Skip to main content

AWS ECS Fargate

Estimated deployment time: 5 minutes

The Superblocks Terraform module for AWS deploys the OPA as an ECS Fargate service and configures all the required infrastructure to expose it to end users in Superblocks.

Deploy with Terraform

Follow the steps below to deploy the OPA on ECS Fargate using Terraform.

Install prerequisites

caution

Do not use root user credentials when deploying the agent. To learn more about best practices for managing access keys, visit the AWS docs here.

Create Terraform file

To get started, navigate to the On-premise Agent Setup Wizard to generate a superblocks_agent_key.

caution

We recommend following secret management best practices such as using environment variables, encrypted files, or a secret store to securely pass the superblocks_agent_key into your Terraform code. 

module "terraform_aws_superblocks" {
  source  = "superblocksteam/superblocks/aws"
  version = "~>1.0"

  vpc_id         = "[VPC_ID]"
  lb_subnet_ids  = "[LIST_OF_SUBNET_IDS_FOR_LOAD_BALANCER]"
  ecs_subnet_ids = "[LIST_OF_SUBNET_IDS_FOR_SUPERBLOCKS_AGENT_ECS_CLUSTER]"
  domain         = "[DOMAIN]"
  subdomain      = "[SUBDOMAIN_FOR_SUPERBLOCKS_AGENT]"

  superblocks_agent_key = "[YOUR_AGENT_KEY]"
}
info

If you use the EU Superblocks instance, also set superblocks_agent_data_domain = "eu.superblocks.com".

By default, the module deploys the OPA within an existing VPC (where your underlying data sources live). To find your VPC details, use aws ec2 describe-vpcs or navigate to your VPC in the AWS management console. Alternatively, if you want your agent to access data across multiple VPCs, update the module to create a new VPC then set up VPC peering between the newly configured VPC and existing AWS VPCs. To update the module to create a new VPC, set the following variable.

create_vpc = true

For more details on configuring VPC peering see Connect VPCs using VPC peering.

For all available configuration options, see the Terraform registry.

Initialize and apply Terraform

terraform init
terraform apply

Note, the Terraform script may fail if you have reached your AWS Service Limits. For more information on managing your AWS account limits, visit Managing AWS Service Quotas.

Billable services

The Terraform module makes use of the following AWS services. Be aware of the pricing associated with these.

  • VPC - Network where all cloud resources reside (may be additional cost depending on settings and connecting VPN)
  • ECS Fargate - ECS cluster, service, and task to run the On-premise Agent container
  • Application Load Balancer - ALB to front the Fargate service
  • Route 53 - Hosted zone and record for DNS (optional)