Marketplace.

Remote team management

Rapidly onboard and collaborate with artists remotely and securely with Nimble Studio. Our scalable service will help you meet the demands of animation and VFX production teams who might not be cloud technology experts. An added beneﬁt of a remote studio and workforce is that it can reduce production costs and upfront capital investment, while you continue to grow.

Security with Nimble Studio

Amazon Nimble Studio’s state-of-the-art AWS security gives your account admins and project owners the ability to add or remove artists, assign resources, and share projects.

AWS Single Sign-On (AWS SSO) provides secure artist access to web identities in the Nimble Studio portal. Nimble Studio portal includes workstation and ﬁle system access control via AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), enabling directory-aware workloads for your production security needs.

(9)

Setup and deployment

The beauty of Nimble Studio is that setup and deployment takes a few hours, not weeks.

StudioBuilder is Nimble Studio’s deployment tool, and is accessible through the AWS Marketplace.

StudioBuilder builds the infrastructure and pipeline that you need to start working on day one. Create your studio environment using the Nimble Studio portal, name new projects, and invite artists to onboard.

Here are some of the features you get with Nimble Studio:

• AWS Single Sign-On (AWS SSO) for seamlessly connecting to remote teams, assets, and resources

• On-demand access to powerful virtual workstations using Amazon Elastic Compute Cloud (Amazon EC2)

• Integrated render farm through the AWS Thinkbox Render Farm Deployment Kit (RFDK)

• Amazon Machine Images (AMI) functionality and templates

• AWS Identity and Access Management (IAM) policies and roles

• Amazon FSx storage for Windows and Linux

• A virtual network through Amazon Virtual Private Cloud

Storage for Nimble Studio

Render workers on Nimble Studio are conﬁgured to access the shared storage for your studio, known as the Z: drive on your Windows virtual workstation or /mnt/fsxshare on a Linux virtual workstation.

Users also have a profile in the AWS Directory Service for Microsoft Active Directory. This is called a profile directory, and is usually C:\Users\your-user-name\ on Windows, or /home/your-user- name on Linux. A profile directory is not accessible to other artists or render workers.

How to get started with Nimble Studio

After you’ve familiarized yourself with the Concepts and terminology for Amazon Nimble Studio (p. 2) page, visit the Getting started with Amazon Nimble Studio (p. 28) page. In it, you’ll ﬁnd links to helpful information for administrators and artists alike.

The Nimble Studio Getting started with Amazon Nimble Studio (p. 28) series gives step-by-step instructions for deploying a new cloud studio and conﬁguring it for your team.

If you’re an artist in ﬁlm, VFX, or interactive content, the Artist tutorials for Amazon Nimble

Studio (p. 511) tutorials will show you how to launch a virtual workstation, and use Nimble Studio to collaborate and create remotely.

Concepts and terminology for Amazon Nimble Studio

To help you get started with Amazon Nimble Studio, and understand how it works, you can refer to the key concepts and terminology in this guide.

(10)

Key features

Amazon Nimble Studio

Amazon Nimble Studio is an AWS service that enables creative studios to produce visual eﬀects, animation, and interactive content entirely in the cloud, from storyboard sketch to ﬁnal deliverable.

Nimble Studio supports Linux and Windows operating systems (OS) and creation applications such as Autodesk Maya, Blender, Houdini, or Foundry’s Nuke. It also integrates with many other AWS services.

Amazon Nimble Studio console

The Nimble Studio console is a portion of the AWS Management Console that is devoted to our admin IT customers. This console is where admins create their cloud studio and manage many settings. For instance, the Studio manager page allows you to add or remove resources, add launch proﬁles, and grant permissions to users and groups.

Amazon Nimble Studio portal

The Nimble Studio portal is the user interface that’s dedicated to both types of Nimble Studio

customers: artists and admins. The Nimble Studio portal is where admins can assign launch proﬁles to artists, and artists can launch streaming sessions. The portal’s user-friendly interface makes it easy to review your launch proﬁles, check your workstation’s status, see who else is in their cloud studio, and access support.

StudioBuilder

StudioBuilder is a Cloud Development Kit (CDK) application that deploys a fully functional, secure cloud studio with Nimble Studio through a command line interface (CLI). After you follow a few prompts and conﬁgure some settings, StudioBuilder builds the infrastructure that your cloud studio needs to operate.

The process takes about 90 minutes.

StudioBuilder is available through the AWS Marketplace.

AWS Thinkbox Deadline (Deadline)

Deadline is rendering management software that provides a wide range of compute management options to easily and securely access cloud-based resources for rendering, render management, and processing. AWS Thinkbox Deadline is compatible with Windows, Linux, and macOS based render farms.

Key concepts and terminology

Amazon EC2 instance

An instance is a virtual server in the cloud. Its configuration is a copy of the Amazon Machine Image (AMI) that you specified when you launched the instance. To connect your virtual workstation to a streaming session, you must first launch an instance. You can do this from the Nimble Studio portal.

Amazon Machine Image (AMI)

An Amazon Machine Image (AMI) provides the information required to launch an instance. To run StudioBuilder and deploy your cloud studio, you must launch an Amazon EC2 instance using the AMI. An

(11)

Key concepts and terminology

When StudioBuilder builds your cloud studio, it creates an Active Directory environment using the AWS Managed Microsoft AD service. After deployment, you can connect your new AWS Managed Microsoft AD to AWS Single Sign-On (AWS SSO). To learn how, see Step 6: Link AWS Managed Microsoft AD as an AWS SSO identity source (p. 58) in the Deploying a new studio with StudioBuilder (p. 28) tutorial.

By connecting your AWS Managed Microsoft AD to AWS SSO, administrators can grant users or groups seamless access to the resources that you want them to use.

Customers who wish to bring their own Active Directory should follow the Bring Existing Resources (BER) steps in the Getting started page of the Nimble Studio console.

AWS managed policies

An AWS managed policy is a standalone policy that is created and administered by AWS. Standalone policy means that the policy has its own Amazon Resource Name (ARN) that includes the policy name. For example, arn:aws:iam::aws:policy/IAMReadOnlyAccess is an AWS managed policy. For more information about ARNs, see IAM ARNs.

