This repository contains Terraform infrastructure code to deploy Sequin on AWS.
Sequin is a tool for capturing database changes and streaming them to external systems like Kafka, SQS, Redis, and webhooks. It provides a simple way to build event-driven architectures and keep external systems in sync with your database.
Two deployment configurations are available:
terraform-ecs-ec2/: Traditional ECS deployment using EC2 instancesterraform-ecs-fargate/: Serverless ECS deployment using AWS Fargate
Each deployment configuration is organized into two separate Terraform directories:
Contains shared infrastructure resources that are deployed once:
- VPC & networking: VPC, subnets, NAT Gateway, Internet Gateway
- ECS cluster: Container orchestration cluster
- RDS database: Postgres database for Sequin
- Redis/ElastiCache: Redis instance for caching and queuing
- Load balancer: Application Load Balancer with SSL support
- Security groups & IAM: Security and access control
- Bastion host: EC2 instance for secure database access (EC2 deployment only)
Contains the Sequin application deployment:
- ECS service: Sequin container service configuration
- Task definition: Container specifications and environment variables
- Secrets management: Auto-generated secrets and configuration
- CloudWatch logs: Application logging setup
This separation allows you to manage infrastructure changes independently from application deployments.
- AWS CLI configured with appropriate permissions
- Terraform installed (>= 1.0)
- An AWS key pair for EC2 access (EC2 deployment only)
Run the initialization script to set up Terraform state management:
make init-terraformThis command will:
- Prompt you to choose between EC2 or Fargate deployment
- Prompt you for S3 bucket name and AWS region during setup
- Optionally create the specified S3 bucket in AWS if it doesn't exist
- Create
[selected-deployment]/infra/backend.tfbackendwith S3 backend configuration for infrastructure state - Create
[selected-deployment]/app/backend.tfbackendwith S3 backend configuration for application state - Create
[selected-deployment]/app/remote-state.auto.tfvarswith variables to reference the infrastructure state
Navigate to the infrastructure directory of your chosen deployment and deploy the foundational resources:
cd terraform-ecs-fargate/infra/ # or terraform-ecs-ec2/infra/
terraform init -backend-config=backend.tfbackend
terraform applyYou'll be prompted to provide:
- EC2 key name: Name of your AWS key pair for SSH access (EC2 deployment only)
- Database password: Secure password for the Sequin config Postgres database
This will create all the networking, database, and cluster infrastructure needed for Sequin.
Navigate to the application directory and deploy Sequin:
cd ../app/
terraform init -backend-config=backend.tfbackend
terraform apply -var image_tag=latestThis will:
- Deploy the Sequin container to your ECS cluster
- Auto-generate secure secrets (encryption keys, admin password)
- Configure database and Redis connections
- Set up load balancer routing and health checks
After both deployments complete, you can access Sequin at the load balancer URL displayed in the outputs.
Note that the Sequin setup process creates a user with a default username and password:
- email:
admin@sequinstream.com - Password:
sequinpassword!
You should change the password immediately after logging in.
app creates secrets in AWS Secrets Manager. Placeholders are used for many optional secrets, such as GitHub credentials (for GitHub OAuth). You can manage these secrets using the AWS Secrets Manager console or CLI.
See Configuration for the full list of Sequin configuration options.
- Image tag: Specify a Sequin version with
-var image_tag=v0.13.0or uselatest - Instance sizes: Modify
variables.tfto adjust compute resources:- EC2 deployment: Adjust EC2 and RDS instance types
- Fargate deployment: Adjust CPU/memory allocation and RDS instance types
To enable HTTPS, provide an SSL certificate ARN in the ssl_certificate_arn variable.