{"id":15176559,"url":"https://github.com/felipelaptrin/iac-private-resources","last_synced_at":"2026-01-23T05:35:50.794Z","repository":{"id":253409896,"uuid":"843400135","full_name":"felipelaptrin/iac-private-resources","owner":"felipelaptrin","description":"A demo for my blog post about how to configure private resources with Terraform when the resource is private","archived":false,"fork":false,"pushed_at":"2024-08-18T16:01:19.000Z","size":176,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-13T21:49:22.421Z","etag":null,"topics":["blog","devbox","githubactions","opentofu","terraform","vultr"],"latest_commit_sha":null,"homepage":"https://felipetrindade.com/iac-private-resources","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/felipelaptrin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-08-16T12:36:39.000Z","updated_at":"2025-03-26T14:40:09.000Z","dependencies_parsed_at":"2025-05-13T21:41:13.770Z","dependency_job_id":"ea006bfc-1a81-49a7-ba2b-02b8a6fba6ef","html_url":"https://github.com/felipelaptrin/iac-private-resources","commit_stats":null,"previous_names":["felipelaptrin/iac-private-resources"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/felipelaptrin/iac-private-resources","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fiac-private-resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fiac-private-resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fiac-private-resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fiac-private-resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/felipelaptrin","download_url":"https://codeload.github.com/felipelaptrin/iac-private-resources/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felipelaptrin%2Fiac-private-resources/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28680946,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T04:33:33.518Z","status":"ssl_error","status_checked_at":"2026-01-23T04:33:30.433Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blog","devbox","githubactions","opentofu","terraform","vultr"],"created_at":"2024-09-27T13:21:24.054Z","updated_at":"2026-01-23T05:35:50.790Z","avatar_url":"https://github.com/felipelaptrin.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# iac-private-resources\n\nThis is a git repository to serve as a demo of my [Using IaC to configure private resources](https://felipetrindade.com/iac-private-resources) blog post. If you want to understand in depth what this is about I highly recommend checking the blog post.\n\nThe goal of this project is to present two ways of configuring private resources. First, let's define what I mean by private resources. Private resources are resources that are not accessible directly via the internet, i.e. are resources that are contained in a private network. When I say \"resources\" I'm talking about terraform resources that provision a configuration for applications/services. A good example is a DB/User in a database (which is typically deployed in a private network and can't be accessed directly), but it could have been a configuration for [Harbor](https://registry.terraform.io/providers/goharbor/harbor/latest), [Keycloak](https://registry.terraform.io/providers/mrparkers/keycloak/latest) or any other service that can be configured. For this demo we want to create a DB in a database service.\n\nFor this demo, I will use [Opentofu](https://opentofu.org/): the open-source version of Terraform.\n\n## Demo\n\nThere is nothing to do in terms of manual actions since there is a GitHub Actions workflow for creating the resources in [Vultr](https://www.vultr.com/) cloud. You could have use any other cloud for this, I'm using Vultr because it's cheap, easy to use and great for small projects, but I usually use AWS.\n\nTwo options will be presented to configure a private resource:\n- **SSH-proxy**: A bastion host (public instance that developers have access) to serve as a proxy to access internal/private resources in the cloud network.\n\n![The image illustrates a secure architecture where an SSH proxy connects GitHub to a database within a private network via a Bastion host.](./docs/ssh-proxy.png)\n\n\n- **Self-hosted**: Instead of using the bastion as a proxy, the entire CI/CD can be deployed inside the private network, this is called self-hosted.\n\n![The image illustrates a secure setup where a GitHub Runner within a private network uses long polling to communicate with GitHub over the internet, accessing a database within the same network.](./docs/self-hosted.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelipelaptrin%2Fiac-private-resources","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffelipelaptrin%2Fiac-private-resources","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelipelaptrin%2Fiac-private-resources/lists"}