AWS managed policies are used for granting permissions to common job functions. Job function policies are maintained and updated by AWS when new services and API operations are introduced.

For example, the AdministratorAccess job function provides full access and permissions delegation to every service and resource in AWS. Whereas, partial-access AWS managed policies such as AmazonMobileAnalyticsWriteOnlyAccess and AmazonEC2ReadOnlyAccess can provide speciﬁc levels of access to AWS services without allowing full access. For learn more about access policies, see Understanding access level summaries within policy summaries.

AWS Management Console

The AWS Management Console is a web application that provides access to a broad collection of service consoles for managing AWS services.

Each service also includes its own console. These consoles oﬀer a wide range of tools for cloud computing. For instance, within the EC2 console, you can create a license server, plus update or add new software to your Linux worker Amazon Machine Image (AMI). There’s even a service that helps with billing and cost management.

AWS Single Sign-On (AWS SSO)

AWS SSO is an AWS service that makes it easy to centrally manage access to multiple AWS accounts and business applications. With AWS SSO, you can provide users with single sign-on access to all their assigned accounts and applications from one place. You can also centrally manage AWS SSO access and user permissions to all of your accounts in AWS Organizations. Visit AWS Single Sign-On FAQs for more information.

AWS Systems Manager Session Manager

Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS Command Line Interface (AWS CLI). For more information, visit AWS Systems Manager Session Manager.

Amazon Virtual Private Cloud (Amazon VPC)

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you have deﬁned. This virtual network closely resembles a traditional network that you would operate in your own data center, with the beneﬁts of using the scalable infrastructure of AWS. Amazon Nimble Studio provides you with a default VPC during deployment.

Availability Zone (AZ)

(12)

Availability Zones are multiple, isolated locations within each AWS Region. An Availability Zone is represented by an AWS Region code followed by a letter identiﬁer (example: us-east-1a).

With Amazon VPC, you can deﬁne a virtual network topology closely resembling a traditional network that you might operate on your own premises. Multi-AZ deployment provides high availability and fault tolerance. You can use Amazon VPC to span multiple Availability Zones. This enables you to place independent infrastructure in physically separate locations.

AWS PrivateLink

AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks, without exposing your traﬃc to the public internet. AWS PrivateLink makes it easy to connect services across diﬀerent accounts and VPCs. AWS PrivateLink is available for a monthly fee that is billed to your AWS account.

AWS Virtual Private Network (AWS VPN)

AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote oﬃces, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. Each service provides a highly available, managed, and elastic cloud VPN solution to protect your network traﬃc.

AWS Site-to-Site VPN creates encrypted tunnels between your network and your VPCs or transit gateways. For managing remote access, AWS Client VPN connects your users to AWS or on-premises resources using a VPN software client.

Digital Content Creation (DCC)

Digital Content Creation (DCC) refers to the category of applications that are used to produce creative content, including Blender, Nuke, Maya, and Houdini.

Desktop Cloud Visualization (DCV) NICE DCV is a high-performance remote display protocol. It lets you securely deliver remote desktops and application streaming from any cloud or data center to any device, over varying network conditions. By using NICE DCV with Amazon EC2, you can run graphics-intensive applications remotely on Amazon EC2 instances. For more information about the DCV client, see NICE DCV Clients.

End user license agreement (EULA)

A EULA is a contract between the manufacturer of computer software and the person who installs and uses the software.

Launch proﬁle

A launch profile controls your artist workforce’s access to studio components, like compute farms, shared file systems, managed file systems, and license server configurations, as well as instance types and Amazon Machine Images (AMIs).

Studio administrators create launch profiles in the Nimble Studio console. Artists can use their launch profiles to launch an instance from the Nimble Studio portal. Each user’s launch profile defines how they can launch a streaming session. By default, studio admins can use all launch profiles.

License server

(13)

A license service is a centralized computer software system for Nimble Studio that provides access tokens or keys to enable licensed software to run. With Nimble Studio, your license service can be used as a proxy or as the direct license server—but you must install your own license management software.

On-Demand Instances

With On-Demand Instances, you pay for compute capacity by the second, with no long-term

commitments. You have full control over the lifecycle of the instance—you decide when to launch, stop, hibernate, start, reboot, or shut it down. You pay only for the seconds that your On-Demand Instances are in the running state. The price per second for On-Demand Instance is ﬁxed and is listed on the Amazon EC2 Pricing, On-Demand Pricing page.

Regions

Nimble Studio oﬀers ﬁve Regions from which to choose your home Region. Users close to the home Region will experience faster speed and improved performance. For more information, see Availability Zones for Amazon Nimble Studio.

To see the mapping of IDs to Availability Zones in your account, see AZ IDs for Your Resources in the AWS Resource Access Manager User Guide.

Remote Connection Server (RCS) The Remote Connection Server (RCS) is encapsulated by the Render Queue construct. It is the service that sits behind the Application Load Balancer (ALB) that is set up by the Render Queue. During instantiation, the Render Queue generates a self-signed certiﬁcate that the RCS is conﬁgured to use for communication between itself and the ALB. For more information, see the Render Farm Deployment Kit on AWS developer guide.

Render Farm Deployment Kit on AWS (RFDK)

The Render Farm Deployment Kit (RFDK) on AWS is an open-source software development kit that can be used to deploy, conﬁgure, and manage your render farm infrastructure in the cloud. The RFDK is built to operate with the AWS Cloud Development Kit (AWS CDK) and provides a library of classes, called constructs, that each deploy and conﬁgure a component of your cloud-based render farm. The current version of the RFDK supports render farms that are built using AWS Thinkbox Deadline render management software.

Render queue

A render queue is the main, central service component of a render farm, where clients and workers connect and access any information that they require to set up a render. Render queues allow teams to control the order in which objects will be rendered.

Streaming image

A streaming image is a resource within Nimble Studio that represents an Amazon Machine Image (AMI), and is speciﬁcally conﬁgured to work with virtual workstations. A streaming image allows users to connect to their workstations via a NICE DCV client.

