Terraform Deployment

The Terraform module provisions AWS infrastructure for the Yuki Proxy. You can deploy into a new dedicated VPC or an existing one.

info

You don't need to run these steps manually - the Yuki onboarding wizard will walk you through each step.

Prerequisites

AWS account with IAM permissions for VPC, EC2, EKS, and IAM roles
Existing EKS cluster (or plan to create one)
Company, Org, and Account GUIDs from your Yuki onboarding

Use the Yuki Terraform Module

module "yuki-proxy" {
  source = "github.com/YukiTechnologies/yuki-proxy-tf?ref=v0.0.29"

  aws = {
    profile = "default"
    region  = "us-east-1"
  }

  vpc_config = {
    name            = "yuki-proxy"
    azs             = ["us-east-1a", "us-east-1b"]
    cidr            = "10.30.0.0/16"
    private_subnets = ["10.30.64.0/19", "10.30.96.0/19"]
    public_subnets  = ["10.30.0.0/19", "10.30.32.0/19"]
  }

  create_vpc_peering = false

  public_domain = {
    name            = "snowflake-locator.company-domain.com"
    route53_zone_id = "Z0123456789ABCDE"
    certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/abcd1234"
  }

  eks_cluster_name = "acme-yuki-proxy"
  container_image  = "<...>.amazonaws.com/yuki-proxy:0.0.1"

  proxy_environment_variables = {
    PROXY_HOST   = "https://snowflake-locator.snowflakecomputing.com"
    COMPUTE_HOST = <COMPUTE>
    SYSTEM_HOST  = <SYSTEM_HOST>
    COMPANY_GUID = <COMPANY_GUID>
    ORG_GUID     = <ORG_GUID>
    ACCOUNT_GUID = <ACCOUNT_GUID>
  }
}

Deploy

terraform init
terraform apply

Upgrade

terraform plan
terraform apply -auto-approve

Best Practices

Store Terraform state securely with an S3 backend and DynamoDB locking
Manage secrets via environment variables, not version control
Use CI/CD pipelines for controlled deployments
Back up state before major changes

Next Step

Proceed to Update Connection Strings to route your tools through the proxy.

Prerequisites​

Use the Yuki Terraform Module​

Deploy​

Upgrade​

Best Practices​

Next Step​