Installation using CloudFormation

  • Updated on Jul 9, 2025
  • Published on Oct 29, 2024
  • 2 minute(s) read
Prev Next

Traceable allows you to configure and install runners in AWS ECS (Elastic Container Service) using CloudFormation. This streamlines the configuration process by allowing you to leverage AWS’s infrastructure-as-code capabilities, making it easy to set up and configure runners in ECS environments. By using CloudFormation templates, you can automate the installation and management of runners, ensuring seamless execution of API security tests across distributed AWS services. This simplifies integrating API Security Testing into cloud-native applications hosted on AWS.

Before you begin

Make a note of the following before proceeding with the runner installation:

  • AWS account — Ensure you have an active AWS account.

  • IAM permissions — Ensure you have the necessary IAM permissions to create and manage CloudFormation stacks, ECS services, and tasks. The necessary permissions include:

    • cloudFormation: CreateStack

    • cloudFormation: UpdateStack

    • cloudFormation: DeleteStack

    • ecs:*

  • AWS cluster — Ensure you have an existing cluster where you wish to deploy the runner.

  • VPC, Subnets, Security Groups — Ensure you have existing VPC, subnets, and security groups configured in your AWS account. You can use them to deploy the ECS service.

  • CloudFormation template — Ensure you have access to the ECS CloudFormation template file (traceable-ast-runner.yaml).

    Note

    You can download the template from Traceable’s download site.

Install Runner through AWS Management Console (UI)

Complete the following steps to install the Traceable runner using the AWS management console:

  1. Open your web browser and log in to the AWS management console.

  2. In the console, navigate to the CloudFormation service.

  3. Click Create Stack and then choose With new resources (standard).

  4. Click Choose an existing template, upload the CloudFormation template (traceable-ast-runner.yaml) that you obtained from the Traceable support, and click Next.

  5. Specify the stack name, for example, TraceableECSStack, and the necessary parameters according to your requirements. Refer to the table below for guidance on the various fields:


    Note

    The stack name may be prefixed/suffixed in some of the resources that are created.

    Variables

    Description

    Default Value

    ClusterName

    The cluster name where the service is created

    -

    CPU

    The number of vCPU for the runner

    2

    Memory

    The memory (in GB) for the runner

    4

    TaskRoleArn

    The relevant task role ARN

    -

    ExecutionRoleArn

    The relevant execution role ARN

    -

    TaskSubnetIds

    The relevant subnet IDs

    -

    TaskSecurityGroupIds

    The relevant security group IDs

    -

    CLIImage

    Traceable CLI image to use as a runner

    traceableai/traceable-cli:latest

    TraceableServer

    Traceable server URL to interact with the platform

    api.traceable.ai

    TraceableApiToken

    The Traceable platform API token. Navigate to Your Account → My Preferences → API Tokens → Generate API Token to generate a token.

    -

    RunnerName

    The runner name

    -

    RunerLogGroup

    Log group for storing runner logs. These logs are visible post-stack creation.

    -

  6. Click Next.

  7. Configure additional stack options such as tags, permissions, advanced options, etc. according to your requirements and click Next.

  8. Review the stack details and parameters, and acknowledge the creation of IAM resources, if applicable, by selecting the checkbox at the bottom. Then, click Next.

CloudFormation starts creating the stack. You can monitor the progress in the Events tab on the Stack Details page. The stack creation may take several minutes.

Once the stack is created, verify the created resources by checking the ECS service, task definition, and runner logs.