Streaming session

A streaming session represents a virtual workstation that a user can connect to so that they can access the ﬁles, settings, and applications they need to work on an asset. Users can see the streaming session listed in their Nimble Studio portal, where they can connect to the session and shut it down.

Studio

A studio is the top-level container for other Nimble Studio-related resources. Your cloud studio manages the Nimble Studio web portal and the connections to essential resources in your AWS account such as your VPC, user directory, and storage encryption keys.

(14)

Studio component

Studio components are conﬁgurations within a customer’s Nimble Studio that tell the service how to access resources like ﬁle systems, license servers, and render farms in your AWS account.

Nimble Studio contains a number of subtypes of studio components including a shared ﬁle system, compute farm, Active Directory, and license component. These subtypes describe resources that you would like your studio to use.

Studio home Region (home Region)

A studio home Region is the AWS Region where essential studio infrastructure exists, such as your main Amazon S3 data and render farm.

Your home Region is where your core production data lives, so it is typically closest to where the core production is happening. A geographically distributed studio might select the home Region to be close to the majority of its creative workforce.

Studio resources

Studio resources is an industry term that encapsulates the things a studio needs in their daily operations.

Studio artists often refer to their render farm, Microsoft Active Directory, and ﬁle storage as resources.

When describing how resources ﬁt into the infrastructure of a cloud studio, they might be also referred to as studio components.

Subnet

A subnet is a range of IP addresses in your VPC. When a subnet’s traﬃc is routed to an internet gateway, the subnet is known as a public subnet.

VPN-only subnet: If a subnet doesn’t have a route to the internet gateway, but has its traﬃc routed to a virtual private gateway for a site-to-site VPN connection, the subnet is known as a VPN-only subnet.

Private subnet: A subnet that doesn’t have a route to the internet gateway is known as a private subnet.

For more information, see Examples for VPC, Internet gateways, and What is AWS Site-to-Site VPN? in the AWS Site-to-Site VPN User Guide.

Tags

A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value that you deﬁne.

Tags enable you to categorize your AWS resources in different ways. For example, you could define a set of tags for your account’s Amazon EC2 instances that help you track each instance’s owner and stack level. Tags also enable you to integrate your organization’s shared file systems and render farms with Nimble Studio, to keep your workflows uninterrupted while you move your workforce to the cloud.

With tags, you can categorize your AWS resources by purpose, owner, or environment. This is useful when you have many resources of the same type—you can quickly identify a speciﬁc resource based on the tags that you’ve assigned to it.

User-managed VPC

A user-managed VPC is a virtual private cloud (VPC) in your AWS account that you control. StudioBuider provides you with a default VPC in Amazon Virtual Private Cloud (Amazon VPC) during deployment.

(15)

A virtual workstation is configured with all of the applications, tools, and data that an artist needs to do their work. To access their virtual workstation, the artist must use launch profiles that the admin assigned to them, and launch a streaming session from the portal. After the streaming session starts, the artist can use the software applications, storage, and render farm that was configured for them in their works.

(16)

How does StudioBuilder work?

How StudioBuilder works with Amazon Nimble Studio

StudioBuilder is a command line interface (CLI) tool for IT admins to configure Nimble Studio and set up its infrastructure. Within the terminal, StudioBuilder converts the admin’s input to a configuration file and deploys an AWS Cloud Development Kit (CDK) application to create account resources using AWS CloudFormation.

Contents

• How does StudioBuilder work? (p. 9)

• What resources does StudioBuilder create? (p. 9)

• Troubleshooting (p. 20)

• Related resources (p. 21)

How does StudioBuilder work?

StudioBuilder’s deploy tool creates a conﬁguration ﬁle to build your studio, based on answers that you provide within its CLI. After all of the questions are answered and validated in the terminal, you can deploy the StudioBuilder CDK application. StudioBuilder creates four CloudFormation stacks when it builds your studio, and these stacks create your studio resources.

StudioBuilder’s CDK application performs the following functions:

• Uses the conﬁguration ﬁle to determine which resources get deployed by CloudFormation in your account.

• Creates an Amazon Virtual Private Cloud (Amazon VPC) and a range of secure IP addresses in your VPC (called subnets).

• Conﬁgures the network access control lists (NACLs) and security groups to help protect your resources from malicious users.

• Creates Nimble Studio components, including a render farm, storage, and AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD). Automatically conﬁgures these resources so they’re ready for use.

• Launches and automatically scales at least one ﬂeet of Spot Instances, as needed, within a single Amazon EC2 Auto Scaling group. This allows you to have at least one render worker always running.

• Creates two launch proﬁles—one for the IT admin to conﬁgure the studio, and the other for render workers.

What resources does StudioBuilder create?

(17)

What resources does StudioBuilder create?

Here is a network diagram showing what the StudioBuilder CDK deploys and how each resource communicates with the other resources. The diagram shows the two default availability zones and every subnet that StudioBuilder creates within each Amazon VPC. It also shows which subnets can

(18)

communicate with each other, and on which ports that communication is allowed to take place. The NACLs and security groups control communication between subnets.

(19)

(20)

Network tier

The network tier is the base tier. Without the network tier, no other tier will work. The network architecture of the studio creates the following resources in your account.

Amazon VPC

• The default VPC that StudioBuilder creates for your studio is an Amazon VPC. It has the same name as your studio ID. This is the private network that launches AWS resources created by StudioBuilder for your Nimble Studio cloud studio.

Subnets

StudioBuilder creates 12 subnets in the studio default VPC. The subnets divide the Amazon VPC up into smaller blocks and the resources that require IP addresses are assigned to each subnet. This is done to isolate resources from each other for security, which is supplemented by NACLs and security groups.

NoteSome subnets need to exist in at least two availability zones due to the requirements of the services hosted within them.

• The public subnet named Public routes all traﬃc to the internet gateway.

• Two private subnets named Backend are created to put the Amazon DocumentDB ﬁle system and the Amazon Elastic File System (Amazon EFS) ﬁle system into once they’re created in the data tier.

• Two private subnets named ActiveDirectory create the AWS Managed Microsoft AD in the data tier.

• The private subnet named FileSystems creates the Amazon FSx ﬁle system in the data tier.

