Terraform module used by HashiCorp Professional Services to bootstrap a Boundary Controller(s). When Boundary is first deployed the database must be initialized before it can be used. During deployment of the Controller, the database is partially initialized. This module completes the initilization using the Boundary Terraform Provider.
The following resources are created:
- Global Scope
- Enable Password authentication
- Global admin role
- Admin user with password
- Terraform CLI
>= 1.9installed on workstations. GitCLI and Visual Studio Code editor installed on workstations are strongly recommended.- Permissions to the Boundary Controller Recovery KMS key in the respective cloud
- (Optional) storage bucket that will solely be used to stand up the Boundary infrastructure via Terraform CLI (Community Edition).
- A Boundary Cluster deployed from one of these three modules:
-
Nested within the examples directory are subdirectories that contain ready-made Terraform configurations of example scenarios for how to call and deploy this module. To get started, choose an example scenario. There is an example per cloud.
📝 Note: The Azure example must be run from the Controller locally, due to an issue with the provider trying to use an internal Azure endpoint that is only accessible from within Azure.
-
Copy all of the Terraform files from your example scenario of choice into a new destination directory to create your root Terraform configuration that will manage your Boundary deployment. If you are not sure where to create this new directory, it is common for us to see users create an
environments/directory at the root of this repo, and then a subdirectory for each Boundary instance deployment, like so:. └── environments ├── production │ ├── backend.tf │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars │ └── variables.tf └── sandbox ├── backend.tf ├── main.tf ├── outputs.tf ├── terraform.tfvars └── variables.tf📝 Note: in this example, the user will have two separate Boundary deployments; one for their
sandboxenvironment, and one for theirproductionenvironment. This is recommended, but not required. -
(Optional) Uncomment and update the applicable backend configuration provided in the
backend.tffile with your own custom values. While this step is highly recommended, it is technically not required to use a remote backend config for your Boundary deployment. -
Populate your own custom values into the
terraform.tfvars.examplefile that was provided, and remove the.examplefile extension such that the file is now namedterraform.tfvars. -
Navigate to the directory of your newly created Terraform configuration for your Boundary Controller deployment, and run
terraform init,terraform plan, andterraform apply. -
After your
terraform applyfinishes successfully, you should now be able to login to the Boundary Cluster using the specified username and password.
This open source software is maintained by the HashiCorp Technical Field Organization, independently of our enterprise products. While our Support Engineering team provides dedicated support for our enterprise offerings, this open source software is not included.
- For help using this open source software, please engage your account team.
- To report bugs/issues with this open source software, please open them directly against this code repository using the GitHub issues feature.
Please note that there is no official Service Level Agreement (SLA) for support of this software as a HashiCorp customer. This software falls under the definition of Community Software/Versions in your Agreement. We appreciate your understanding and collaboration in improving our open source projects.
| Name | Version |
|---|---|
| terraform | >= 1.7 |
| boundary | >= 1.1.15 |
| Name | Version |
|---|---|
| boundary | >= 1.1.15 |
| Name | Type |
|---|---|
| boundary_account_password.ampw_global_admin | resource |
| boundary_auth_method_password.global | resource |
| boundary_role.global_admin | resource |
| boundary_role.global_anon_listing | resource |
| boundary_scope.global | resource |
| boundary_user.ampw_global_admin | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| global_admin_login_name | Global admin login name | string |
n/a | yes |
| global_admin_password | Global admin password | string |
n/a | yes |