An open API service indexing awesome lists of open source software.

https://github.com/michelderu/astra-aws-privatelink

Terraform setup for using DataStax Astra DB with AWS through Private Link
https://github.com/michelderu/astra-aws-privatelink

Last synced: 3 months ago
JSON representation

Terraform setup for using DataStax Astra DB with AWS through Private Link

Awesome Lists containing this project

README

        

# DataStax Astra through Terraform
This guide aims to simplify the creation of an Astra database using Terraform while using an AWS Private Link setup.

## Run terraform to create the Astra database
This Terraform script wil set up:
- An Astra database
- A Service Account on the database
- A Private Link resource

Make sure to check the variables in `astra-database/variables.tf` before running Terraform and modify accordingly. These are the variables required:
- Database name
- Initial keyspace
- Cloud provider and region
- The allowed AWS Principal for configuring the Private Link Endpoint

Before running Terraform, set your Application Token from the Astra DB Dashoard:
```sh
export ASTRA_API_TOKEN=
```

To run Terraform in order to create the database:
```sh
cd astra-database
terraform init
teraform plan
terraform apply
```

Upon succesful completion, Terraform will output the following variables for your convenience:
- Astra Database ID
- Astra Organization ID
- Secure Connect Bundle URL so it can be downloaded
- Service Account (Client ID, Client Secret and Token)
- Private Service Name

# Link your Astra DB to AWS using Private Link
In this step, you'll set up the Private Endpoint on AWS and link it to Astra.

For reference, have a look at the awesome video: https://www.youtube.com/watch?v=xJfmgO8TGek

## Set up the endpoint
1. Create a new endpoint
2. Search for the private service name (take this from the output from Terraform above)
3. Make sure to select the correct VPC ID for the service that needs access to Astra
4. Select the security group that is configured for port numbers 29000-32000

Upon succesful creation, you'll be provided with the Endpoint ID. At this point in time the endpoint is pending acceptance. This means the Astra Private Service has to connect to the AWS Private Endpoint.

## Set up routing
1. Create hosted zone
2. Set the domain name (take this from the host field in the config.json file in the Secure Connect Bundle)
3. Select Private Hosted Zone, select the correct region and the VPC ID from above.

### Add a DNS record
1. Click create record
2. Record name will be *
3. Record type will be CNAM
4. Value will be the complete host field in the config.json file in the Secure Connect Bundle

# Now finalize the Astra configuration
At this point you can finalize the Astra configuration by accepting the Private Endpoint and restricting public access.

## Run Terraform
This Terraform script wil set up:
- Accept and connect to the Private Endpoint

Make sure to check the variables in `astra-database/variables.tf` before running Terraform and modify accordingly. These are the variables required:
- Database name
- The AWS Private Endpoint ID from above

Before running Terraform, set your Application Token from the Astra DB Dashoard:
```sh
export ASTRA_API_TOKEN=
```

To run Terraform in order to create the database:
```sh
cd astra-database
terraform init
teraform plan
terraform apply
```

# Just for Reference

## Get the latest aws cli
```sh
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
```

## Configure your aws cli
```sh
aws configure
```
The following information is needed:
### AWS Access Key ID and Secret Access Key
Create a new user at https://console.aws.amazon.com/iam and note the Access Key ID and Secret Access Key
### Region and output format
In my case I'll use `eu-central-1` and `json`