• Two private subnets named ServiceEndpoints are created for the Application Load Balancer (ALB) in the service tier.

• The private subnet named Workstations is created to auto conﬁgure the AWS Managed Microsoft AD in the service tier.

• Two private subnets named WorkerSupport create the health monitor in the compute tier.

• The private subnet named RenderWorkers creates the Deadline render ﬂeet in the compute tier.

Gateways and endpoints

• The network address translation (NAT) gateway inside of the Public subnet routes traﬃc between private subnets and internet gateway.

• The internet gateway in the Public subnet routes all traﬃc to the internet.

• The NACLs help limit traﬃc between each subnet for added security.

• Two endpoints are created to control access to your resources.

• The Amazon DynamoDB VPC gateway endpoint is associated with the Backend subnets and gives DynamoDB access to the Deadline Remote Connection Server (RCS) when the Deadline Resource Tracker is being used. The RCS is a server application which controls access to the Deadline Database

(21)

Data tier

Route 53

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. You can use Route 53 to perform three main functions in any combination: domain registration, DNS routing, and health checking.

The network tier creates the nimble.<aws_region>.aws domain. This domain connects with the RCS, created in the service tier, to run the render queue. The following three records are created with the RCS.

• The record nimble.<aws_region>.aws with type name server (NS) indicates which Domain Name System (DNS) server is authoritative for the domain.

• The record nimble.<aws_region>.aws with type start of authority (SOA) contains administrative information.

• The record renderqueue.nimble.<aws_region>.aws with type A (IPv4 address record of the compute farm) connects with the render farm in Deadline.

Security groups

• The VPC Interface endpoints security group limits access to VPC interface endpoints so that studio resources can securely communicate with AWS services.

• The License servers security group controls access to customer-created license servers.

Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service that oﬀers scalability, data availability, security, and performance.

• SecurityLogs: The bucket named <studio_id> + network-SecurityLogs + … stores ﬂow logs for the studio Amazon VPC to create the render queue in the service tier.

• SecurityLogsAccess: The bucket named <studio_id> + network-SecurityLogsAccess + … is the access logging bucket for the studio Amamzon VPC.

• StudioConfig: The studioconfig-<studio_id>-<account_id>-<region> bucket stores the backup config file.

IAM

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. Admins use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

• The role named <studio_id> + BucketRole grants permissions to back up the StudioBuilder conﬁg ﬁle to the studioconfig-<studio_id>-<account_id>-<region> S3 bucket.

Data tier

The data tier stack only depends on the network stack. This is the stack where your studio is created. The data architecture of the studio creates the following resources in your account.

Security groups

• The Deadline EFS File System security group controls access to the Amazon EFS ﬁlesystem used by Deadline.

(22)

Data tier

• The DocumentDB Security Group security group controls access to the Amazon DocumentDB cluster used by Deadline.

• The Deadline Repository Installer security group controls access to the Deadline Repository installer.

• The FSx File Systems security group controls access to the Amazon FSx ﬁle systems.

• The Active Directory auto-conﬁguration security group allows the AWS Managed Microsoft AD conﬁguration instance to work with the least amount of permissions.

• The Workstation access to file systems security group controls outbound access to the Nimble Studio workstation.

• The Workstation access to Deadline security group controls access to Deadline though the Nimble Studio workstation .

• The DummySecurityGroup security group can be attached to any studio component.

AWS KMS

AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data.

• The <studio_id>-Key encrypts your studio and encrypts your SNS messages.

Amazon EFS

Amazon Elastic File System (Amazon EFS) provides a simple, serverless, set-and-forget elastic ﬁle system for use with AWS Cloud services and on-premises resources.

• The ﬁle system named RepositoryFS is where the Deadline repository is installed. You can install custom Deadline scripts in this ﬁle system.

• The access point named RepositoryFS is the access point for Deadline repository ﬁle system , which stores plugins, scripts, logs, and any auxiliary ﬁles.

• The access point named PaddingAccessPoint is the access point for the Lambda function

PadEfsStoragePadFilesystem. The PadEfsStoragePadFilesystem Lambda function uses the PaddingAccessPoint access point to create random ﬁles in Amazon EFS to maintain burst credit for Deadline. For more information about burst credits, see Demonstrate how to send an email alarm when EFS burst credits below a threshold on GitHub.

Amazon DocumentDB

Amazon DocumentDB (with MongoDB compatibility) is a fast, reliable, and fully managed database service.

• The cluster with the preﬁx databasecluster is used to work with the Deadline Database to store the jobs, settings, and worker conﬁgurations of the Deadline render farm management.

• The cluster parameter group dbauditlogging + … enables Amazon DocumentDB audit logging.

(23)

Data tier

• The Amazon FSx file system named FSxWindows is created using the FileSystems subnet created in the network tier based on your configurations. By default, the file system has a 200GB SSD storage capacity and a 16MB/s throughput capacity.

Auto Scaling groups

An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management.

• The RepositoryInstaller Auto Scaling group is created for the Deadline Repository installer to help install the Deadline Repository.

Secrets Manager

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service allows you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.

• The root certificate authority certificate <studio_id>RootCA will be used to sign the Transport Layer Security (TLS) certificate in the service stack. Both the public and the private parts of the certificate are stored in Secrets Manager.

• The RenderWorkerADCredentials secret stores the AWS Managed Microsoft AD’s credentials for render workers.

• The StudioBuilderAdminADCredentials secret stores the AWS Managed Microsoft AD’s credentials for the studio admin.

AWS Lambda

AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers, creating workload-aware cluster scaling logic, maintaining event integrations, or managing runtimes.

• The Lambda function RotateADCredentials rotates the AWS Managed Microsoft AD’s passwords and updates the secrets, RenderWorkerADCredentials and StudioBuilderAdminADCredential with the new passwords.

CloudWatch Alarms

CloudWatch Alarms watch a single metric over a speciﬁed time period.

• Perform one or more speciﬁed actions, based on the value of the metric, relative to a threshold over time.

• Deploy four CloudWatch Alarms, all named Burst Credits. They fire at different thresholds if the file system becomes too busy.

