Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/joatmon08/terraform-aws-boundary

Terraform module for deploying a HashiCorp Boundary cluster on AWS. Testing purposes only.
https://github.com/joatmon08/terraform-aws-boundary

boundary hashicorp terraform

Last synced: 15 days ago
JSON representation

Terraform module for deploying a HashiCorp Boundary cluster on AWS. Testing purposes only.

Host: GitHub
URL: https://github.com/joatmon08/terraform-aws-boundary
Owner: joatmon08
License: mpl-2.0
Created: 2021-10-27T17:56:06.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2023-12-08T15:21:17.000Z (11 months ago)
Last Synced: 2024-10-04T18:39:50.243Z (about 1 month ago)
Topics: boundary, hashicorp, terraform
Language: HCL
Homepage: https://registry.terraform.io/modules/joatmon08/boundary/aws/latest
Size: 61.5 KB
Stars: 7
Watchers: 2
Forks: 5
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # terraform-aws-boundary

A Terraform module to deploy a Boundary cluster on AWS for testing and exploration.

It uses the latest release of

[HashiCorp Boundary](https://www.boundaryproject.io/) available for Linux.

It uses AWS KMS and disables TLS. For the exact configuration,

review the controller and worker configuration under

`templates/`.

**NOTE:** Use this module for testing purposes only!

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >=1.0 |

|  [aws](#requirement\_aws) | >=5.0 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | 5.15.0 |

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [iam](#module\_iam) | ./modules/iam | n/a |

## Resources

| Name | Type |

|------|------|

| [aws_db_instance.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance) | resource |

| [aws_db_subnet_group.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_subnet_group) | resource |

| [aws_iam_role_policy.boundary](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |

| [aws_iam_role_policy.boundary_host_catalog](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |

| [aws_instance.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |

| [aws_instance.worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |

| [aws_kms_key.recovery](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |

| [aws_kms_key.root](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |

| [aws_kms_key.worker_auth](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |

| [aws_lb.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |

| [aws_lb_listener.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |

| [aws_lb_target_group.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |

| [aws_lb_target_group_attachment.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment) | resource |

| [aws_security_group.controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_security_group.controller_lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_security_group.db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_security_group.worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_security_group_rule.allow_9200](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_9200_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_9201_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_9201_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_9202_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_controller_sg_to_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_egress_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_egress_db](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_egress_worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.allow_ssh_controller](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_security_group_rule.lb_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [additional\_tags](#input\_additional\_tags) | List of tags for Boundary resources | `map(string)` | `{}` | no |

|  [allow\_cidr\_blocks\_to\_api](#input\_allow\_cidr\_blocks\_to\_api) | IP addresses to allow connection to Boundary API | `list(string)` | n/a | yes |

|  [allow\_cidr\_blocks\_to\_workers](#input\_allow\_cidr\_blocks\_to\_workers) | IP addresses to allow connection to Boundary workers | `list(string)` | n/a | yes |

|  [boundary\_db\_password](#input\_boundary\_db\_password) | Boundary database password | `string` | n/a | yes |

|  [boundary\_db\_username](#input\_boundary\_db\_username) | Boundary database username | `string` | `"boundary"` | no |

|  [boundary\_sink\_file\_name](#input\_boundary\_sink\_file\_name) | File name for Boundary events sink | `string` | `"audit.log"` | no |

|  [boundary\_sink\_file\_path](#input\_boundary\_sink\_file\_path) | File path for Boundary events sink | `string` | `"/var/log/boundary"` | no |

|  [datadog\_api\_key](#input\_datadog\_api\_key) | Datadog API Key for audit logging | `string` | `null` | no |

|  [enable\_ssh\_to\_controller](#input\_enable\_ssh\_to\_controller) | Enable SSH rule to controller | `bool` | `false` | no |

|  [key\_pair\_name](#input\_key\_pair\_name) | Name of AWS key pair for SSH into Boundary instances | `string` | `null` | no |

|  [name](#input\_name) | name of resources | `string` | n/a | yes |

|  [num\_controllers](#input\_num\_controllers) | Number of controller nodes | `number` | `1` | no |

|  [num\_workers](#input\_num\_workers) | Number of worker nodes | `number` | `1` | no |

|  [private\_subnet\_ids](#input\_private\_subnet\_ids) | List of private subnet ids for Boundary database | `list(string)` | n/a | yes |

|  [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet ids for Boundary | `list(string)` | n/a | yes |

|  [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | VPC CIDR block for Boundary cluster | `string` | n/a | yes |

|  [vpc\_id](#input\_vpc\_id) | VPC ID to deploy Boundary cluster | `string` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [boundary\_controller](#output\_boundary\_controller) | Boundary controller attributes |

|  [boundary\_lb](#output\_boundary\_lb) | DNS name for Boundary load balancer |

|  [boundary\_security\_group](#output\_boundary\_security\_group) | Security group for Boundary worker |

|  [boundary\_sink\_file](#output\_boundary\_sink\_file) | File path to audit log for Boundary events |

|  [kms\_recovery\_key\_id](#output\_kms\_recovery\_key\_id) | AWS KMS ID for recovery |