Deploy a secured, clustered, auto-scaling NiFi service in AWS.
ansible apache apache-nifi automation aws big-data cloud ec2 iac iam kms nifi pipeline rhel s3 terraform ubuntu zookeeper


NiFi secure+autoscaling cluster built automatically in AWS via Terraform+Ansible.


Two designs are provided, either:



Step-by-Step Terraform Deployment

Windows Users install WSL (Windows Subsystem Linux)

## Windows Subsystem Linux ##
# Launch an ELEVATED Powershell prompt (right click -> Run as Administrator)

# Enable Windows Subsystem Linux
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

# Reboot your Windows PC
shutdown /r /t 5

# After reboot, launch a REGULAR Powershell prompt (left click).
# Do NOT proceed with an ELEVATED Powershell prompt.

# Download the Ubuntu 2004 package from Microsoft
curl.exe -L -o ubuntu-2004.appx

# Rename the package
Rename-Item ubuntu-2004.appx

# Expand the zip
Expand-Archive ubuntu-2004

# Change to the zip directory
cd ubuntu-2004

# Execute the ubuntu 2004 installer

# Create a username and password when prompted

Install Terraform, Git, and create an SSH key pair

##  Terraform + Git + SSH  ##
# Add terraform's apt key (enter previously created password at prompt)
curl -fsSL | sudo apt-key add -

# Add terraform's apt repository
sudo apt-add-repository "deb [arch=amd64] $(lsb_release -cs) main"

# Install terraform and git
sudo apt-get update && sudo apt-get -y install terraform git

# Clone the project
git clone

# Create SSH key pair (RETURN for defaults)

Install the AWS cli and create non-root AWS user. An AWS account is required to continue.

##          AWS            ##
# Open powershell and start WSL

# Change to home directory
cd ~

# Install python3 pip
sudo apt update && sudo DEBIAN_FRONTEND=noninteractive apt-get -q -y install python3-pip

# Install awscli via pip
pip3 install --user --upgrade awscli

# Create a non-root AWS user in the AWS web console with admin permissions
# This user must be the same user running terraform apply
# Create the user at the AWS Web Console under IAM -> Users -> Add user -> Check programmatic access and AWS Management console -> Attach existing policies -> AdministratorAccess -> copy Access key ID and Secret Access key
# See for more information:

# Set admin user credentials
~/.local/bin/aws configure

# Validate configuration
~/.local/bin/aws sts get-caller-identity 

# For troubleshooting EC2 instances, use the SSM Session Manager plugin
curl "" -o ~/session-manager-plugin.deb
sudo dpkg -i ~/session-manager-plugin.deb

# and set the SSH helper configuration for SSM Session Manager
tee -a ~/.ssh/config << EOM
host i-* mi-*
    ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

Customize the deployment - See variables section below

# Change to the project's aws directory in powershell
cd ~/nifi/zks-on-ec2/

# Open File Explorer in a separate window
# Navigate to ubuntu project directory - change \chad\ to your WSL username

# Edit the nifi.tfvars file using notepad and save


# In powershell's WSL window, change to the project's aws directory
cd ~/nifi/zks-on-ec2/

# Initialize terraform and apply the terraform state
terraform init
terraform apply -var-file="nifi.tfvars"

# If permissions errors appear, fix with the below command and re-run the terraform apply.
sudo chown $USER nifi.tfvars && chmod 600 nifi.tfvars

# Note the outputs from terraform after the apply completes

# Wait for the virtual machine to become ready (Ansible will setup the services for us). NiFi can take 15+ minutes to initialize.


# See nifi.tfvars


Review terraform output for quick links to State Manager (ansible) status, Load Balancer health, Cloudwatch logs, and the admin certificate in S3 which must be added to a browser for web access.


If modifying

  1. Change the file in playbooks/zookeepers/ and playbooks/nodes/
  2. Re-run terraform apply -var-file="nifi.tfvars"
  3. Re-apply the SSM associations mentioned in terraform output

If re-sizing instances or otherwise modifying autoscaling group(s):

  1. Change the instance type in nifi.tfvars
  2. Re-run terraform apply -var-file="nifi.tfvars"
  3. Scale the node autoscaling group down, either all at once (min 0 / max 0) or incrementally to replace instances of the old size/AMI.
  4. Scale the zookeeper autoscaling groups down, always leave at least one zookeeper running, preferably two - e.g.:
    • If zk1, zk2, and zk3 are running, scale down zk3. Once complete, scale zk3 back up.
    • Repeat for zk2, then zk3.