How to deploy with Terraform
Follow the steps below to deploy the Cado platform using Terraform.
Step-by-Step Guide
-
Clone the Repository:
Clone the Cado Security Deployment Templates from GitHub:
GitHub Repo -
Navigate to the Deployment Directory:
Go to the root aws_v2 folder within the cloned repository. -
Configure Deployment Settings:
Modify theawsVars.tfvarsfile to match your deployment needs. This file contains key variables for your deployment configuration. -
Initialize Terraform:
Run the following command to initialize the Terraform working directory:terraform init -
Preview the Deployment Plan:
To review the configuration and ensure everything is set up correctly, run:terraform plan -var-file="awsVars.tfvars" -
Deploy the Infrastructure:
When ready to deploy, run:terraform apply -var-file="awsVars.tfvars"Note: If you're using Windows, avoid running this command in PowerShell as it may not handle quotes properly. Use the Command Prompt instead.
Key Parameters
| Parameter Name | Value | Description |
|---|---|---|
region | (AWS region) | AWS region for deploying Cado, e.g., us-east-1. |
key_name | (key pair name) | SSH key pair for accessing the Cado instance (optional, but useful for troubleshooting). |
ami_id | (AMI ID) | Contact Cado Sales to get the appropriate AMI ID for your region. Provide your AWS Account Number. |
public_deployment | True or False | Set to True for public IP access. Set to False to deploy behind an ALB with a DNS URL. |
certificate_arn | (ARN) | ARN of the certificate to assign to the ALB (required if public_deployment is False). |
tags | (key-value map) | Tags for organizing and identifying your AWS resources. |
vm_size | m5.4xlarge | Choose your instance type (default: m5.4xlarge). |
vol_size | (disk size in GB) | The disk size for the instance (default: 100 GB). |
ssh_location | (CIDR range) | IP address or range allowed for SSH access (recommended to restrict to specific IPs). |
http_location | (CIDR range) | IP address or range allowed for HTTPS access (recommended to restrict to specific IPs). |
custom_networking | (optional) | For custom VPC deployments. Specify VPC and subnet IDs if deploying in an existing network setup. |
proxy | (proxy URL) | Optional: URL of the proxy server to use for outbound connections. |
proxy_cert_url | (certificate URL) | Optional: URL to download the proxy certificate, if needed. |
Deploying into Custom Networking
For custom networking configurations:
- For Public deployments, supply
vpc_idandpublic_subnet_id. - For Private deployments, supply
vpc_id,public_subnet_id,public_subnet_b_id, andprivate_subnet_id.
Final Steps
-
Initialize the Platform:
Once the infrastructure is deployed, a one-time initialization process will begin. The entire deployment and initialization process typically takes 10-15 minutes. -
Log into Cado:
After deployment, log into the Cado platform. The initial username isadmin, and the password is the instance ID of your deployed Cado platform. You’ll be prompted to change your password upon first login.
Log into Cado -
Import a License:
You will also need to import a license file (in JSON format) after logging in.
Identifying the AMI ID
To find the latest AMI ID for the Cado platform, visit the following link:
View Latest AMIs