Run the latest version of the Elastic Stack on AWS with Terraform. It leverages the excellent docker-elk project under the hood to run Elasticsearch, Logstash, Kibana, and Fleet in Docker. Provision a single‑node Elasticsearch, Logstash, Kibana, and Fleet/APM stack on an EC2 instance, fronted by an Application Load Balancer (ALB) with HTTPS. Ship traces and logs from OpenTelemetry‑instrumented workloads to the stack in minutes.
this readme was vibe coded, too lazy to make readmes
# clone
git clone https://github.com/lafayette/elk-deploy.git && cd YOUR_REPO
# deploy
terraform init # downloads providers & configures S3 backend
terraform apply -auto-approve # 🚀 create AWS resourcesGrab the passwords from the Discord webhook (if configured) or /home/ubuntu/docker-elk/.env over SSH, then visit
https://monitoring.<domain> (Kibana) or send OTLP traces to https://apm.<domain>.
This repo aims to be the simplest possible entry‑point for experimenting with the Elastic Stack on AWS using Infrastructure‑as‑Code. No external dependencies, no opinionated modules – just a lean Terraform configuration you can copy, tweak, and make your own.
- Requirements • Host setup • AWS prerequisites
- Usage • Bringing up the stack • Initial setup • Cleanup
- Configuration • How to configure Terraform variables • How to adjust EC2 size / EBS
- Extensibility • Adding Beats / Agents
- Going further
- Terraform CLI v1.x or newer
- (Optional) AWS CLI v2 for convenience
- Git + your favourite shell
Note
You’ll need an AWS account with permissions to create EC2, ALB, EBS, IAM, Route53, and ACM resources.
| Item | Description |
|---|---|
| VPC & Subnets | Existing VPC ID and at least one public subnet ID |
| Route53 Hosted Zone | The domain you’ll use for Kibana & APM (e.g. example.com) |
| ACM Certificate | Issued in the same region for monitoring.<domain> and apm.<domain> |
| SSH Key Pair | To access the EC2 instance if needed |
| Discord Webhook | (Optional) receive passwords in chat |
# 1️⃣ clone repository
git clone https://github.com/lafayette/elk-deploy.git
cd YOUR_REPO
# 2️⃣ fill in variables
echo "vpc_id = \"vpc-abc123\"" >> terraform.tfvars
# ...add the rest (see example below)
# 3️⃣ deploy
terraform init
terraform applyTerraform creates the infrastructure in ~2 min. The EC2 user‑data installs Docker and boots the containers (another 3‑5 min). When ready, log into Kibana with elastic / <generated‑password>.
Warning
AWS costs apply! Destroy the stack when you’re done: terraform destroy.
- Passwords – Delivered via Discord webhook or available in
/home/ubuntu/docker-elk/.envon the EC2 instance. - APM / OpenTelemetry – Point your OTLP exporter/agent to
https://apm.<domain>. - Fleet Server – Accessible under Kibana ▸ Fleet; enroll agents with the provided token.
terraform destroyThis removes ALB, EC2, EBS, Route53 records, security groups, IAM roles, etc.
Variables live in variables.tf. Provide overrides via terraform.tfvars or -var flags.
# terraform.tfvars (minimal)
vpc_id = "vpc-0abc123"
public_subnets = ["subnet-1", "subnet-2"]
alb_sg_id = "sg-012345"
acm_certificate_arn = "arn:aws:acm:us-east-1:123:certificate/xyz"
domain_name = "example.com"
ssh_key_name = "elk-key"Edit locals.tf and tweak instance_type (t4g.large by default) or ebs_volume_size (GiB).
- Elastic Agents / Beats – With Fleet enabled, add agents on other hosts for system metrics, nginx logs, etc.
- Multiple nodes – Convert the single EC2 into an Auto Scaling Group or deploy additional data nodes.
- Custom TLS – Use ACM Private CA or self‑signed certs if you prefer not to expose domains publicly.
- Elastic Observability docs – explore APM, logs, metrics in Kibana.
- OpenTelemetry Collector – forward traces to Elastic.
- Terraform AWS Provider – add S3 snapshots, CloudWatch alarms, etc.
Made with ❤️ & Terraform