Terraform Deployment
Deploy Infracast to AWS using Terraform. This creates a production-ready setup with ECS, RDS, and ALB.
Prerequisites
- AWS account with admin access
- Terraform 1.5+
- AWS CLI configured (
aws configure) - Domain name for
infracast.yourdomain.com
Architecture
┌─────────────────────────────────────────────────────────────────┐
│ AWS VPC │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Public Subnet │ │ Public Subnet │ │
│ │ (us-east-1a) │ │ (us-east-1b) │ │
│ │ │ │ │ │
│ │ ┌───────────┐ │ │ ┌───────────┐ │ │
│ │ │ ALB │◀─┼────┼──│ ALB │ │ ◀── HTTPS:443 │
│ │ └─────┬─────┘ │ │ └───────────┘ │ │
│ └────────┼────────┘ └─────────────────┘ │
│ │ │
│ ┌────────▼────────┐ ┌─────────────────┐ │
│ │ Private Subnet │ │ Private Subnet │ │
│ │ │ │ │ │
│ │ ┌───────────┐ │ │ ┌───────────┐ │ │
│ │ │ ECS Task │ │ │ │ ECS Task │ │ ◀── Fargate │
│ │ │ (Vulcan) │ │ │ │ (replica) │ │ │
│ │ └─────┬─────┘ │ │ └───────────┘ │ │
│ └────────┼────────┘ └─────────────────┘ │
│ │ │
│ ┌────────▼─────────────────────────────────┐ │
│ │ RDS PostgreSQL │ │
│ │ (Multi-AZ, encrypted) │ │
│ └───────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Step 1: Clone Infrastructure Repo
git clone https://github.com/azgardtek/vulcan.git
cd vulcan/deploy/terraform/aws
Step 2: Configure Variables
cp terraform.tfvars.example terraform.tfvars
Edit terraform.tfvars:
terraform.tfvars
# Required
aws_region = "us-east-1"
environment = "prod"
domain_name = "infracast.yourdomain.com"
certificate_arn = "arn:aws:acm:us-east-1:123456789:certificate/abc123"
# Database
db_instance_class = "db.t3.medium" # Upgrade for production
db_multi_az = true
# ECS
ecs_cpu = 1024 # 1 vCPU
ecs_memory = 2048 # 2 GB
ecs_desired_count = 2 # Minimum 2 for HA
# Networking (optional - creates new VPC if not specified)
# vpc_id = "vpc-123456"
# private_subnets = ["subnet-a", "subnet-b"]
# public_subnets = ["subnet-c", "subnet-d"]
# Tags
tags = {
Project = "Infracast"
Environment = "prod"
ManagedBy = "terraform"
}
Step 3: Initialize and Plan
terraform init
terraform plan -out=tfplan
Review the plan carefully. Expected resources:
- VPC with public/private subnets (if not provided)
- RDS PostgreSQL instance
- ECS cluster and service
- Application Load Balancer
- Security groups
- IAM roles
- CloudWatch log groups
Step 4: Apply
terraform apply tfplan
Deployment takes approximately 15-20 minutes (RDS is the slowest).
Step 5: Configure DNS
After apply, Terraform outputs the ALB DNS name:
Outputs:
alb_dns_name = "vulcan-prod-alb-1234567890.us-east-1.elb.amazonaws.com"
api_url = "https://infracast.yourdomain.com"
Create a CNAME record in your DNS:
infracast.yourdomain.com → vulcan-prod-alb-1234567890.us-east-1.elb.amazonaws.com
Step 6: Bootstrap
Once DNS propagates:
# Get the API URL from Terraform output
API_URL=$(terraform output -raw api_url)
# Bootstrap admin user (first-time only)
curl -X POST "$API_URL/api/v1/bootstrap" \
-H "Content-Type: application/json" \
-d '{
"username": "admin",
"password": "YourSecurePassword123!",
"bootstrap_token": "'"$(terraform output -raw bootstrap_token)"'"
}'
Terraform Modules
Core Module
main.tf
module "vulcan" {
source = "github.com/azgardtek/vulcan//deploy/terraform/modules/vulcan-ecs"
environment = var.environment
vpc_id = module.vpc.vpc_id
private_subnets = module.vpc.private_subnets
public_subnets = module.vpc.public_subnets
# Database
db_instance_class = var.db_instance_class
db_multi_az = var.db_multi_az
# ECS
ecs_cpu = var.ecs_cpu
ecs_memory = var.ecs_memory
ecs_desired_count = var.ecs_desired_count
# Domain
domain_name = var.domain_name
certificate_arn = var.certificate_arn
}
Air-Gapped Deployment
For FedRAMP High or air-gapped environments:
airgap.tf
module "vulcan_airgap" {
source = "github.com/azgardtek/vulcan//deploy/terraform/modules/vulcan-airgap"
environment = "govcloud-prod"
# No internet access
enable_nat_gateway = false
# Use VPC endpoints
enable_vpc_endpoints = true
# ECR in same region (pre-pushed images)
ecr_registry = "123456789.dkr.ecr.us-gov-west-1.amazonaws.com"
# FIPS mode
fips_enabled = true
}
Scaling
Horizontal Scaling
# Increase ECS tasks
ecs_desired_count = 4
ecs_min_count = 2
ecs_max_count = 10
# Auto-scaling policy
autoscaling_target_cpu = 70
Database Scaling
# Upgrade RDS
db_instance_class = "db.r5.large"
# Add read replicas (for heavy read workloads)
db_read_replicas = 1
Monitoring
The Terraform module creates CloudWatch dashboards and alarms:
- ECS CPU/Memory utilization
- RDS connections and storage
- ALB request count and latency
- Error rate (5xx responses)
# View dashboard
aws cloudwatch get-dashboard --dashboard-name vulcan-prod
Upgrading
# Update to latest version
terraform init -upgrade
# Plan the upgrade
terraform plan -out=upgrade.tfplan
# Apply (ECS performs rolling deployment)
terraform apply upgrade.tfplan
Destroying
danger
This destroys all data including the database. Export data first!
# Destroy all resources
terraform destroy
# Or destroy with confirmation skip (CI/CD)
terraform destroy -auto-approve
Cost Estimation
| Component | Instance | Monthly Cost (us-east-1) |
|---|---|---|
| ECS Fargate | 2x 1vCPU/2GB | ~$60 |
| RDS PostgreSQL | db.t3.medium (Multi-AZ) | ~$100 |
| ALB | 1 LCU average | ~$25 |
| NAT Gateway | 2 (HA) | ~$65 |
| Data Transfer | 100 GB | ~$9 |
| Total | ~$260/month |
Scale up for production workloads.