This is a terraform module to create Volterra's Web Application Security usecase. Read the Web Appplication Security usecase guide to learn more.
-
Signup For Volterra Account
If you don't have a Volterra account. Please follow this link to signup
-
Download Volterra API credentials file
Follow how to generate API Certificate to create API credentials
-
Setup domain delegation
Follow steps from this link to create domain delegation
-
Install terraform
For homebrew installed on macos, run below command to install terraform. For rest of the os follow the instructions from this link to install terraform
$ brew tap hashicorp/tap $ brew install hashicorp/tap/terraform # to update $ brew upgrade hashicorp/tap/terraform -
Export the API certificate password, path to your local p12 file and your api url as environment variables, this is needed for volterra provider to work
export VES_P12_PASSWORD=<your credential password> export VOLT_API_P12_FILE=<path to your local p12 file> export VOLT_API_URL=<team or org tenant api url>
terraform {
required_providers {
volterra = {
source = "volterraedge/volterra"
version = "0.11.5"
}
}
}
variable "api_url" {
#--- UNCOMMENT FOR TEAM OR ORG TENANTS
# default = "https://<TENANT-NAME>.console.ves.volterra.io/api"
#--- UNCOMMENT FOR INDIVIDUAL/FREEMIUM
# default = "https://console.ves.volterra.io/api"
}
# This points the absolute path of the api credentials file you downloaded from Volterra
variable "api_p12_file" {
default = "path/to/your/api-creds.p12"
}
variable "app_fqdn" {}
variable "namespace" {
default = ""
}
variable "name" {}
locals{
namespace = var.namespace != "" ? var.namespace : var.name
}
module "web-app-security" {
source = "volterraedge/web-app-security/volterra"
web_app_name = var.name
volterra_namespace = local.namespace
app_domain = var.app_fqdn
}
output "web_app_url" {
value = module.web-app-security.app_url
}| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| volterra | >= 0.11.5 |
| Name | Version |
|---|---|
| volterra | >= 0.11.5 |
No modules.
| Name | Type |
|---|---|
| volterra_app_firewall.this | resource |
| volterra_http_loadbalancer.this | resource |
| volterra_namespace.this | resource |
| volterra_origin_pool.this | resource |
| volterra_namespace.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app_domain | FQDN for the app. If you have delegated domain prod.example.com, then your app_domain can be <app_name>.prod.example.com |
string |
n/a | yes |
| enable_hsts | Flag to enable hsts for HTTPS loadbalancer | bool |
false |
no |
| enable_redirect | Flag to enable http redirect to HTTPS loadbalancer | bool |
true |
no |
| js_cookie_expiry | Javascript cookie expiry time in seconds | number |
3600 |
no |
| js_script_delay | Javascript challenge delay in miliseconds | number |
5000 |
no |
| origin_server_dns_name | Origin server's publicly resolvable dns name | string |
"www.f5.com" |
no |
| origin_server_sni | Origin server's SNI value | string |
"" |
no |
| volterra_namespace | Volterra app namespace where the object will be created. This cannot be system or shared ns. | string |
n/a | yes |
| volterra_namespace_exists | Flag to create or use existing volterra namespace | string |
false |
no |
| web_app_name | Web App Name. Also used as a prefix in names of related resources. | string |
n/a | yes |
| Name | Description |
|---|---|
| app_url | Domain VIP to access the web app |