Terraform plan for adding Chef Compliance. Requires Chef Server
- Requires:
- AWS (duh!)
- AWS subnet id
- AWS VPC id
- SSL certificate/key for created instance
- Uses a public IP and public DNS
- Creates default security group as follows:
- 22/tcp: SSH
- 443/tcp: HTTPS
- 80/tcp: HTTP
- Understand Terraform and ability to read the source
All supported OSes are 64-bit and HVM (though PV should be supported)
- Ubuntu 12.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 16.04 LTS (pending)
- CentOS 6 (Default)
- CentOS 7 (pending)
- Others (here be dragons! Please see Map Variables)
These resources will incur charges on your AWS bill. It is your responsibility to delete the resources.
Create a local terraform.tfvars and populate with override values for variables listed. Once the plan run is complete, navigate to https://host.domain.tld/ to accept the EULA and create the first administrative user and begin using the product.
aws_access_key: Your AWS key, usually referred to asAWS_ACCESS_KEY_IDaws_flavor: The AWS instance type. Default:c3.xlargeaws_key_name: The private key pair name on AWS to use (String)aws_private_key_file: The full path to the private kye matchingaws_key_namepublic key on AWSaws_region: AWS region you want to deploy to. Default:us-west-1aws_secret_key: Your secret for your AWS key, usually referred to asAWS_SECRET_ACCESS_KEYaws_subnet_id: The AWS id of the subnet to use. Example:subnet-ffffffffaws_vpc_id: The AWS id of the VPC to use. Example:vpc-ffffffff
accept_license: Chef MLSA license agreement. Default:false; change totrueto indicate agreementallowed_cidrs: The comma seperated list of addresses in CIDR format to allow SSH access. Default:0.0.0.0/0chef_fqdn: DNS address of the Chef Serverchef_org: Chef organization to join tochef_org_validator: Path to validation PEM file for your chef organizationdomain: Server's basename. Default:localdomainhostname: Server's basename. Default:complianceknife_rb: Path to yourknife.rbconfiguration filelog_to_file: Log chef-client to file. Default:truepublic_ip: Associate public IP to instance. Defaulttrueroot_delete_termination: Delete root device on VM termination. Default:trueserver_count: Server count. Default:1; DO NOT CHANGE!ssl_cert: Server SSL certificate in PEM formatssl_key: Server SSL certificate keytag_description: Text field tag 'Description'wait_on: Method for passing in dependencies through modules to control workflow
The below mapping variables construct selection criteria
ami_map: AMI selection map comprised ofami_osandaws_regionami_usermap: Default username selection map based offami_os
The ami_map is a combination of ami_os and aws_region which declares the AMI selected. To override this pre-declared AMI, define
ami_map.<ami_os>-<aws_region> = "value"
Variable ami_os should be one of the following:
- centos6 (default)
- centos7
- ubuntu12
- ubuntu14
- ubuntu16
Variable aws_region should be one of the following:
- us-east-1
- us-west-2
- us-west-1 (default)
- eu-central-1
- eu-west-1
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ap-northeast-2
- sa-east-1
- Custom (must be an AWS region, requires setting
ami_mapand setting AMI value)
Map ami_usermap uses ami_os to look the default username for interracting with the instance. To override this pre-declared user, define
ami_usermap.<ami_os> = "value"
fqdn: The fully qualified domain name of the instanceprivate_ip: The private IP address of the instancepublic_ip: The public IP address of the instancesecurity_group_id: The AWS security group id for this instance
GIST for runtime has not yet been added. Check back later!
Please understand that this is a work in progress and is subject to change rapidly. Please be sure to keep up to date with the repo should you fork, and feel free to contact me regarding development and suggested direction
Please refer to the CHANGELOG.md
This is licensed under the Apache 2.0 license.