Skip to main content
Version: 3.9.0

Deploy Resoto to AWS with Cloud Development Kit

We provide a CDK construct to simplify the deployment of Resoto to AWS.

Deprecation notice

The Resoto CDK construct is no longer actively maintained. We recommend running Resoto using Docker.


The Resoto web installer is the easiest way to get a production-grade setup, whereas the CDK construct is a bit more involved but gives you more control over the setup and does not require you to send us your cloud credentials.


Don't want to manage your own Resoto installation? Get started for free with Fix, an all-in-one security dashboard built on top of Resoto.



  1. Run the following commands in the terminal:

    $ git clone
    $ cd resoto-cdk
    $ npm ci
  2. Then, deploy Resoto with the following command:

    $ npm run cdk deploy -- --parameters ResotoTag=3.9.0

    If this is your first CDK deployment, you will need to bootstrap your AWS account. You can do so with the following command:

    $ npm run cdk bootstrap

    It is possible to override the default CloudFormation parameter values:

    $ npm run cdk deploy -- --parameters ResotoTag=3.9.0 --parameters MngInstanceType=r5a.xlarge
    ParameterDescriptionDefault Value
    ResotoTagThe Resoto image tag to use3.9.0
    MngMaxSizeThe maximum number of instances in the k8s managed node group3
    MngMinSizeThe minimum number of instances in the k8s managed node group1
    MngDesiredSizeThe desired number of instances in the k8s managed node group1
    MngInstanceTypeThe instance type of the k8s managed node groupr5a.xlarge
  3. Confirm the deployment. This will trigger CDK to create an EKS cluster and install the Resoto Helm chart.


    The deployment will take approximately 30 minutes. You can follow the progress in the terminal.

    Once deployment is complete, you will see output similar to the following:

    ResotoEKS.ResotoEKSConfigCommandXXXX = aws eks update-kubeconfig ...
    ResotoEKS.ResotoPskSecret = kubectl get secrets ...
    ResotoEKS.ResotoUI =

    Stack ARN:
    • The value of ResotoEKS.ResotoEKSConfigCommandXXXX in Outputs is a command to configure kubectl to connect to the EKS cluster.

      You can check that the connection is working by running the following command:

      $ kubectl get pods -A | grep resotocore
      ​resoto resoto-resotocore-xxx 1/1 Running 0 32m
    • The value of ResotoEKS.ResotoPskSecret in Outputs is a command to retrieve the Resoto PSK.

      $ kubectl get secrets resoto-psk -o jsonpath='{.data.psk}' | base64 -d
    • The value of ResotoEKS.ResotoUI in Outputs is the URL of the Resoto UI.

Contact Us

Have feedback or need help? Don’t be shy—we’d love to hear from you!




Some Engineering Inc.