This PR adds our officially supported Tracecat single tenant AWS deployment.
What changed
Implemented a new AWS CDK stack for deploying Tracecat (with Temporal lite) onto AWS Fargate.
Configured the stack with a two security groups (core, temporal) akin to the docker compose setup
Set up the deployment to be single-tenant.
Added a GitHub Action workflow to deploy Tracecat into AWS
Add application load balancer with whitelist for IP address for public access
Added optional DNS configuration to assign subdomain to Tracecat UI
Assumes primary domain already exists in a separate root hosted zone in a separate account (see CDK docs on cross-account delegation)
Renamed platform.tracecat.com to app.tracecat.com
Rationale
Security: Restricting ingress traffic enhances security by limiting exposure to potential threats.
Isolation: Single-tenant deployment ensures that each tenant's data and resources are isolated, improving security and performance.
Automation: The GitHub Action workflow automates the deployment process, ensuring consistency and reducing manual effort.
Testing: Deploying to a sandbox environment allows for thorough testing before production deployment, minimizing the risk of issues in the live environment.
This PR adds our officially supported Tracecat single tenant AWS deployment.
What changed
core
,temporal
) akin to the docker compose setupplatform.tracecat.com
toapp.tracecat.com
Rationale