AWS Step Functions

AWS Step Functions is a serverless orchestration service that lets you combine Lambda functions and other AWS services to build business-critical applications.

(24)

Service tier

Step Functions is based on state machines and tasks. A state machine is a workflow. A task is a state in a workflow that represents a single unit of work that another AWS service performs. Each step in a workflow is a state.

• A state machine named PadEfsStorageStateMachine is created so that when the Burst Credits CloudWatch Alarms ﬁre, you can manually expand the data stored on the Deadline Repository EFS share.

• The PadEfsStorageStateMachine is part of the Render Farm Deployment Kit (RDFK).

• For more information about the RDFK, see the Render Farm Deployment Kit on AWS Developer Guide.

IAM

• The IAM role studioadminrole grants permissions for studio admin. The studio admin can add, modify, or delete launch proﬁles and studio components. The studio admin can also accept any end- user license agreements (EULAs).

• The IAM role studiouserrole grants permissions for studio user. Non-admin studio users can sign into the Nimble Studio portal and use their launch proﬁle(s) to start a streaming workstation.

Nimble Studio resources

• The AWS Managed Microsoft AD named ActiveDirectory is used by studio administrators to manage users, teams, and groups. The AWS Managed Microsoft AD password is defined by you during the studio configuration and is stored in Secret Manager. The AWS Managed Microsoft AD is used to authenticate users when they log into streaming workstations, controlling file access on Amazon FSx for Windows volumes, and is used by resources like AWS Single Sign-On (AWS SSO) to sign into the Nimble Studio portal. You can find this AWS Managed Microsoft AD under Active Directories in the Directory Service console.

• The custom configuration InstanceConfiguration is a custom Amazon Elastic Compute Cloud (Amazon EC2) instance that controls file permissions for new files.

• The NimbleStudioRegistration key, which is what creates your Nimble Studio cloud studio.

Important

Don’t delete your data stack; this deletes your NimbleStudioRegistration key which will automatically delete your Nimble Studio cloud studio.

Service tier

The service tier stack depends on the data stack and the network stack. AWS Managed Microsoft AD auto conﬁguration happens in the service tier. The service architecture of the studio creates the following resources in your account.

Security groups

• The Render Worker Access security group controls Nimble Studio worker ﬂeet access.

(25)

Service tier

Deadline

Deadline is an administration and compute management toolkit for Windows, Linux, and macOS based render farms.

The service tier creates six Deadline resources to help you manage your render farms.

• Deadline’s TLS certificate, which gets signed with the root certificate authority certificate that was created in the data tier.

• Deadline RCS , which controls access to the Deadline Database and Repository from the Deadline Client.

• Deadline ALB load balances HTTP/HTTPS request within the AWS ecosystem. The ALB is only created if you have more than one RCS instance in your Nimble Studio cloud studio.

• Deadline’s Spot Event Plugin policies for the compute tier is used to create a Spot Event Plugin conﬁguration in the compute tier.

Nimble Studio resources

• The studio component ComputeFarm runs the render farm in Deadline.

• The compute farm RenderFarm is the render farm that runs in Deadline. The EC2 instance associated with this compute farm is named <studio_id>Service/RenderQueue/Cluster/RCS Capacity.

• The RenderQueueClusterRCSCapacity Auto-Scaling Group is created for the

<studio_id>Service/RenderQueue/Cluster/RCS Capacity instance. It is used by Deadline and is usually a single EC2 instance, but can be scaled up if there is a large number of jobs or projects in the queue.

• The ADAutoConfigurationInstance EC2 instance is created for <studio_id>Service/

ADAutoConfiguration/Instance. It automatically configures the Active Directory before shutting itself down. It creates some initial Active Directory users and configures the group policies so that roaming profiles, which workstations rely on, are turned on by default

• The launch profile RenderWorker-Default is associated with the Workstations subnet created in the network tier, and the Amazon Machine Images (AMIs) that you configured when running StudioBuilder. If you add a new storage component to your studio and want to render a file using that component, it needs to be added to RenderWorker-Default. The RenderWorker-Default launch profile only exists if you deploy a render farm.

The following example shows what the RenderWorker-Default launch proﬁle looks like and what types of launch proﬁle components are associated with it.

(26)

Compute tier

• The launch profile Workstation-Default is associated with the Workstations subnet created in the network tier, and the AMIs that you configured when running StudioBuilder. The Workstation-Default launch profile is always created, regardless of whether or not you deploy a compute farm.

The following example shows what the Workstation-Default launch proﬁle looks like and what types of launch proﬁle components are associated with it.

Compute tier

(27)

Troubleshooting

Security groups

• The security group ConfigureSpotEventPluginConfiguratorSecurityGroup is created to limit access to the SEP.

Spot Event Plugin

• The Deadline Spot Event Plugin (SEP) is a Deadline plugin that makes Spot Fleet requests spin up worker EC2 instances when farm jobs are in the queue. One SEP configuration is created for each Spot render fleet. The SEP configuration contains the EC2 instance types and launch templates it needs to use when spinning up workers for the group.

• Deadline also deploys a Deadline Resource Tracker when it deploys a Spot Fleet as part of the Spot Event Plugin’s operation.

Nimble Studio resources

• Render fleets are created for the render farm. Render fleets are collections of EC2 instances. The render fleets also include On-Demand fleets. On-Demand fleet sizes are managed by an Auto Scaling group and Spot Fleets. Multiple fleets can be defined for a farm. A Deadline group of the same name is automatically created for each fleet. Fleets can be either Linux or Windows, based on your configuration.

• The render fleet health monitor is created to monitor the health of On-Demand fleets. If an EC2 instance is deemed unhealthy, it is terminated and replaced. If enough EC2 instances are unhealthy, the fleet is scaled down to zero.

Troubleshooting

My Spot Fleets are being terminated.

The Deadline Resource Tracker is likely the cause. To resolve this issue, follow the instructions in the Instances Shutting Down section of the Troubleshooting guide in the Deadline Resource Tracker documentation.

I got a CloudWatch Alarm about burst credits

If you’re getting a CloudWatch Alarm email about burst credits, your ﬁle system is too busy. To ﬁx the issue, increase the burst credits availability that you have each month.

