Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/joatmon08/terraform-aws-boundary
Terraform module for deploying a HashiCorp Boundary cluster on AWS. Testing purposes only.
https://github.com/joatmon08/terraform-aws-boundary
boundary hashicorp terraform
Last synced: 2 months ago
JSON representation
Terraform module for deploying a HashiCorp Boundary cluster on AWS. Testing purposes only.
- Host: GitHub
- URL: https://github.com/joatmon08/terraform-aws-boundary
- Owner: joatmon08
- License: mpl-2.0
- Created: 2021-10-27T17:56:06.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2023-12-08T15:21:17.000Z (about 1 year ago)
- Last Synced: 2024-10-04T18:39:50.243Z (3 months ago)
- Topics: boundary, hashicorp, terraform
- Language: HCL
- Homepage: https://registry.terraform.io/modules/joatmon08/boundary/aws/latest
- Size: 61.5 KB
- Stars: 7
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-aws-boundary
A Terraform module to deploy a Boundary cluster on AWS for testing and exploration.
It uses the latest release of
[HashiCorp Boundary](https://www.boundaryproject.io/) available for Linux.It uses AWS KMS and disables TLS. For the exact configuration,
review the controller and worker configuration under
`templates/`.**NOTE:** Use this module for testing purposes only!
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >=1.0 |
| [aws](#requirement\_aws) | >=5.0 |## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 5.15.0 |## Modules
| Name | Source | Version |
|------|--------|---------|
| [iam](#module\_iam) | ./modules/iam | n/a |## Resources
| Name | Type |
|------|------|
| [aws_db_instance.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |
| [aws_db_subnet_group.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |
| [aws_iam_role_policy.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.boundary_host_catalog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_instance.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_instance.worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_kms_key.recovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_kms_key.root](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_kms_key.worker_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
| [aws_lb.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
| [aws_lb_listener.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
| [aws_lb_target_group.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
| [aws_lb_target_group_attachment.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment) | resource |
| [aws_security_group.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.controller_lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.allow_9200](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9200_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9201_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9201_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_9202_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_controller_sg_to_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_egress_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_egress_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_egress_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.allow_ssh_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.lb_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_tags](#input\_additional\_tags) | List of tags for Boundary resources | `map(string)` | `{}` | no |
| [allow\_cidr\_blocks\_to\_api](#input\_allow\_cidr\_blocks\_to\_api) | IP addresses to allow connection to Boundary API | `list(string)` | n/a | yes |
| [allow\_cidr\_blocks\_to\_workers](#input\_allow\_cidr\_blocks\_to\_workers) | IP addresses to allow connection to Boundary workers | `list(string)` | n/a | yes |
| [boundary\_db\_password](#input\_boundary\_db\_password) | Boundary database password | `string` | n/a | yes |
| [boundary\_db\_username](#input\_boundary\_db\_username) | Boundary database username | `string` | `"boundary"` | no |
| [boundary\_sink\_file\_name](#input\_boundary\_sink\_file\_name) | File name for Boundary events sink | `string` | `"audit.log"` | no |
| [boundary\_sink\_file\_path](#input\_boundary\_sink\_file\_path) | File path for Boundary events sink | `string` | `"/var/log/boundary"` | no |
| [datadog\_api\_key](#input\_datadog\_api\_key) | Datadog API Key for audit logging | `string` | `null` | no |
| [enable\_ssh\_to\_controller](#input\_enable\_ssh\_to\_controller) | Enable SSH rule to controller | `bool` | `false` | no |
| [key\_pair\_name](#input\_key\_pair\_name) | Name of AWS key pair for SSH into Boundary instances | `string` | `null` | no |
| [name](#input\_name) | name of resources | `string` | n/a | yes |
| [num\_controllers](#input\_num\_controllers) | Number of controller nodes | `number` | `1` | no |
| [num\_workers](#input\_num\_workers) | Number of worker nodes | `number` | `1` | no |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet ids for Boundary database | `list(string)` | n/a | yes |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet ids for Boundary | `list(string)` | n/a | yes |
| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR block for Boundary cluster | `string` | n/a | yes |
| [vpc\_id](#input\_vpc\_id) | VPC ID to deploy Boundary cluster | `string` | n/a | yes |## Outputs
| Name | Description |
|------|-------------|
| [boundary\_controller](#output\_boundary\_controller) | Boundary controller attributes |
| [boundary\_lb](#output\_boundary\_lb) | DNS name for Boundary load balancer |
| [boundary\_security\_group](#output\_boundary\_security\_group) | Security group for Boundary worker |
| [boundary\_sink\_file](#output\_boundary\_sink\_file) | File path to audit log for Boundary events |
| [kms\_recovery\_key\_id](#output\_kms\_recovery\_key\_id) | AWS KMS ID for recovery |