Quick Start: AWS (all-in-one)

Try the whole product on real AWS, with browser-trusted TLS and everything provisioned for you. One terraform apply stands up the entire stack on a single EC2.

What it is

deploy/terraform/sandbox/ puts the whole stack on one EC2 — control server, sink, Keycloak, Samba AD, and Postgres — behind an ALB + ACM, so TLS is real and browser-trusted (no certificate warnings).

Prerequisites

  • AWS credentials — configured for your account (e.g. aws-vault exec <your-profile> -- <cmd> or a standard AWS_PROFILE).
  • A Route53 hosted zone for your domain.
  • A GitHub read:packages PAT — the EC2 pulls the private GHCR images.

Deploy

cd deploy/terraform/sandbox

cat > secret.auto.tfvars <<EOF
ghcr_username = "<github-username>"
ghcr_token    = "<read:packages PAT>"
EOF

terraform init
terraform apply   # ~10 min: ACM DNS-validation, ALB, EC2 boot, AD provision, Keycloak realm import

Key variables

Variable Default
domainselfhost-sandbox.gettripwires.com
idp_domainid.<domain>
route53_zone_idyour hosted-zone ID

Outputs

terraform output admin_url
terraform output idp_url
terraform output honeypot_host
terraform output -raw admin_password
terraform output -raw kc_admin_password

Then

  • Browse the admin_url — real cert, no warning.
  • Sign in via SSO — alice / bob are seeded into AD.
  • Create and trip a tripwire to confirm the end-to-end path.
  • Upload your license on the System Setup screen. Don't have one yet? Request a license from enterprise@gettripwires.com.

Tear down

terraform destroy

Note. This path has been verified end-to-end. For arm64 / Graviton, use the binary downloads.

Quick start: Local (Docker) Quick start: AWS (bring-your-own)