To increase the available burst credits 1. Sign in to the AWS Management Console.

2. Go to Services → Step Functions .

3. Select the step function with the name beginning with PadEfsStorageStateMachine.

4. Choose Start execution.

5. (Optional) Give the execution a name.

6. Enter the following code in the Input section. For desired padding, enter the GiB of data that you want to add to the EFS.

{

(28)

Related resources

}

7. Choose Start execution.

Related resources

• Conﬁgure using StudioBuilder

• Deploy using StudioBuilder

(29)

Local Zones

Availability Zones for Amazon Nimble Studio

Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones.

To coordinate Availability Zones across accounts, you must use the Availability Zone ID, which is a unique and consistent identiﬁer for an Availability Zone. For example, use1-az2 is an ID for the us-east-1 Region and it has the same location in every AWS account.

Viewing Availability Zone IDs enables you to determine the location of resources in one account relative to the resources in another account. For example, if you share a subnet in the Availability Zone with the ID use1-az2 with another account, this subnet is available to that account in the Availability Zone whose ID is also use1-az2. The ID for each VPC and subnet is displayed in the Amazon VPC console.

Amazon Nimble Studio is available in a subset of the Availability Zones for each supported Region. The following table lists the IDs that you can use for each Region. To see the mapping of IDs to Availability Zones in your account, see AZ IDs for Your Resources in the AWS RAM User Guide.

Region name Region code Region ID

US East (N. Virginia) us-east-1 use1-az2, use1-az4, use1-az6

US West (Oregon) us-west-2 usw2-az1, usw2-az2, usw2-az3,

usw2-lax1-az1

Asia Paciﬁc (Sydney) ap-southeast-2 apse2-az1, apse2-az3, apse2-

az2

Canada (Central) ca-central-1 cac1-az1, cac1-az2

Europe (London) eu-west-2 euw2-az1, euw2-az2, euw2-az3

For more information about Availability Zones and Availability Zone IDs, see Regions, Availability Zones, and Local Zones in the Amazon EC2 User Guide for Linux Instances.

Local Zones

If your studio is being created, or already exists, in the us-west-2 Region, you can create Workstations and ﬁle systems in the LA Local Zone. We recommend this for lower latency interactions, if you and your artists are located closer to California than Oregon. For instructions on how to opt in to the LA Local Zone, see the (Optional) Opt in to the LA Local Zone (p. 26) tutorial. For more information about Local Zones, see the AWS Local Zones FAQs.

(30)

Set up IAM

Setting up to use Nimble Studio

This tutorial is for admin users who want to set up an Amazon Nimble Studio. If you are an artist who is just beginning to use Nimble Studio, go to the Artist tutorials for Amazon Nimble Studio (p. 511).

The following sections will guide you through the steps that you must complete before deploying a studio in Nimble Studio.

Contents

• Set up IAM (p. 23)

• Check service quotas (p. 23)

• Request a quota increase (p. 24)

• (Optional) Opt in to the LA Local Zone (p. 26)

Set up IAM

NoteFor StudioBuilder to work, you can’t use an AWS account that is associated with an Organizations. First, log out of that AWS account. Then create a new AWS account.

Review the following AWS Identity and Access Management (IAM) documentation before you start:

1.Security best practices in IAM

2.Creating your ﬁrst IAM admin user and user group

Log in to your AWS account as an admin user to complete the remaining setup.

Check service quotas

You can use the AWS Service Quotas console to view and request increases for most AWS quotas. If you are using an existing AWS account for deployment, for instance, it’s important that you are not already reaching your limit.

Most service quotas are Region-speciﬁc, so be sure to select the AWS Region where the quota increase is required.

Check your Spot Instance quota

Increasing your Spot Instance quota will allow you to scale your farm up to the size required by your team to handle the workload for your projects.

1. Sign in to the AWS Management Console.

2. Go to Services → Service Quotas .

(31)

Request a quota increase

7. Choose Request quota increase.

8. In the window that appears, enter a new quota value in the ﬁeld under Change quota value.

a. To ﬁgure out what to change your quota value to, multiply the number of render workers that you want to run concurrently with the number of vCPUs you want each render worker to have.

b. For example, if you have 20 workers and want each worker to have 16 vCPUs, you would request to change your quota value to 320.

9. Choose Request.

For information about the specs of diﬀerent instances, see Amazon EC2 Instance Types.

Note

The default quota for Amazon Simple Storage Service (Amazon S3) buckets is 100 per AWS account. StudioBuilder will fail whenever you reach 4 buckets below your limit. To request a quota increase up to 1,000 buckets, open the AWS Service Quotas console, choose AWS services from the left navigation pane, and search Amazon S3.

Request a quota increase

Your AWS account is subject to quotas that might impact how many Nimble Studio virtual workstations, render workers, and EC2 G4 instances that you are able to launch.

You can request increases to all of your studio quotas. After your request for a service quota increase is approved, your studio will have access to the resources that your team needs to do their work. For more information, see AWS service quotas.

Request a quota increase for Amazon Nimble Studio streaming sessions

A streaming session is how artists connect to their virtual workstations so that they can access the ﬁles, settings, and applications that they need to work on an asset. By default, your AWS account is limited to two streaming sessions per studio. If you are planning on having more than two artists working at a time, you will want to request a quota increase for Nimble Studio streaming sessions.

1. Go to the Service Quotas console.

2. Check that your Region is set to the region in which you want to deploy your studio.

3. In the left navigation pane, choose AWS services.

4. Search for Amazon Nimble Studio.

5. Choose Amazon Nimble Studio from the list.

6. Select Streaming sessions per studio by choosing the dot next to the item.

(32)

Request a quota increase for VPC security groups per network interface

8. Enter the desired number of concurrent streaming sessions into the Change quota value ﬁeld.

a. Each artist will require their own streaming session. Therefore, choose the number of artists that you anticipate working in your studio at any given time.

