GithubHelp home page GithubHelp logo

isabella232 / terraform-aws-banyan-accesstier Goto Github PK

View Code? Open in Web Editor NEW

This project forked from semanticsugar/terraform-aws-banyan-accesstier

0.0 0.0 0.0 45 KB

Terraform module to create an Access Tier in AWS for Banyan Security customers

License: Apache License 2.0

HCL 100.00%

terraform-aws-banyan-accesstier's Introduction

Banyan AWS Access Tier Module

Creates an autoscaling Access Tier for use with Banyan Security.

This module creates an AWS auto-scaling group (ASG) and a network load balancer (NLB) for a Banyan Access Tier. Only the NLB is exposed to the public internet. The Access Tier and your applications live in private subnets with no ingress from the internet.

Usage

module "aws_accesstier" {
  source                 = "banyansecurity/banyan-accesstier/aws"
  region                 = "us-east-1"
  vpc_id                 = "vpc-0e73afd7c24062f0a"
  public_subnet_ids      = ["subnet-09ef9206ca406ffe7", "subnet-0bcb18d59e3ff3cc7"]
  private_subnet_ids     = ["subnet-00e393f22c3f09e16", "subnet-0dfce8195de704b65"]
  cluster_name           = "my-banyan-shield"
  site_name              = "my-banyan-site"
  site_domain_names      = ["*.banyan.mycompany.com"]
  ssh_key_name           = "my-ssh-key"
  refresh_token          = "eyJhbGciOiJSUzI1NiIsIm..."
  redirect_http_to_https = true
}

Notes

The default value for management_cidr leaves SSH open to the world on port 2222. You should probably use the CIDR of your VPC, or a bastion host, instead.

It's probably also a good idea to leave the refresh_token out of your code and pass it as a variable instead, so you don't accidentally commit your Banyan API token to your version control system:

variable "refresh_token" {
  type = string
}

module "aws_accesstier" {
  source                 = "banyansecurity/banyan-accesstier/aws"
  refresh_token          = var.refresh_token
  ...
}
export TF_VAR_refresh_token="eyJhbGciOiJSUzI1NiIsIm..."
terraform plan

Inputs

Name Description Type Default Required
region Region in which to create Access Tier string n/a yes
cluster_name Name of an existing Shield cluster to register this Access Tier with string n/a yes
site_name Name to use when registering this Access Tier with the console string n/a yes
private_subnet_ids IDs of the subnets where the Access Tier should create instances list(string) n/a yes
public_subnet_ids IDs of the subnets where the load balancer should create endpoints list(string) n/a yes
refresh_token API token generated from the Banyan console string n/a yes
site_domain_names List of aliases or CNAMEs that will direct traffic to this Access Tier list(string) n/a yes
ami_id ID of a custom AMI to use when creating Access Tier instances (leave blank to use default) string "" no
api_server URL to the Banyan API server string "https://net.banyanops.com/api/v1" no
cross_zone_enabled Allow load balancer to distribute traffic to other zones bool true no
default_ami_name If no AMI ID is supplied, use the most recent AMI from this project string "amzn2-ami-hvm-2.0.*-x86_64-ebs" no
healthcheck_cidrs CIDR blocks to allow health check connections from (recommended to use the VPC CIDR range) list(string) 
[
  "0.0.0.0/0"
]
 no
instance_type EC2 instance type to use when creating Access Tier instances string "t3.large" no
management_cidrs CIDR blocks to allow SSH connections from list(string) 
[
  "0.0.0.0/0"
]
 no
min_instances Minimum number of Access Tier instances to keep alive number 2 no
package_name Override to use a specific version of netagent (e.g. banyan-netagent-1.5.0) string "banyan-netagent" no
ssh_key_name Name of an SSH key stored in AWS to allow management access string "" no
vpc_id ID of the VPC in which to create the Access Tier string n/a yes
custom_user_data A list of strings representing commands to add to the Launch Configuration user data to execute during instance initialization. Each string (or each command) must end with \n. Example: ["touch some/file\n", "wget ...\n"] list(string) [] no
redirect_http_to_https If true, requests to the AccessTier on port 80 will be redirected to port 443 bool false no
iam_instance_profile The name attribute of the IAM instance profile to associate with launched instances. string null no

Outputs

Name Description
nlb_dns_name DNS name of the load balancer (example: banyan-nlb-b335ff082d3b27ff.elb.us-east-1.amazonaws.com)
nlb_zone_id Zone ID of the load balancer (example: Z26RNL4JYFTOTI)
security_group_id The ID of the security group attached to the access tier instances, which can be added as an inbound rule on other backend groups (example: sg-1234abcd)

Authors

Module created and managed by Todd Radel.

License

Licensed under Apache 2. See LICENSE for details.

terraform-aws-banyan-accesstier's People

Contributors

mikeurbanski1 avatar rb-nr avatar tradel avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.