---
title: "Installation using Terraform"
slug: "runners-using-terraform"
updated: 2025-12-29T04:54:03Z
published: 2025-12-29T04:54:03Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Installation using Terraform

Traceable allows you to configure and install runners in AWS ECS (Elastic Container Service) using Terraform. This allows you to leverage Terraform’s infrastructure-as-code capabilities to automate the deployment and management of runners in ECS environments. By using Terraform scripts, you can configure and provision runners to execute API security testing across your AWS infrastructure, ensuring seamless integration into cloud-native applications. This simplifies managing runners in distributed environments, making it scalable and efficient.

## Before you begin

Make a note of the following before proceeding with the runner installation:

- **Terraform** — Ensure that Terraform is already installed.
- **AWS account** — Ensure you have an active AWS account.
- **IAM permissions** — Ensure you have the necessary IAM permissions to create and manage ECS services and tasks. The necessary permissions include:
  - `ecs:*`
- **AWS cluster** — Ensure you have an existing cluster where you wish to deploy the runner.
- **VPC, Subnets, and Security Groups** — Ensure you have existing VPC, subnets, and security groups configured in your AWS account. You can use them to deploy the ECS service.
- **Terraform files**— Ensure you have access to Terraform tarball (`traceable-runner-tf.tar.gz`)

> [!NOTE]
> Note
> 
> You can download the file from [Traceable’s download site](https://downloads.traceable.ai/#cli/release/v2/runner/).

---

## Install Runner through Shell

Complete the following steps to install the Traceable runner using your shell:

1. **Configure AWS CLI** — Enter the following command to configure AWS CLI in your shell:

```shell
aws configure
```
2. **Verify the AWS Region** — Enter the following command and verify that the AWS region is set to the one where you wish to install the Traceable runner:

```shell
aws configure get region
```
3. **Untar the Terraform File** — Enter the following command to untar the Terraform archive (`traceable-runner-tf.tar.gz`) that you downloaded earlier:

```shell
tar -xvzf traceable-runner-tf.tar.gz
```
4. **Change the Directory** — Enter the following command to change the directory:

```shell
cd traceable-runner-tf
```
5. **Configure the Variables** — Navigate to the `terraform.tfvars` file and configure the following variables. The following table describes the variables:

| Variable | Description | Default Value |
| --- | --- | --- |
| `aws_region` | The AWS region of the Traceable runner | - |
| `cluster_name` | The cluster name where Traceable should create the service | - |
| `cpu` | The number of vCPU for the runner | 2 |
| `memory` | The memory (in GB) for the runner | 4 |
| `task_role_arn` | The relevant task ARN | - |
| `execution_role_arn` | The relevant execution role ARN | - |
| `task_subnet_ids` | The relevant subnet IDs | - |
| `task_security_group_ids` | The relevant security group IDs | - |
| `cli_image` | The Traceable CLI image to be used as a runner | `traceableai/traceable-cli:v2` |
| `traceable_server` | The Traceable server URL to interact with the platform | `api.traceable.ai` |
| `traceable_api_token` | The Traceable platform API token. Navigate to **Your Account** → **My Preferences** → **API Tokens** → **Generate API Token** to generate a token. | - |
| `runner_name` | The runner name | - |
| `runner_log_group` | Log group for storing runner logs. These logs are visible post-stack creation. | - |
6. **Initialize Terraform** — Enter the following command for initialization:

```shell
terraform init
```
7. **Review Setup** — Enter the following command to review the setup:

```shell
terraform plan
```
8. **Apply the Configuration** — Enter the following command to apply the configurations:

```shell
terraform apply
```

Post-configuration, verify the created resources by checking the ECS service, task definition, and runner logs.

![traceable_ast_runner_cf_created](https://cdn.document360.io/24f14f07-13d1-4684-8fae-6d8f811768ee/Images/Documentation/traceable_ast_runner_cf_created.png)