https://github.com/terraform-ibm-modules/terraform-teleport-deployment
This module allows users to Teleport VSI on existing subnets using a new or existing App ID instance.
https://github.com/terraform-ibm-modules/terraform-teleport-deployment
Last synced: 6 months ago
JSON representation
This module allows users to Teleport VSI on existing subnets using a new or existing App ID instance.
- Host: GitHub
- URL: https://github.com/terraform-ibm-modules/terraform-teleport-deployment
- Owner: terraform-ibm-modules
- Created: 2022-08-03T16:36:20.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-11-14T04:37:06.000Z (over 2 years ago)
- Last Synced: 2023-08-08T14:38:26.383Z (almost 2 years ago)
- Language: HCL
- Size: 12.7 KB
- Stars: 0
- Watchers: 13
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ICSE Teleport Deployment Module
This module allows users to Teleport VSI on existing subnets using a new or existing App ID instance.
---
## Table of Contents
1. [Prerequisites](#prerequisites)
2. [Cloud Service Resources](#cloud-service-resources)
3. [Virtual Servers](#virtual-servers)
4. [Module Variables](#module-variables)
5. [Module Outputs](#module-outputs)
---
## Prerequisites
- Object Storage Instance
- VPC with Subnets
- VPC SSH Key
- (Optional) An existing App ID instance.
---
## Cloud Service Resources
The following cloud resources are created using this module:
- An App ID instance if one has not already been created
- An Object Sorage bucket for use by the virtual servers
- A resource key to allow teleport to use the Object Storage instance
- A resource key for App ID to allow teleport to communicate with App ID
- App ID redirect URLs for each teleport instance
---
## Virtual Servers
This module uses the [ICSE VSI Deployment Module](https://github.com/Cloud-Schematics/icse-vsi-deployment) to create the Teleport VSI.
---
## Module Variables
Name | Type | Description | Sensitive | Default
-------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------- | ------------------------------------------------------------------------------------------------------
region | string | The region to which to deploy the VPC | |
prefix | string | The prefix that you would like to prepend to your resources | |
tags | list(string) | List of Tags for the resource created | | null
resource_group_id | string | Resource group ID for App ID instance | | null
appid_use_data | bool | Get App ID information from data. | | false
appid_name | string | App ID name. Use only if `use_data` is true. | | null
appid_resource_group_id | string | App ID resource group. Use only if `use_data` is true. | | null
cos_suffix | string | Random suffix appended to cos buckets | |
cos_id | string | ID of the COS instance where a bucket will be created | |
bucket_encryption_key_id | string | ID of the encryption key to use for the teleport cos bucket | | null
bucket_config | object({ name = string storage_class = string endpoint_type = string force_delete = bool single_site_location = optional(string) region_location = optional(string) cross_region_location = optional(string) allowed_ip = optional(list(string)) hard_quota = optional(number) archive_rule = optional(object({ days = number enable = bool rule_id = optional(string) type = string })) activity_tracking = optional(object({ activity_tracker_crn = string read_data_events = bool write_data_events = bool })) metrics_monitoring = optional(object({ metrics_monitoring_crn = string request_metrics_enabled = optional(bool) usage_metrics_enabled = optional(bool) })) }) | Configuration for teleport object storage bucket | | { name = "teleport-bucket" storage_class = "standard" force_delete = "true" endpoint_type = "public" }
vpc_id | string | ID of the VPC where VSI will be provisioned | |
subnet_zone_list | list( object({ name = string id = string zone = string cidr = string }) ) | List of subnets where the VSI deployment primary network interfaces will be created. This is intended to be an output from the ICSE Subnet Module or templates using it. | |
ssh_key_ids | list(string) | List of SSH Key Ids. At least one SSH key must be provided | |
profile | string | Machine type for Teleport VSI instances. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles. | | cx2-4x8
image_name | string | Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images. | | ibm-ubuntu-18-04-6-minimal-amd64-2
primary_security_group_ids | list(string) | (Optional) List of security group ids to add to the primary network interface of each virtual server. Using an empty list will assign the default VPC security group. | | null
primary_interface_security_group | object({ create = bool rules = list( object({ name = string direction = string remote = string tcp = optional( object({ port_max = number port_min = number }) ) udp = optional( object({ port_max = number port_min = number }) ) icmp = optional( object({ type = number code = number }) ) }) ) }) | Object describing a security group to create for the primary interface, | | { create = false rules = []
boot_volume_encryption_key | string | (Optional) Boot volume encryption key to use for each server in the deployment. | | null
add_floating_ip | bool | Add a floating IP to the primary network interface for each server in the deployment. | | false
teleport_license | string | The contents of the PEM license file | | null
https_cert | string | The https certificate used by bastion host for teleport | | null
https_key | string | The https private key used by bastion host for teleport | | null }
teleport_hostname | string | The name of the instance or bastion host | | null
teleport_domain | string | The domain of the bastion host | | null
teleport_version | string | Version of Teleport Enterprise to use | | 7.1.0
message_of_the_day | string | Banner message that is exposed to the user at authentication time | | null
claims_to_roles | list( object({ email = string roles = list(string) }) ) | A list of maps that contain the user email and the role you want to associate with them | | []
---
## Module Outputs
Name | Description
------------------- | ----------------------------------------------------------------------------------------
appid_guid | App ID GUID
appid_crn | App ID CRN
appid_redirect_urls | List of App ID redirect URLs
virtual_servers | List of VSI IDs, Names, Primary IPV4 addresses, floating IPs, and secondary floating IPs