Quick Start: AWS (bring-your-own)
The production-shaped path: run Tripwire's control server and sink in your AWS account, wired to your own dependencies. This is what a real enterprise or government customer deploys — their estate, their directory, their infrastructure.
What we provide
Only the control server (an ASG behind an ALB) and the sink fleet. Everything else is yours.
What you bring / configure
| Area | Your choice (point-pick) |
|---|---|
| Network | Bring your own VPC / subnets, or let the module create one. |
| Database | Your own RDS Postgres, or the module provisions one. |
| TLS | A DNS-validated ACM cert the module creates from your Route53 zone, or pass acm_certificate_arn for a cert you manage. |
| Identity | Configure OIDC / SAML / LDAP in System Setup against your IdP (Microsoft Entra ID / Okta / your own Keycloak) and your Active Directory. |
| Notifications / logging | Point-pick — SES / CloudWatch. |
This path does not bundle Keycloak + AD — that's the
all-in-one demo. It's deploy/terraform/ (the production modules), driven by point-pick
variables — see deploy/terraform/DESIGN.md.
Note. These modules are terraform validate-clean; the all-in-one sandbox path has been run end-to-end.
Steps (sketch)
- Set the point-pick variables — VPC, database, and either
domain+route53_zone_idoracm_certificate_arn. - Apply the modules:
terraform init
terraform applyAfter it's up: configure SSO / LDAP in System Setup against your directory, and upload your license. Don't have one yet? Request a license for your organisation from enterprise@gettripwires.com.