Request a quota increase for VPC security groups per network interface

1. In the left navigation pane choose AWS services.

2. Search for VPC.

3. Choose Amazon Virtual Private Cloud (Amazon VPC) in the list.

4. Select the dot next to Security groups per network interface.

6. In the Change quota value ﬁeld, enter the desired number of security groups per network interface.

a. This number will depend on how many studio components you anticipate adding to your launch proﬁles and how many security groups are being used by those components. If you are not sure, 10 is a good starting point. You can always increase this quota later.

Request a quota increase for On-Demand “G and VT”

Instances

When updating the AMIs that your team uses to launch virtual workstations, you will need to launch GPU instances so that you can install and test the software that you are adding to the AMI.

1. In the left navigation pane, choose Dashboard

2. Choose Amazon Elastic Compute Cloud (Amazon EC2) from the list of dashboard cards.

3. Select Running On-Demand G instances from the list and choose Request quota increase. G stands

(33)

(Optional) Opt in to the LA Local Zone

instance with more vCPUs, you will need a higher quota value. A value of 16 would allow you to run 4 g4dn.xlarge instances at a time or one g4dn.4xlarge instance, which has 16 vCPUs.

6. You can check on the status of a quota request by choosing Quota request history in the navigation pane of the Service Quotas console. It can take anywhere from 12 to 48 hours for a request to be resolved.

(Optional) Opt in to the LA Local Zone

If you want to create a studio in the us-west-2 Region, you can create workstations and ﬁle systems in the LA Local Zone. We recommend this for lower latency interactions, if you and your artists are located closer to California than Oregon. For more information about Local Zones, see the AWS Local Zones FAQs.

To use the LA Local Zone, you must manually opt in from the console. If you don’t, the Local Zone won’t appear in the list of Availability Zones in the StudioBuilder deploy tool.

1. Go to Services → VPC . 2. Select Settings.

3. Scroll down to US West (Los Angeles) / us-west-2-lax-1 and select Manage.

4. Select Opted in.

(34)

Related resources

5. Select Update zones.

You can now create resources in the LA Local Zone.

Related resources

• Security Best Practices in IAM

• AWS service quotas - AWS General Reference

(35)

Deploy a new studio

Getting started with Amazon Nimble Studio

Welcome to the Amazon Nimble Studio getting started tutorials series!

Now that you have an AWS account set up, as an admin, you can begin deploying and conﬁguring Nimble Studio. The following tutorials help you get started by showing you how to use StudioBuilder to customize your deployment, add studio users, and optionally update your studio’s launch proﬁles.

We recommend that you start with the Setting up to use Nimble Studio (p. 23) tutorial before you begin this series. If you encounter any issues, check out the Getting help and support (p. 638) documentation.

If you’re an artist and your admin has already set up your Nimble Studio portal, see Artist tutorials for Amazon Nimble Studio (p. 511).

Topics

• Deploying a new studio with StudioBuilder (p. 28)

• Deploying a new studio by hand (p. 64)

• Adding studio users (p. 92)

• Setting up Linux home directories (p. 114)

• Creating launch proﬁles (p. 127)

• Conﬁguring AWS Thinkbox Deadline (p. 140)

Deploying a new studio with StudioBuilder

This tutorial is for admin users. It guides you through the process of deploying Amazon Nimble Studio in your AWS account using the StudioBuilder app. Within this step-by-step tutorial, you’ll see how to conﬁgure your studio, including choosing your studio name, setting up AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), creating shared storage, and selecting options for your render farm.

Contents

• Prerequisites (p. 29)

• Step 1: Enable AWS Single Sign-On (AWS SSO) (p. 29)

• Step 2: Access the StudioBuilder AMIs (p. 35)

• Step 3: Launch the StudioBuilder EC2 instance (p. 39)

• Step 4: Conﬁgure studio with StudioBuilder (p. 46)

• Step 5: Deploy studio with StudioBuilder (p. 55)

• Step 6: Link AWS Managed Microsoft AD as an AWS SSO identity source (p. 58)

• Step 7: Conﬁrm subscription to burst alert emails (p. 62)

• Troubleshooting (p. 62)

Estimated time: 2 hours

(36)

Prerequisites

NoteYou can’t use an AWS account that is associated with an AWS Organizations when deploying a studio. You must ﬁrst log out of that AWS account, then create or use a diﬀerent AWS account.

• Before you begin this tutorial, follow the steps for Creating your ﬁrst IAM admin user and user group.

• We recommend that you check your quotas as described in the Setting up tutorial before you begin deployment. Quota increase requests can take up to 48 hours to be fulﬁlled.

Step 1: Enable AWS Single Sign-On (AWS SSO)

To deploy your studio, you need to enable AWS Single Sign-On (AWS SSO) for your account. AWS SSO allows you to easily manage user permissions and access to your accounts and applications from one place. The easiest way to enable AWS SSO is by visiting the Nimble Studio service page. The ﬁrst step of setting up your studio enables AWS SSO for you, so that you’re ready to deploy.

To deploy your studio and enable AWS SSO

1. Sign in to the AWS Management Console.

2. Go to Services → Nimble Studio .

3. In the AWS Region selector (top-right navigation bar), make sure that the Region for your studio is selected.

(37)

Step 1: Enable AWS Single Sign-On (AWS SSO)

(38)

4. Choose Set up your cloud studio.

5. Select CNR: I have no existing resources, then choose Next.

a. While it is possible to use existing resources that you might have, such as storage or a license service, this tutorial assumes that you are starting from scratch with no resources.

(39)

6. Choose Enable AWS SSO.

a. If you see a green conﬁrmation that AWS SSO has already been enabled, skip to Step 2: Access the StudioBuilder AMIs (p. 35).

(40)

7. In the Enable AWS SSO pop-up, choose Create AWS organization.

(41)

(42)

Step 2: Access the StudioBuilder AMIs

a. A success message conﬁrms that AWS SSO has been enabled.

(43)

packages that you need for the deploy. First you will add the Linux, Windows, and StudioBuilder AMIs to your account. Then you can launch an instance with the StudioBuilder AMI to deploy your studio.

To navigate to the StudioBuilder AMIs in the AWS Marketplace

1. Choose Access StudioBuilder AMIs.

a. The Access StudioBuilder AMIs window will open.

