Production Terraform Deployment

This guide covers deploying Fides using Terraform for automated infrastructure provisioning on AWS Elastic Container Service (ECS).

For Kubernetes deployments, see Production Kubernetes Deployment. For Docker configuration options, see Docker Installation.

Overview

The Fides team maintains a Terraform module (opens in a new tab) to assist in deploying Fides to AWS ECS with all required infrastructure components.

The Terraform module provisions:

AWS ECS cluster and task definitions
Application Load Balancer
RDS PostgreSQL database
ElastiCache Redis cluster
S3 bucket for storage
VPC and networking resources
IAM roles and security groups

Prerequisites

Terraform (opens in a new tab) installed locally
AWS account with appropriate permissions
AWS credentials configured locally
Basic understanding of Terraform and AWS services

Installation

1. Reference the Terraform Module

Create a new Terraform configuration that references the Fides module:

module "fides" {
  source = "github.com/ethyca/fides-terraform//fides-aws-ecs"
  
  # Required variables
  aws_region = "us-east-1"
  
  # Add your configuration here
  # See module README for all available options
}

2. Configure Module Variables

Customize the deployment by setting module variables. Common configuration options include:

module "fides" {
  source = "github.com/ethyca/fides-terraform//fides-aws-ecs"
  
  aws_region          = "us-east-1"
  environment         = "production"
  fides_image_tag     = "latest"
  
  # Database configuration
  db_instance_class   = "db.t3.medium"
  
  # Redis configuration  
  redis_node_type     = "cache.t3.micro"
  
  # ECS configuration
  fides_cpu           = 1024
  fides_memory        = 2048
  fides_desired_count = 2
}

3. Initialize Terraform

terraform init

4. Review the Plan

terraform plan

Review the resources that will be created to ensure they match your expectations.

5. Apply the Configuration

terraform apply

Type yes when prompted to confirm the deployment.

Module Configuration

For detailed configuration options and all available variables, refer to the Terraform module README (opens in a new tab).

Key Configuration Options

Infrastructure Sizing:

db_instance_class - RDS instance size
redis_node_type - ElastiCache node type
fides_cpu - ECS task CPU units
fides_memory - ECS task memory (MB)
fides_desired_count - Number of Fides task replicas

Networking:

vpc_id - Existing VPC ID (or creates new VPC)
private_subnet_ids - Subnets for private resources
public_subnet_ids - Subnets for load balancer

Security:

app_encryption_key - AES256 encryption key (32 characters)
oauth_root_client_id - Root OAuth client ID
oauth_root_client_secret - Root OAuth client secret

Accessing Fides

After deployment completes, Terraform will output the application URL:

terraform output fides_url

Visit the URL to access the Fides Admin UI.

Updating Fides

To update Fides to a new version:

Update the fides_image_tag variable
Run terraform apply

The ECS service will perform a rolling update with zero downtime.

Destroying Resources

To remove all Fides infrastructure:

terraform destroy

⚠️

Warning: This will permanently delete all resources including the database. Ensure you have backups before destroying.

Next Steps

Configure storage destinations for privacy request exports
Set up integrations to connect to your data systems
Review security best practices
Check the Terraform module repository (opens in a new tab) for updates

Additional Resources

Kubernetes Workers Reference