Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, software catalog Integrations
Docs Pricing
More
News Case studies Ask around Meetups Share your story
The handbook Get your license Schedule a demo
Try it yourself
{{thisPage.meta.articleTitle}}
search

Deploy Fleet on AWS with Terraform

{{articleSubtitle}}

| The author's GitHub profile picture

Ben Edwards

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Talk to an engineer Talk to an engineer

Deploy Fleet on AWS with Terraform

{{articleSubtitle}}

| The author's GitHub profile picture

Ben Edwards

Deploy Fleet on AWS with Terraform

The simplest way to get started with Fleet at scale is to use AWS with Terraform.

This workflow takes about 30 minutes to complete and supports between 10 and 350,000 hosts.

Prerequisites

  • A new or existing Amazon Web Services (AWS) account

  • An AWS Identity and Access Management (IAM) user with administrator privileges

  • The latest version of AWS Command Line Interface awscli

  • The latest version of HashiCorp Terraform

  • A fully qualified domain name (FQDN) for hosting Fleet

Instructions

  1. Download the Fleet main.tf Terraform file.

  2. Edit the following variables in the main.tf Terraform file you just downloaded to match your environment:

# Change these to match your environment.
domain_name = "fleet.example.com"
vpc_name = "fleet-vpc"
An icon indicating that this section has important information

Note: Terraform modules for Fleet features can be enabled and disabled by commenting or uncommenting sections of the code as needed. To learn more about the modules, check out our AWS with Terraform advanced guide.

An icon indicating that this section has important information

Add a license key: You can include your license key as an environment variable during this step.

  1. Log in to your AWS account using your IAM identity.

  2. Run a command like the following in Terminal:

% terraform init ~/Downloads/main.tf
An icon indicating that this section has important information

If the file was not downloaded to the downloads folder, ensure that you adjust the file path in the command.

An icon indicating that this section has important information

This step will take around 15 minutes.

  1. Run the following command in Terminal:
terraform apply -target module.fleet.module.vpc
  1. Run the following command in Terminal:
terraform apply -target module.osquery-carve -target module.firehose-logging

  1. Log in to your AWS Route 53 instance

  2. Run the following command in Terminal:

terraform apply -target aws_route53_zone.main

  1. From the Terminal output, obtain the NS records created for the zone and add them to the parent DNS zone in the AWS Route 53 GUI. Ensure you're adding the subdomain and its NS records to the parent DNS, not changing the NS records for the parent. For example: if the subdomain is fleet.acme.com and the NS record is ns-420.awsdns-52.com, add this record to the parent domain.

  2. Run the following command in Terminal:

terraform apply -target module.fleet
  1. Run the following command in Terminal:
terraform apply
  1. That’s it! You should now be able to log in to Fleet and enroll a host.