Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Solutions A small chevron
Device management

Device management

Remotely manage, and protect laptops and mobile devices.

Orchestration

Orchestration

Automate tasks across devices, from app installs to scripts.

Software management

Software management

Inventory, patch, and manage installed software.

Extend Fleet

Extend Fleet

Integrate your favorite tools with Fleet.

Customers A small chevron
Stripe + Fleet

Stripe + Fleet

Stripe consolidates multiple tools with Fleet.

Foursquare + Fleet

Foursquare + Fleet

Foursquare quickly migrates to Fleet for device management.

What people are saying

What people are saying

Stories from the Fleet community.

Pricing
More A small chevron
Try it yourself Get a demo
{{thisPage.meta.articleTitle}}
search

Deploy Fleet on AWS with Terraform

{{articleSubtitle}}

| The author's GitHub profile picture

Ben Edwards

Share

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Get a demoGet a demo

Deploy Fleet on AWS with Terraform

{{articleSubtitle}}

| The author's GitHub profile picture

Ben Edwards

Deploy Fleet on AWS with Terraform

The simplest way to get started with Fleet at scale is to use AWS with Terraform.

This workflow takes about 30 minutes to complete and supports between 10 and 350,000 hosts.

Prerequisites

  • A new or existing Amazon Web Services (AWS) account

  • An AWS Identity and Access Management (IAM) user with administrator privileges

  • The latest version of AWS Command Line Interface awscli

  • The latest version of HashiCorp Terraform

  • A fully qualified domain name (FQDN) for hosting Fleet

Instructions

  1. Download the Fleet main.tf Terraform file.

  2. Edit the following variables in the main.tf Terraform file you just downloaded to match your environment:

# Change these to match your environment.
domain_name = "fleet.example.com"
vpc_name = "fleet-vpc"
An icon indicating that this section has important information

Note: Terraform modules for Fleet features can be enabled and disabled by commenting or uncommenting sections of the code as needed. To learn more about the modules, check out our AWS with Terraform advanced guide.

An icon indicating that this section has important information

Add a license key: You can include your license key as an environment variable during this step.

  1. Log in to your AWS account using your IAM identity.

  2. Run a command like the following in Terminal:

% terraform init ~/Downloads/main.tf
An icon indicating that this section has important information

If the file was not downloaded to the downloads folder, ensure that you adjust the file path in the command.

An icon indicating that this section has important information

This step will take around 15 minutes.

  1. Run the following command in Terminal:
terraform apply -target module.fleet.module.vpc
  1. Run the following command in Terminal:
terraform apply -target module.osquery-carve -target module.firehose-logging

  1. Log in to your AWS Route 53 instance

  2. Run the following command in Terminal:

terraform apply -target aws_route53_zone.main

  1. From the Terminal output, obtain the NS records created for the zone and add them to the parent DNS zone in the AWS Route 53 GUI. Ensure you're adding the subdomain and its NS records to the parent DNS, not changing the NS records for the parent. For example: if the subdomain is fleet.acme.com and the NS record is ns-420.awsdns-52.com, add this record to the parent domain.

  2. Run the following command in Terminal:

terraform apply -target module.fleet
  1. Run the following command in Terminal:
terraform apply
  1. That’s it! You should now be able to log in to Fleet and enroll a host.

Advanced

Fleet's best practice Terraform, already supports putting the server_private_key and other secrets in AWS secrets manager. Check out how in the best practice Terraform.