Use Terraform to deploy Tracecat into ECS Fargate.
TRACECAT__AUTH_TYPES=google_oauth,saml
is the default configuration.
You’ll need to configure Google OAuth or SAML SSO to login.curl
, openssl
, docker
to create cryptographic keys used in the Tracecat appDownload Terraform stack
Create encryption secrets for Tracecat
TRACECAT__DB_ENCRYPTION_KEY
, TRACECAT__SERVICE_KEY
, TRACECAT__SIGNING_SECRET
) to sign and encrypt secrets within the application.openssl
CLI tool.
The database encryption key is created using the cryptography
Python library, which is run in Docker.Download and execute the secrets creation bash script.create-aws-secrets.sh
file on GitHub for details
if you want to run this step manually.Retrieve secret ARNs
Configure Google OAuth or SAML SSO
oauth_client_id_arn
oauth_client_secret_arn
saml_idp_metadata_url_arn
Deploy stack
variables.tf
file on GitHub.Access Tracecat UI
https://<your-hosted-zone-domain-name>
.
You can also view Tracecat’s API docs via https://<your-hosted-zone-domain-name>/api/docs
.variables.tf
and ecs/locals.tf
files to better understand Tracecat’s configurations.