Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/joatmon08/terraform-aws-boundary

Terraform module for deploying a HashiCorp Boundary cluster on AWS. Testing purposes only.
https://github.com/joatmon08/terraform-aws-boundary

boundary hashicorp terraform

Last synced: 2 months ago
JSON representation

Terraform module for deploying a HashiCorp Boundary cluster on AWS. Testing purposes only.

Awesome Lists containing this project

README

        

# terraform-aws-boundary

A Terraform module to deploy a Boundary cluster on AWS for testing and exploration.
It uses the latest release of
[HashiCorp Boundary](https://www.boundaryproject.io/) available for Linux.

It uses AWS KMS and disables TLS. For the exact configuration,
review the controller and worker configuration under
`templates/`.

**NOTE:** Use this module for testing purposes only!

## Requirements

| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >=1.0 |
| [aws](#requirement\_aws) | >=5.0 |

## Providers

| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 5.15.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| [iam](#module\_iam) | ./modules/iam | n/a |

## Resources

| Name | Type |
|------|------|
| [aws_db_instance.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |
| [aws_db_subnet_group.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
| [aws_iam_role_policy.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.boundary_host_catalog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_instance.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_instance.worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_kms_key.recovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_kms_key.root](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_kms_key.worker_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_lb.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
| [aws_lb_listener.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
| [aws_lb_target_group.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
| [aws_lb_target_group_attachment.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment) | resource |
| [aws_security_group.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.controller_lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.allow_9200](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9200_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9201_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9201_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9202_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_controller_sg_to_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_egress_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_egress_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_egress_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_ssh_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.lb_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_tags](#input\_additional\_tags) | List of tags for Boundary resources | `map(string)` | `{}` | no |
| [allow\_cidr\_blocks\_to\_api](#input\_allow\_cidr\_blocks\_to\_api) | IP addresses to allow connection to Boundary API | `list(string)` | n/a | yes |
| [allow\_cidr\_blocks\_to\_workers](#input\_allow\_cidr\_blocks\_to\_workers) | IP addresses to allow connection to Boundary workers | `list(string)` | n/a | yes |
| [boundary\_db\_password](#input\_boundary\_db\_password) | Boundary database password | `string` | n/a | yes |
| [boundary\_db\_username](#input\_boundary\_db\_username) | Boundary database username | `string` | `"boundary"` | no |
| [boundary\_sink\_file\_name](#input\_boundary\_sink\_file\_name) | File name for Boundary events sink | `string` | `"audit.log"` | no |
| [boundary\_sink\_file\_path](#input\_boundary\_sink\_file\_path) | File path for Boundary events sink | `string` | `"/var/log/boundary"` | no |
| [datadog\_api\_key](#input\_datadog\_api\_key) | Datadog API Key for audit logging | `string` | `null` | no |
| [enable\_ssh\_to\_controller](#input\_enable\_ssh\_to\_controller) | Enable SSH rule to controller | `bool` | `false` | no |
| [key\_pair\_name](#input\_key\_pair\_name) | Name of AWS key pair for SSH into Boundary instances | `string` | `null` | no |
| [name](#input\_name) | name of resources | `string` | n/a | yes |
| [num\_controllers](#input\_num\_controllers) | Number of controller nodes | `number` | `1` | no |
| [num\_workers](#input\_num\_workers) | Number of worker nodes | `number` | `1` | no |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet ids for Boundary database | `list(string)` | n/a | yes |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet ids for Boundary | `list(string)` | n/a | yes |
| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR block for Boundary cluster | `string` | n/a | yes |
| [vpc\_id](#input\_vpc\_id) | VPC ID to deploy Boundary cluster | `string` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| [boundary\_controller](#output\_boundary\_controller) | Boundary controller attributes |
| [boundary\_lb](#output\_boundary\_lb) | DNS name for Boundary load balancer |
| [boundary\_security\_group](#output\_boundary\_security\_group) | Security group for Boundary worker |
| [boundary\_sink\_file](#output\_boundary\_sink\_file) | File path to audit log for Boundary events |
| [kms\_recovery\_key\_id](#output\_kms\_recovery\_key\_id) | AWS KMS ID for recovery |