Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-22 00:18:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 139
fleet/tools/terraform
History
Benjamin Edwards 0fb6416d45
Add Cloudwatch monitoring to AWS Terraform configs (#2485) 
* add support for minio backend file carving
* add changes file
* rds alarm and sns topic
* added cloudwatch alarm documenation
* Update docs/01-Using-Fleet/06-Monitoring-Fleet.md
* update aws provider version to fix bug in ecs container insights, add more redis alerts
Co-authored-by: Zach Wasserman <zach@fleetdm.com>
2021-10-22 15:38:00 -04:00
..
.terraform-version terraform reference arch (#1761) 2021-09-21 14:19:19 -04:00
ecs-iam.tf add support for minio backend file carving (#2448) 2021-10-12 15:32:06 -04:00
ecs-sgs.tf terraform reference arch (#1761) 2021-09-21 14:19:19 -04:00
ecs.tf Add Cloudwatch monitoring to AWS Terraform configs (#2485) 2021-10-22 15:38:00 -04:00
firehose.tf Add infra for loadtest (#2218) 2021-10-14 12:04:27 -03:00
main.tf Add Cloudwatch monitoring to AWS Terraform configs (#2485) 2021-10-22 15:38:00 -04:00
monitoring.tf Add Cloudwatch monitoring to AWS Terraform configs (#2485) 2021-10-22 15:38:00 -04:00
outputs.tf add support for minio backend file carving (#2448) 2021-10-12 15:32:06 -04:00
r53.tf Feature/infra updates (#2183) 2021-09-30 16:22:34 -04:00
rds.tf Feature/infra updates (#2183) 2021-09-30 16:22:34 -04:00
readme.md terraform reference arch (#1761) 2021-09-21 14:19:19 -04:00
redis.tf Add infra for loadtest (#2218) 2021-10-14 12:04:27 -03:00
s3.tf add support for minio backend file carving (#2448) 2021-10-12 15:32:06 -04:00
variables.tf Add Cloudwatch monitoring to AWS Terraform configs (#2485) 2021-10-22 15:38:00 -04:00
vpc.tf terraform reference arch (#1761) 2021-09-21 14:19:19 -04:00

readme.md

Terraform

terraform init && terraform workspace new dev

terraform plan

terraform apply

Configuration

Typical settings to override in an existing environment:

module.vpc.vpc_id -- the VPC ID output from VPC module. If you are introducing fleet to an existing VPC, you could replace all instances with your VPC ID.

In this reference architecture we are placing ECS, RDS MySQL, and Redis (ElastiCache) in separate subnets, each associated to a route table, allowing communication between. This is not required, as long as Fleet can resolve the MySQL and Redis hosts, that should be adequate.

HTTPS

The ALB is in the public subnet with an ENI to bridge into the private subnet. SSL is terminated at the ALB and fleet serve is launched with FLEET_SERVER_TLS=false as an environment variable.

Replace cert_arn with the certificate ARN that applies to your environment. This is the certificate ARN used in the ALB HTTPS Listener.

Migrating the DB

After applying terraform run the following to migrate the database:

aws ecs run-task --cluster fleet-backend --task-definition fleet-migrate:<latest_version> --launch-type FARGATE --network-configuration "awsvpcConfiguration={subnets=[<private_subnet_id>],securityGroups=[<desired_security_group>]}"

Connecting a Host

Build orbit:

 fleetctl package --type=msi --fleet-url=<alb_dns> --enroll-secret=<secret>

Run orbit:

 "C:\Program Files\Orbit\bin\orbit\orbit.exe" --root-dir "C:\Program Files\Orbit\." --log-file "C:\Program Files\Orbit\orbit-log.txt" --fleet-url "http://<alb_dns>" --enroll-secret-path "C:\Program Files\Orbit\secret.txt" --update-url "https://tuf.fleetctl.com"  --orbit-channel "stable" --osqueryd-channel "stable"