Skip to content

deductive-ai/aws-setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

83 Commits
modules/bootstrap
modules/bootstrap
 
 
open_search
open_search
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
providers.tf
providers.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Deductive AI AWS Integration

Set up AWS integration for Deductive AI in three simple steps:

  1. Clone this repository
  2. Run:
terraform init
terraform plan -var="tenant=<tenant>" -var="external_id=<external_id_from_deductive_ai>"
terraform apply -var="tenant=<tenant>" -var="external_id=<external_id_from_deductive_ai>"
  1. Share the role ARNs from the output with Deductive AI

Example output:

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Outputs:

share_with_deductive = {
  "aws_region" = "us-west-1"
  "deductive_role_arn"   = "arn:aws:iam::123456789012:role/DeductiveAIAssumeRole"
  "eks_cluster_role_arn" = "arn:aws:iam::123456789012:role/DeductiveAIEKSClusterRole"
  "ec2_role_arn"         = "arn:aws:iam::123456789012:role/DeductiveAIEC2Role-tenant"
}

You'll need:

  • External ID (provided by Deductive AI)

Optional parameters:

  • AWS region (e.g., -var="region=us-west-1")
  • AWS profile (e.g., -var="aws_profile=my-profile")

(Optional) Sync state to S3 bucket

Optionally, you can save terraform state to s3 bucket.

  1. explicitly defined the backend in providers.tf, otherwise you will see terraform raised warning about -backend-config was used without a "backend" block in the configuration.
terraform {
  backend "s3" {
    bucket  = <bucket>
    key     = "terraform.tfstate"
    region  = <region>
    encrypt = true
  }
}
  1. Migrate the state from local to s3 (note you may need to switch workspace (via tenant) if you are under multitenant environment terraform workspace select <tenant>), then
terraform init
  1. Create new workspace
terraform workspace new <tenant>
4. Plan the change
```bash
 terraform plan -var="tenant=<tenant>" -var="region=<region>" -var="aws_profile=<profile>"
  1. Apply if things looks sanity
 terraform apply -var="tenant=<tenant>" -var="region=<region>" -var="aws_profile=<profile>"

if you see Role with name <name> already exists, import it:

TENANT=<tenant>
AWS_PROFILE=<profile>
AWS_REGION=<region>

terraform import -var="tenant=$TENANT" -var="aws_profile=$AWS_PROFILE" -var="region=$AWS_REGION" module.bootstrap.aws_iam_role.deductive_role DeductiveAIAssumeRole

terraform import -var="tenant=$TENANT" -var="aws_profile=$AWS_PROFILE" -var="region=$AWS_REGION" module.bootstrap.aws_iam_role.eks_cluster_role DeductiveAIEKSClusterRole

terraform import -var="tenant=$TENANT" -var="aws_profile=$AWS_PROFILE" -var="region=$AWS_REGION" module.bootstrap.aws_iam_role.ec2_role  DeductiveAIEC2Role-${TENANT}

About

Apply changes for customer's AWS environment

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 7

1.0.6 Latest
Jun 3, 2025
+ 6 releases

Packages

No packages published

Contributors 2

Languages