{"id":25575548,"url":"https://github.com/cruxstack/terraform-aws-network-protocol-proxy","last_synced_at":"2026-03-26T12:30:17.500Z","repository":{"id":277040424,"uuid":"930282547","full_name":"cruxstack/terraform-aws-network-protocol-proxy","owner":"cruxstack","description":"Terraform Module to deploy haproxy-based network proxy to expose private resource to externally to consumers such as vendors.","archived":false,"fork":false,"pushed_at":"2025-02-20T14:50:53.000Z","size":14,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-20T15:40:24.722Z","etag":null,"topics":["aws","aws-ec2","cloudposse","cluster","database-access","haprox","high-availability","infrastructure","sweetops","tcp","terraform","udp"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/cruxstack/network-protocol-proxy/aws/latest","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cruxstack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-10T11:35:20.000Z","updated_at":"2025-02-20T14:50:41.000Z","dependencies_parsed_at":"2025-02-11T20:41:00.926Z","dependency_job_id":null,"html_url":"https://github.com/cruxstack/terraform-aws-network-protocol-proxy","commit_stats":null,"previous_names":["cruxstack/terraform-aws-network-protocol-proxy"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-network-protocol-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-network-protocol-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-network-protocol-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cruxstack%2Fterraform-aws-network-protocol-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cruxstack","download_url":"https://codeload.github.com/cruxstack/terraform-aws-network-protocol-proxy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239946907,"owners_count":19723014,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-ec2","cloudposse","cluster","database-access","haprox","high-availability","infrastructure","sweetops","tcp","terraform","udp"],"created_at":"2025-02-21T02:37:46.160Z","updated_at":"2026-03-26T12:30:17.463Z","avatar_url":"https://github.com/cruxstack.png","language":"HCL","readme":"# terraform-aws-network-protocol-proxy\n\nThis terraform module provisions a simple, scalable tcp proxy based on haproxy.\nIt deploys an EC2 autoscaling group behind a network load balancer (NLB), sets\nup cloudwatch logging, optionally configures a vpc endpoint service, and\nprovides a configurable way to forward tcp traffic to any specified backend\ntarget.\n\n## how it works\n\n- an ec2 autoscaling group is created, each instance running haproxy\n- a network load balancer routes incoming traffic on tcp ports you define\n- haproxy listens on the same ports and forwards traffic to your backend\n  target(s)\n- security group rules are created to allow ingress on the listener port from\n  allowed cidrs\n- optional vpc endpoint service can be created if you need a private service endpoint\n\n## usage\n\n```hcl\nmodule \"network_protocol_proxy\" {\n  source  = \"cruxstack/network-protocol-proxy/aws\"\n  version = \"x.x.x\"\n\n  name                   = \"database-proxy\"\n  vpc_id                 = \"vpc-1234567890abcdef\"\n  vpc_public_subnet_ids  = [\"subnet-1234abcd\", \"subnet-5678efgh\"]\n  vpc_private_subnet_ids = [\"subnet-4321abcd\", \"subnet-8765efgh\"]\n\n  proxies = {\n    default = {\n      target                 = \"10.0.1.10:5432\"\n      listener_port          = 10432\n      listener_allowed_cidrs = [\n        {\n          cidr        = \"0.0.0.0/0\"\n          description = \"allow all inbound for testing\"\n        }\n      ]\n    }\n  }\n}\n```\n\n## inputs\n\n| name                     | type         | default | description                                                  |\n|--------------------------|--------------|---------|--------------------------------------------------------------|\n| `enabled`                | bool         | `true`  | enable or disable the module                                 |\n| `proxies`                | object(...)  | n/a     | configuration for one or more haproxy proxies                |\n| `capacity`               | object(...)  | `{}`    | autoscaling desired, min, max settings                       |\n| `logs_bucket_name`       | string       | `\"\"`    | s3 bucket name for logs                                      |\n| `ssm_sessions`           | object(...)  | `{}`    | enable session manager logging                               |\n| `public_accessible`      | bool         | `false` | set to true to place the nlb in public subnets               |\n| `eip_allocation_ids`     | list(string) | `[]`    | list of eip allocation ids for the nlb                       |\n| `vpc_id`                 | string       | n/a     | id of the vpc                                                |\n| `vpc_private_subnet_ids` | list(string) | `[]`    | list of private subnet ids                                   |\n| `vpc_public_subnet_ids`  | list(string) | `[]`    | list of public subnet ids                                    |\n| `vpc_security_group_ids` | list(string) | `[]`    | additional security group ids to attach to the instances     |\n| `vpc_endpoint_service`   | object(...)  | `{}`    | configuration for optionally creating a vpc endpoint service |\n| `aws_account_id`         | string       | n/a     | your aws account id                                          |\n| `aws_kv_namespace`       | string       | n/a     | your aws k/v namespace                                       |\n| `aws_region_name`        | string       | n/a     | the aws region                                               |\n| `experimental_mode`      | bool         | n/a     | toggles extra debug or development settings                  |\n\n## outputs\n\n| name            | description                          |\n|-----------------|--------------------------------------|\n| `nlb_dns_name`  | the dns name of the network lb (nlb) |\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Fterraform-aws-network-protocol-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcruxstack%2Fterraform-aws-network-protocol-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcruxstack%2Fterraform-aws-network-protocol-proxy/lists"}