terraform-aws-boundary

A Terraform module to deploy a Boundary cluster on AWS for testing and exploration. It uses the latest release of HashiCorp Boundary available for Linux.

It uses AWS KMS and disables TLS. For the exact configuration, review the controller and worker configuration under templates/.

NOTE: Use this module for testing purposes only!

Requirements

Name	Version
terraform	>=1.0
aws	>=5.0

Providers

Name	Version
aws	5.15.0

Modules

Name	Source	Version
iam	./modules/iam	n/a

Resources

Name	Type
aws_db_instance.boundary	resource
aws_db_subnet_group.boundary	resource
aws_iam_role_policy.boundary	resource
aws_iam_role_policy.boundary_host_catalog	resource
aws_instance.controller	resource
aws_instance.worker	resource
aws_kms_key.recovery	resource
aws_kms_key.root	resource
aws_kms_key.worker_auth	resource
aws_lb.controller	resource
aws_lb_listener.controller	resource
aws_lb_target_group.controller	resource
aws_lb_target_group_attachment.controller	resource
aws_security_group.controller	resource
aws_security_group.controller_lb	resource
aws_security_group.db	resource
aws_security_group.worker	resource
aws_security_group_rule.allow_9200	resource
aws_security_group_rule.allow_9200_controller	resource
aws_security_group_rule.allow_9201_controller	resource
aws_security_group_rule.allow_9201_worker	resource
aws_security_group_rule.allow_9202_worker	resource
aws_security_group_rule.allow_controller_sg_to_db	resource
aws_security_group_rule.allow_egress_controller	resource
aws_security_group_rule.allow_egress_db	resource
aws_security_group_rule.allow_egress_worker	resource
aws_security_group_rule.allow_ssh_controller	resource
aws_security_group_rule.lb_egress	resource
aws_ami.ubuntu	data source

Inputs

Name	Description	Type	Default	Required
additional_tags	List of tags for Boundary resources	`map(string)`	`{}`	no
allow_cidr_blocks_to_api	IP addresses to allow connection to Boundary API	`list(string)`	n/a	yes
allow_cidr_blocks_to_workers	IP addresses to allow connection to Boundary workers	`list(string)`	n/a	yes
boundary_db_password	Boundary database password	`string`	n/a	yes
boundary_db_username	Boundary database username	`string`	`"boundary"`	no
boundary_sink_file_name	File name for Boundary events sink	`string`	`"audit.log"`	no
boundary_sink_file_path	File path for Boundary events sink	`string`	`"/var/log/boundary"`	no
datadog_api_key	Datadog API Key for audit logging	`string`	`null`	no
enable_ssh_to_controller	Enable SSH rule to controller	`bool`	`false`	no
key_pair_name	Name of AWS key pair for SSH into Boundary instances	`string`	`null`	no
name	name of resources	`string`	n/a	yes
num_controllers	Number of controller nodes	`number`	`1`	no
num_workers	Number of worker nodes	`number`	`1`	no
private_subnet_ids	List of private subnet ids for Boundary database	`list(string)`	n/a	yes
public_subnet_ids	List of public subnet ids for Boundary	`list(string)`	n/a	yes
vpc_cidr_block	VPC CIDR block for Boundary cluster	`string`	n/a	yes
vpc_id	VPC ID to deploy Boundary cluster	`string`	n/a	yes

Outputs

Name	Description
boundary_controller	Boundary controller attributes
boundary_lb	DNS name for Boundary load balancer
boundary_security_group	Security group for Boundary worker
boundary_sink_file	File path to audit log for Boundary events
kms_recovery_key_id	AWS KMS ID for recovery

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
modules		modules
templates		templates
tests		tests
.gitignore		.gitignore
.python-version		.python-version
.terraform.lock.hcl		.terraform.lock.hcl
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
controller.tf		controller.tf
db.tf		db.tf
iam.tf		iam.tf
kms.tf		kms.tf
lb.tf		lb.tf
outputs.tf		outputs.tf
providers.tf		providers.tf
variables.tf		variables.tf
worker.tf		worker.tf

License

joatmon08/terraform-aws-boundary

Folders and files

Latest commit

History

Repository files navigation

terraform-aws-boundary

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Topics

Resources

License

Stars

Watchers

Forks

Languages