Skip to main content
Before deploying Shipyard infrastructure, ensure you have the following tools installed and accounts configured.

Required Tools

AWS CLI

The AWS Command Line Interface is required for authenticating with AWS and configuring kubectl access to EKS. 
brew install awscli
Configure your AWS credentials: 
aws configure
You’ll need to provide:
  • AWS Access Key ID
  • AWS Secret Access Key
  • Default region (e.g., us-east-2)
  • Default output format (e.g., json)

Terraform

Terraform version 1.0 or higher is required. 
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
Verify installation: 
terraform version

kubectl

Kubernetes command-line tool for interacting with the EKS cluster. 
brew install kubectl
Verify installation: 
kubectl version --client

Helm

Kubernetes package manager used by Terraform to deploy applications. 
brew install helm
Verify installation: 
helm version

Required Accounts

AWS Account

You need an AWS account with permissions to create:
  • VPC and networking resources
  • EKS clusters
  • EC2 instances
  • IAM roles and policies
  • KMS keys
  • DynamoDB tables
  • S3 buckets
Ensure your IAM user or role has AdministratorAccess or equivalent permissions for provisioning infrastructure.

Tailscale Account

Tailscale provides secure VPN access to your private infrastructure.
  1. Create a free account at tailscale.com
  2. Install Tailscale on your local machine
  3. You’ll need admin access to create auth keys and configure ACLs
Tailscale is required for accessing the EKS cluster API, Vault, and other private services. Without it, you won’t be able to manage your infrastructure.

Cloudflare Account

Cloudflare manages DNS records for your services.
  1. Create an account at cloudflare.com
  2. Add your domain to Cloudflare
  3. Create an API token with the following permissions:
    • Zone:DNS:Edit
    • Zone:Zone:Read

GitHub Account (for ArgoCD)

Required for ArgoCD ApplicationSets to discover Helm charts.
  1. Create a GitHub App with repository access
  2. Note down:
    • App ID
    • Installation ID
    • Private key (download as PEM file)

Environment Variables

Create a .env file based on the example: 
cp .env.example .env
Edit the .env file with your values: 
# Tailscale (create at https://login.tailscale.com/admin/settings/keys)
export TF_VAR_tailscale_auth_key="tskey-auth-xxxxxxxxxxxxx"

# Cloudflare
export TF_VAR_cloudflare_api_token="your-cloudflare-api-token"

# GitHub App (for ArgoCD ApplicationSet)
export TF_VAR_github_owner="myorg"
export TF_VAR_github_helm_charts_repo="helm-charts"
export TF_VAR_github_app_id="123456"
export TF_VAR_github_app_installation_id="12345678"
export TF_VAR_github_app_private_key_file="~/.github/github-app.pem"
AWS credentials are configured via aws configure and are not included in the .env file.Vault credentials are auto-generated during the platform layer deployment.

Verification Checklist

Before proceeding, verify:
  • AWS CLI installed and configured
  • Terraform >= 1.0 installed
  • kubectl installed
  • Helm installed
  • Tailscale account created with admin access
  • Cloudflare account with API token
  • GitHub App created (for ArgoCD)
  • .env file configured with all required variables

Next Steps

Bootstrap

Initialize Terraform state backend

Build docs developers (and LLMs) love

Get started for freeTalk to us