Skip to content
This repository has been archived by the owner. It is now read-only.
apopova edited this page Jun 1, 2022 · 3 revisions

Terraform is a tool to describe an infrastructure via configuration files and run a single application or your entire datacenter on the basis of these configuration files. To get more information, please use Terraform official documentation.

Wallarm filtering node can be also deployed via Terraform. This GitHub repository provides an example of the Terraform code which can be easily used to deploy a cluster of Wallarm filtering node in AWS public cloud. The example code deploys a complete set of required AWS resources like VPC, subnets, routing tables, Security Groups, SSH public keys, etc, including a simple Wordpress application to be protected by the Wallarm filtering node.

Recommended reading

Resources being used in the Terraform example

The example uses the following resources:

  • An official Wallarm Node AMI available on the AWS Marketplace
  • AWS Autoscaling Group (ASG) feature for automatic scaling of cluster size up or down depending on CPU load of active nodes
  • AWS CloudWatch metrics and alerts to monitor the CPU usage of active nodes
  • AWS NLB load balancer instance to monitor the availability of registered nodes and distribute incoming web requests among healthy instances

While the document is based on the Official Wallarm Node AMI the same approach can be used for a custom Wallarm filtering node AMI built by you.

The network architecture to be deployed with the Terraform example

The provided Terraform code deploys the following network architecture:

  • A new VPC called tf-wallarm-demo and associated resources like Public Subnets, Routing Table, Internet Gateway.
  • An ASG managing a cluster of Wallarm filtering nodes. The ASG will use AWS's User Data feature to automatically configure new filtering nodes. The implemented provisioning process is mostly following the manual configuration process described on this page.
  • An NLB instance facing the Internet and accepting incoming requests to ports 80/TCP and 443/TCP; the requests are passed to the Wallarm filtering nodes. The NLB instance will not terminate SSL sessions (assuming that the filtering nodes will provide the functionality).
  • An ASG running a sample Wordpress application, and an associated ELB instance. The Wallarm nodes are automatically configured to proxy incoming requests to the DNS name of the Wordpress ELB instance.

Quick start with Terraform example code

See the Wiki page

Description of example Terraform code

See the Wiki page