Skip to main content

Overview

Use this guide to provision baseline AWS infrastructure for CrewAI Platform with Terraform, then continue with Helm installation.
Request the Terraform files from the CrewAI Factory Engineering team before following this guide.
This flow aligns with the AWS Terraform example in the installer and covers:
  • Amazon EKS cluster
  • Aurora PostgreSQL
  • S3 buckets for platform data and logs
  • ECR repository for crew image builds
  • Cluster add-ons required by the platform

Prerequisites

  • Terraform >= 1.13.4
  • AWS CLI configured for the target account and region
  • kubectl and Helm installed
  • AWS permissions to create networking, EKS, RDS, IAM, S3, ECR, and Secrets Manager resources

Step 1: Configure Terraform State

From your crewai-installer checkout, open terraform/examples/aws/main.tf. The example uses an S3 backend for remote state: 
backend "s3" {
  bucket  = "YOUR-UNIQUE-STATE-BUCKET-NAME"
  key     = "crewai/terraform.tfstate"
  region  = "us-east-1"
  encrypt = true
}
  • Create the state bucket before running terraform init.
  • For temporary testing only, you can comment out the backend block and use local state.

Step 2: Configure Variables

cd terraform/examples/aws
cp terraform.tfvars.example terraform.tfvars
Update at least:
  • region
  • environment
  • s3_data_bucket_name (globally unique)
  • s3_logs_bucket_name (globally unique)
The example also auto-detects:
  • The IAM identity running Terraform
  • The public IP running Terraform (added to cluster access CIDRs)
You can still provide additional values with:
  • admin_iam_principals
  • cluster_endpoint_public_access_cidrs

Step 3: Apply Infrastructure

terraform init
terraform plan
terraform apply
When apply finishes, configure kubectl using the Terraform output command: 
terraform output configure_kubectl_command

Step 4: Map Terraform Outputs to Helm Values

Use Terraform outputs to populate your my-values.yaml for chart install:
  • database_endpoint -> envVars.DB_HOST
  • s3_data_bucket -> envVars.AWS_BUCKET
  • ecr_repository_url -> envVars.CREW_IMAGE_REGISTRY_OVERRIDE
You still need to set application-specific values such as:
  • envVars.APPLICATION_HOST
  • ingress class and TLS settings
  • authentication provider settings
Continue with the Installation Guide.

Step 5: Destroy Safely (When Needed)

Before terraform destroy, delete Kubernetes Ingress resources managed by AWS Load Balancer Controller. If Ingress resources remain, destroy can hang while AWS load balancer dependencies are still attached.

Troubleshooting Notes

  • If terraform init fails, confirm your backend bucket exists and backend values are correct.
  • If kubectl cannot reach the cluster API, verify your public IP is authorized.
  • If chart deployment cannot push crew images, verify envVars.CREW_IMAGE_REGISTRY_OVERRIDE points to a writable ECR registry.

Next Steps