A Terraform module to deploy a Boundary cluster on AWS for testing and exploration. It uses the latest release of HashiCorp Boundary available for Linux.
It uses AWS KMS and disables TLS. For the exact configuration,
review the controller and worker configuration under
templates/
.
NOTE: Use this module for testing purposes only!
Name | Version |
---|---|
terraform | >=1.0 |
aws | >=5.0 |
Name | Version |
---|---|
aws | 5.15.0 |
Name | Source | Version |
---|---|---|
iam | ./modules/iam | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
additional_tags | List of tags for Boundary resources | map(string) |
{} |
no |
allow_cidr_blocks_to_api | IP addresses to allow connection to Boundary API | list(string) |
n/a | yes |
allow_cidr_blocks_to_workers | IP addresses to allow connection to Boundary workers | list(string) |
n/a | yes |
boundary_db_password | Boundary database password | string |
n/a | yes |
boundary_db_username | Boundary database username | string |
"boundary" |
no |
boundary_sink_file_name | File name for Boundary events sink | string |
"audit.log" |
no |
boundary_sink_file_path | File path for Boundary events sink | string |
"/var/log/boundary" |
no |
datadog_api_key | Datadog API Key for audit logging | string |
null |
no |
enable_ssh_to_controller | Enable SSH rule to controller | bool |
false |
no |
key_pair_name | Name of AWS key pair for SSH into Boundary instances | string |
null |
no |
name | name of resources | string |
n/a | yes |
num_controllers | Number of controller nodes | number |
1 |
no |
num_workers | Number of worker nodes | number |
1 |
no |
private_subnet_ids | List of private subnet ids for Boundary database | list(string) |
n/a | yes |
public_subnet_ids | List of public subnet ids for Boundary | list(string) |
n/a | yes |
vpc_cidr_block | VPC CIDR block for Boundary cluster | string |
n/a | yes |
vpc_id | VPC ID to deploy Boundary cluster | string |
n/a | yes |
Name | Description |
---|---|
boundary_controller | Boundary controller attributes |
boundary_lb | DNS name for Boundary load balancer |
boundary_security_group | Security group for Boundary worker |
boundary_sink_file | File path to audit log for Boundary events |
kms_recovery_key_id | AWS KMS ID for recovery |