2. Choose Subscribe to Deadline Linux Farm AMI in Marketplace.

a. The Nimble Studio Deadline Linux farm worker page will open in the AWS Marketplace.

3. Choose Continue to Subscribe.

4. Read the terms and conditions and then choose Accept Terms.

(44)

5. Return to the Access StudioBuilder AMIs window and choose Subscribe to Deadline Windows Farm AMI in Marketplace.

6. Repeat the previous steps to accept the terms and conditions.

7. Return to the Access StudioBuilder AMIs window again and choose Subscribe to StudioBuilder AMI in Marketplace.

8. Repeat the same steps to accept the terms and conditions.

9. After the subscribe request has ﬁnished processing, choose Continue to Conﬁguration.

10.In the Region dropdown menu, select the AWS Region that you want to deploy your studio to and choose Continue to Launch.

(45)

11.In the Choose Action dropdown menu, select Launch through EC2 and choose Launch.

(46)

Step 3: Launch the StudioBuilder EC2 instance

a. The Amazon EC2 Console will open to guide you through the rest of the launch process.

b. Since you have already chosen an AMI, the EC2 Console will automatically skip Step 1: Choose an Amazon Machine Image (AMI) and proceed directly to Step 2: Choose an Instance Type.

Step 3: Launch the StudioBuilder EC2 instance

To start launching the StudioBuilder EC2 instance

1. For Step 2: Choose an Instance Type, select t3.medium from the list.

2. Choose Next: Conﬁgure Instance Details.

(47)

3. On Step 3: Conﬁgure Instance Details, set Auto-assign Public IP to Enable to ensure that your instance receives a public IP address that you will use when connecting to it later.

(48)

4. On the same page, you must specify an AWS Identity and Access Management (IAM) role.

a. The IAM role enables administrator access from your StudioBuilder instance.

(49)

i. Choose Create role.

ii. Select AWS service.

iii. Choose EC2.

iv. Choose Next: Permissions.

v. Select AdminstratorAccess.

(50)

vi. Choose Next: Tags.

vii.Choose Next: Review.

viii.Enter the Role name. Example: StudioBuilder_Instance_Admin_Role.

ix. Enter a Role description. Example: Gives administrative access to the StudioBuilder instance.

(51)

x. Choose Create role.

xi. Close the tab and switch back to the Launch instance wizard tab.

d. To update the list of available IAM roles, choose the Refresh button next to Create new IAM role.

e. Select the new role you created from the list.

5. Choose Review and Launch.

6. On the Step 7: Review Instance Launch page, choose Launch.

7. In the window that pops up, choose Proceed without a key pair from the ﬁrst dropdown.

a. A key pair, consisting of a private key and a public key, is a set of security credentials that you use to prove your identity when connecting to an instance. You will use EC2 Instance Connect so you don’t need a key pair.

8. Read the terms and conditions at the bottom of the pop-up and if you agree:

a. Select the check box next to I acknowledge that without a key pair, I can connect to this instance only by using EC2 Instance Connect or if I know the password built into the AMI. Note that EC2 Instance Connect is only supported on Amazon Linux 2 and Ubuntu.

b. You will not need the password since you will use EC2 Instance Connect.

(52)

9. Choose Launch Instances.

10.On the Launch Status page, choose View Instances at the bottom of the page.

11.Change the name of the instance so that you can easily ﬁnd it later.

a. In the list of instances, under the Name column, hover over the empty name ﬁeld for the instance.

b. Choose the edit icon that appears.

c. Change the name to NimbleStudioBuilder.

d. Choose Save.

12.After the instance state of your instance changes from Initializing to Running, select it and choose Connect.

(53)

Step 4: Conﬁgure studio with StudioBuilder

Next, you’ll connect to your instance to run StudioBuilder. StudioBuilder helps you to deploy a studio by asking a series of questions about how you want to conﬁgure your studio. It then builds the studio based on your answers.

To connect to the instance with EC2 Instance Connect

1. On the Connect to instance page, make sure EC2 Instance Connect is selected.

2. Change the user name to ec2-user. If you leave the user name as root, StudioBuilder might not run correctly.

3. Choose Connect.

Amazon Nimble Studio

Amazon Nimble Studio

User Guide

Amazon Nimble Studio: User Guide

Table of Contents

What is Amazon Nimble Studio?

Supported software and operating systems

Remote team management

Security with Nimble Studio

Setup and deployment

Storage for Nimble Studio

How to get started with Nimble Studio

Concepts and terminology for Amazon Nimble Studio

Key features

Key concepts and terminology

How StudioBuilder works with Amazon Nimble Studio

How does StudioBuilder work?

What resources does StudioBuilder create?

Network tier

Amazon VPC

Subnets

Gateways and endpoints

Route 53

Security groups

Amazon S3

IAM

Data tier

Security groups

AWS KMS

Amazon EFS

Amazon DocumentDB

Auto Scaling groups

Secrets Manager

AWS Lambda

CloudWatch Alarms

AWS Step Functions

IAM

Nimble Studio resources

Service tier

Security groups

Deadline

Nimble Studio resources

Compute tier

Security groups

Spot Event Plugin

Nimble Studio resources

Troubleshooting

My Spot Fleets are being terminated.

I got a CloudWatch Alarm about burst credits

Related resources

Availability Zones for Amazon Nimble Studio

Local Zones

Setting up to use Nimble Studio

Set up IAM

Check service quotas

Check your Spot Instance quota

Request a quota increase

Request a quota increase for Amazon Nimble Studio streaming sessions

Request a quota increase for VPC security groups per network interface

Request a quota increase for On-Demand “G and VT”

Instances

(Optional) Opt in to the LA Local Zone

Related resources

Getting started with Amazon Nimble Studio

Deploying a new studio with StudioBuilder

Prerequisites

Step 1: Enable AWS Single Sign-On (AWS SSO)

To deploy your studio and enable AWS SSO

To navigate to the StudioBuilder AMIs in the AWS Marketplace

Step 3: Launch the StudioBuilder EC2 instance

To start launching the StudioBuilder EC2 instance

Step 4: Conﬁgure studio with StudioBuilder

To connect to the instance with EC2 Instance Connect