Private Deployment Setup Guide

There are three deployment models to run Etleap inside your AWS virtual private cloud (VPC).

Etleap deploys your application in an AWS account that Etleap owns.
Etleap deploys your application in an AWS account that you own.
You deploy Etleap in an AWS account that you own.

Note

Setting up a single-tenant deployment requires a specific Etleap license. Please contact your dedicated Customer Success Manager or email support@etleap.com for the next steps.

Option 1: Etleap deploys the application in an Etleap-owned VPC

To deploy Etleap inside a new, dedicated AWS account owned by Etleap, please provide the following information to get started:

A minimum /22 IP CIDR range to be created by Etleap that doesn’t overlap with your existing VPCs.
A region to deploy Etleap in (e.g. us-east-1).
(Optional) A DNS Hostname and associated ACM Certificate ARN.

Option 2: Etleap deploys the application in your VPC

To have Etleap deploy your application inside your AWS account, please complete the following:

Create a dedicated AWS account (owned by you) to host the Etleap single-tenant deployment.
Provision one IAM role with the AdministratorAccess policy attached and enable 841591717599 to assume the role.
Provision an ACM SSL Certificate for the Web App. For more information about ACM SSL Certificates please read here .
Provide the following to Etleap to complete the deployment:
1. The role ARN.
2. The region to deploy Etleap in (e.g. us-east-1).
3. A /22 IP CIDR range to be created by Etleap that doesn’t overlap with your existing VPCs.
4. A DNS Hostname and associated ACM Certificate ARN.

Option 3: You deploy Etleap in your VPC

You can use Terraform to deploy the Etleap application inside your AWS account by completing the following steps:

Please provide the following information to Etleap about where you’re planning to deploy the Etleap application:
1. The AWS Account ID (12 digits).
2. The AWS Region (e.g. us-east-1) that you will be deploying Etleap to.
Etleap will provide you with your unique deployment ID and AMI IDs required to run Terraform.

Copy the template below into a local Terraform file, and complete the steps within the template.


# Step 1: Create an SSH key pair that can be used to SSH into the Etleap EC2 instance(s):
#  a. Run `ssh-keygen -t ed25519 -f etleap`. This will create 2 files: etleap and etleap.pub.
#  b. Input the contents of etleap.pub in `public_key` below.
#  c. Store the etleap file the same way you would any production secret.
resource "aws_key_pair" "etleap" {
  key_name   = "etleap"
  public_key = "<contents of etleap.pub>"
}
 
module "etleap" {
  source   = "etleap/etleap-vpc/aws"
  key_name = aws_key_pair.etleap.key_name
 
  # Latest version can be found in https://registry.terraform.io/modules/etleap/etleap-vpc/aws/latest
  version = "<latest_version>"
 
  # Step 2: Specify the deployment ID, and the AMI ID provided by Etleap.
  deployment_id    = "<deployment_id>"
  amis             = {
    app = "<app_ami_id>"
  }
 
  # Step 3: Pick either option A or B below.
  # Option A: Etleap will create the VPC it is deployed into. Please uncomment the 3 lines below and pick the first three octets of the VPC's CIDR block.
  #vpc_cidr_block_1 = 172
  #vpc_cidr_block_2 = 16
  #vpc_cidr_block_3 = 0
  # Option B: Etleap will be deployed into an existing VPC. Please uncomment the 3 lines below and replace the placeholder values.
  #vpc_id           = "<vpc-id>"
  #public_subnets   = ["<subnet-public-1-id>", "<subnet-public-2-id>", "<subnet-public-3-id>"]
  #private_subnets  = ["<subnet-private-1-id>", "<subnet-private-2-id>", "<subnet-private-3-id>"]
 
  # Step 4: Enter your name, and the email address that you will use to log in to the Etleap app.
  first_name       = "First"
  last_name        = "Last"
  email            = "first.last@email.com"
 
  # Step 5: Optionally restrict the CIDR blocks that can access the Etleap app (on port 443). By default, access
  # is allowed from all IP addresses.
  #app_access_cidr_blocks = ["0.0.0.0/0"]
 
  # Step 6: Should Etleap be accessible from the internet? This setting determines whether Etleap's ALB is
  # created in a public (true) or a private (false) subnet. Defaults to 'true'.
  #enable_public_access = true
 
  # Step 7: Set Etleap app's hostname and associated SSL certificate. You can leave this for later if you don't
  # have a certificate or access to create a DNS record. If you do, traffic will still be encrypted but you will
  # get a browser warning. To bypass the browser warning in Chrome, type 'thisisunsafe'.
  # To set a hostname and associated SSL certificate follow these steps:
  # A. Pick a hostname that you are able to create with your DNS provider (but don't create the DNS record just yet).
  # B. Create an SSL certificate for the chosen hostname and import it into ACM (https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html).
  # C. Uncomment the lines below and provide the certificate ARN as well as your chosen hostname.
  # D. Run `terraform apply`.
  # E. Get the ALB hostname from `terraform output app_public_address` and create a CNAME DNS record to it from your chosen hostname.
  # You can now access your Etleap app via the provided hostname.
  #acm_certificate_arn = "some-arn"
  #app_hostname = "hostname"
 
  # Step 8: Optionally enable High Availability mode. By turning this on, RDS instances will be multi-AZ, and a
  # secondary EC2 instance will be created for the Etleap app in a separate AZ. We recommend this turning this on
  # for all production environments. Defaults to 'false'.
  #ha_mode = false
}
 
output "app-hostname" {
  value = module.etleap.app_public_address
}
 
output "setup-password" {
  sensitive = true
  value     = module.etleap.setup_password
}

Run terraform init to initialize Terraform.
Run terraform apply to create the resources.
Run terraform output app_public_address to identify the public address from the Terraform output and visit that address.
Run terraform output setup_password.
Enter your email address and the password shown by Terraform.
Follow the instructions to set up your Etleap account.

Additional Resources

Visit our terraform module page here for more information on the template, inputs , outputs , and resources when deploying Etleap within a new/existing VPC.