A successful Seqera Platform deployment requires making decisions about networking, security posture, container orchestration, permissions, etc. which can sometimes be overwhelming to a client administrator who just wants to get their users onboarded and using the features offered by the Platform.
The Seqera CX team has developed a field tool to simplify deployment in two ways:
-
Reduce the infrastructure and configuration burden, so that a first-time deployment of Seqera Platform Enterprise requires less than 1 hour of work and only a few minutes for subsequent redeployments.
-
Provide an Infrastructure-As-Code (IaC) solution so activities are repeatable and artifacts can be checked into source-control.
- Disclaimer
- Appropriateness Criteria
- Prerequisites
- Configuration Steps (Mandatory)
- Configuration Steps (Optional)
- Execution Steps
- Warnings
- Multiple Deployment Consideration
This is an unofficial field tool. Use at your own discretion!!
The solution is delivered on a best-effort basis, but provides no guarantees of appropriateness for your specific scenario. Please conduct your due diligence prior to execution within your environment.
For further information on how the project is managed, please see:
-
Terraform Assets
Project resources (generated by terraform-docs). -
Design Decisions
Information about project structure, design decisions, and assumptions made. -
Security Scanning
How we scan for / mitigate security vulnerabilities found within the solution. -
Deficiencies & Gotchas
Information on existing deficiencies and gotchas. -
Software License Warning Ensure you are compliant with software licenses.
You must meet the following criteria to use this solution successfully.
- You are a client of Seqera Labs.
- You will run Seqera Platform in AWS.
- Your corporate policies allow you to store secrets in AWS Systems Manager Parameter Store (SSM).
- You have access to a local Linux-based terminal (Mac supported, with caveats).
- You can use Terraform to provision infrastructure.
- You use OpenSSH and can maintain a
~/.ssh/configfile. - (New as of May 21, 2025) You have access to a local container runtime (e.g. Docker).
See Tool Dependencies for tooling requirements.
See Permissions for the required AWS IAM permissions.
See Configuration Files for file details.
-
Download a copy of the repository to your local workstation:
git clone <path_to_offical_repo> && cd <name_of_local_directory>
-
Select a name for your Seqera Platform application (default:
tower-dev).This is a namespace isolator which prevents concurrent instances (e.g.,
devandprod) from accidentally sharing configurations.
-
Follow the instructions in Prepare Secrets and then return here.
-
Follow the instructions in Prepare SSM Secrets and then return here.
Remember your application name and SSM prefixes, as these are required for later configuration steps.
- Follow the instructions in Prepare TFvars.
- Follow the instructions in Prepare AWS IAM Permissions.
- Follow the instructions in Prepare OpenSSH.
The following configuration actions are encouraged but not mandatory.
- Follow the instructions in Review Terraform State Strategy.
- Follow the instructions in Fusion Binary Vendoring.
- Follow the instructions in Update Githooks Settings.
-
Via terminal, navigate to the project root and initialize the project:
$ terraform init
-
Create and review an execution plan:
# Recommended approach. # Execute the Seqera-supplied Python script to check your `terraform.tfvars` file for known configuration conflicts prior to terraform binary invocation. $ make plan # Alternative approach. # Execute plan without Python script verification execution. $ terraform plan
-
Execute the actions reviewed in the Terraform plan:
# Recommended approach. # Execute the Seqera-supplied Python script to check your `terraform.tfvars` file for known configuration conflicts prior to terraform binary invocation. $ make apply # Alternative approach. # Execute plan without Python script verification execution. # Note: You can append `--auto-approve` to the end of the command to avoid the need to type 'yes' to approve the deployment. $ terraform apply
- To destroy the deployed infrastructure:
$ terraform destroy
-
If a database (regardless if container or RDS) was created as part of the deployment, teardown will destroy it and all data within.
Prior to deletion, consider backing up your database if the data may be needed in future. -
Terraform is not aware of actions executed within the Seqera Platform (i.e., invocation of Tower Forge to create compute environments by users / automation tools like Seqerakit). Executing
terraform destroywithout first conducting a purge of objects within Seqera Platform will result in orphaned assets in your AWS Account.
Given client environment variability, Seqera offers no official guidance re: how best to run multiple concurrent implementations (e.g. entirely separate repositories, different branches in a monorepo, Terraform workspaces, git submodules, etc). Each site must decide what is best for them and implement accordingly.
With that said, for design purposes, this tool assumes that multiple project instances will live in the same filesystem (each within its own exclusive namespace). Each project's ssh_config file uses an alias matching the unique app_name from your tfvars file, making it possible to add multiple non-conflicting Include statements in your ~/.ssh/config.