84a1c84244
- Add S3 to AWS reference architecture docs - Add note that GCP support for add/install software (deploy security agents) and file carves is coming soon - Add note that Render support for add/install software (deploy security agents) is coming soon - Update links to best practice Terraform example
5 KiB
Deploy Fleet
Deploy to Render for an easy one-click proof of concept. Or, choose AWS with Terraform to deploy at scale. Just need to kick the tires? Try Fleet locally on your device.
Render
Deploy to Render in 5 minutes
Render is a cloud hosting service that makes it easy to get up and running fast, without the typical configuration headaches of larger enterprise hosting providers.
Prerequisites
- A Render account with payment information.
The Fleet Render Blueprint will provision a web service, a MySQL database, and a Redis in-memory data store. Each service requires Render's standard plan at a cost of $7/month each, totaling $21/month.
Instructions
-
Click "Deploy to Render" to open the Fleet Blueprint on Render. You will be prompted to create or log in to your Render account with associated payment information.
-
Give the Blueprint a unique name like
yourcompany-fleet. -
Click "Apply." Render will provision your services, which should take less than five minutes.
-
Click the "Dashboard" tab in Render when provisioning is complete to see your new services.
-
Click on the "Fleet" service to reveal the Fleet URL.
-
Click on the URL to open your Fleet instance, then follow the on-screen instructions to set up your Fleet account.
Support for add/install software features is coming soon. Get commmunity support.
AWS
Deploy at scale with AWS and Terraform
The simplest way to get started with Fleet at scale is to use AWS with Terraform.
This workflow takes about 30 minutes to complete and supports between 10 and 350,000 hosts.
Prerequisites
-
A new or existing Amazon Web Services (AWS) account
-
An AWS Identity and Access Management (IAM) user with administrator privileges
-
The latest version of AWS Command Line Interface
awscli -
The latest version of HashiCorp Terraform
-
A Fully-Qualified Domain Name (FQDN) for hosting Fleet
Instructions
-
Download the Fleet
main.tfTerraform file. -
Edit the following variables in the
main.tfTerraform file you just downloaded to match your environment:# Change these to match your environment. domain_name = "fleet.example.com" vpc_name = "fleet-vpc" osquery_carve_bucket_name = "fleet-osquery-carve" osquery_results_bucket_name = "fleet-osquery-results" osquery_status_bucket_name = "fleet-osquery-status"Terraform modules for Fleet features can be enabled and disabled by commenting or uncommenting sections of the code as needed. To learn more about the modules, check out our AWS with Terraform advanced guide.
-
Log in to your AWS account using your IAM identity.
-
Run a command like the following in Terminal:
% terraform init ~/Downloads/main.tfIf the file was not downloaded to the downloads folder, ensure that you adjust the file path in the command.
This step will take around 15 minutes.
-
Run the following commands in Terminal:
terraform apply -target module.fleet.module.vpc -
Next, run this command:
terraform apply -target module.osquery-carve -target module.firehose-logging -
Log in to your AWS Route 53 instance
-
Run the following commands in Terminal:
terraform apply -target aws_route53_zone.main -
From the Terminal output, obtain the NS records created for the zone and add them to the parent DNS zone in the AWS Route 53 GUI.
-
Run the following commands in Terminal:
terraform apply -target module.fleet -
Lastly, run the following in Terminal:
terraform apply -
That’s it! You should now be able to log in to Fleet and enroll a host.