Skip to main content
The Terraform stack provisions all AWS infrastructure and bootstraps Greptile automatically.

​
What Gets Created

ResourcePurpose
VPCPrivate network with public/private subnets
EC2Server running Docker Compose
RDS PostgreSQLApplication database with pgvector
ElastiCache RedisCaching layer
S3 BucketSecrets storage
Security GroupsNetwork access control
IAM RolesService permissions

​
Prerequisites

Your AWS user/role needs permissions for:
  • EC2 (instances, security groups, key pairs)
  • RDS (instances, subnet groups, parameter groups)
  • ElastiCache (clusters, subnet groups)
  • VPC (VPCs, subnets, route tables, NAT gateways, internet gateways)
  • S3 (buckets, objects)
  • IAM (roles, policies, instance profiles)
  • Container registry credentials (CONTAINER_REGISTRY, GREPTILE_TAG)
  • License (contact [email protected])
Create a GitHub App with:
  • Webhook URL: http://<EC2_IP>:3007/webhook (update after deployment)
  • Permissions: Contents (read), Pull requests (read/write), Issues (read/write)
  • Events: Pull request, Push, Issue comment
You’ll need: App ID, Client ID, Client Secret, Private Key, Webhook Secret
API keys for at least one provider:

​
Setup

1

Clone the repository

git clone https://github.com/greptileai/akupara.git
cd akupara/terraform/stacks/aws-ec2
2

Create configuration file

cp terraform.tfvars.example terraform.tfvars
3

Edit terraform.tfvars

# AWS
aws_region  = "us-east-1"
aws_profile = "default"
app_name    = "greptile"

# GitHub App
github_client_id      = "Iv1.xxx"
github_client_secret  = "xxx"
github_webhook_secret = "xxx"
github_private_key    = <<-EOT
-----BEGIN RSA PRIVATE KEY-----
...your private key...
-----END RSA PRIVATE KEY-----
EOT

# LLM (set the ones you use)
openai_api_key    = "sk-..."
anthropic_api_key = "sk-ant-..."
See terraform.tfvars.example for all options.
4

Initialize and deploy

terraform init
terraform plan    # Review what will be created
terraform apply   # Type 'yes' to confirm
Deployment takes 10-15 minutes.
5

Get the URL

terraform output greptile_url
Update your GitHub App webhook URL to http://<EC2_IP>:3007/webhook.

​
Access

ServiceURL
Web UIhttp://<EC2_IP>:3000
Hatchet Adminhttp://<EC2_IP>:8080

​
Configuration

Modify ec2_instance_type in terraform.tfvars:
Team SizeInstancevCPURAM
5-10 devst3.xlarge416GB
~50 devsm5.2xlarge832GB
100 devsm5.8xlarge32128GB
ec2_instance_type = "m5.2xlarge"
Modify db_instance_class:
db_instance_class = "db.r5.large"   # Default
db_instance_class = "db.r5.xlarge"  # Larger teams

vpc_cidr = "10.0.0.0/16"  # Default
To enable SSH access:
key_name = "your-ec2-keypair-name"

​
Operations

ssh -i your-key.pem ec2-user@<EC2_IP>
cd /opt/greptile

ssh ec2-user@<EC2_IP>
cd /opt/greptile
docker compose logs -f              # All services
docker compose logs -f greptile-api # Specific service

ssh ec2-user@<EC2_IP>
cd /opt/greptile
docker compose pull
docker compose up -d

docker compose ps
sudo systemctl status greptile-app

​
Destroy

To remove all infrastructure: 
terraform destroy
This deletes everything including the database. Export data first if needed.

​
Troubleshooting

  • Verify security group allows inbound on ports 3000, 3007, 8080
  • Check EC2 is in public subnet with internet gateway
  • Confirm EC2 instance is running: aws ec2 describe-instances
SSH in and check:
sudo journalctl -u greptile-app -f
docker compose ps
docker compose logs
  • Verify RDS security group allows traffic from EC2 security group
  • Check RDS instance is available: aws rds describe-db-instances
  • Update GitHub App webhook URL to http://<EC2_IP>:3007/webhook
  • Check security group allows inbound on port 3007
  • Verify webhook secret matches github_webhook_secret in tfvars

​
Resources