Skip to content

Latest commit

 

History

History
87 lines (70 loc) · 9.16 KB

README.md

File metadata and controls

87 lines (70 loc) · 9.16 KB

Terraform Module for AWS Transit Gateway

This module contains resource files and example variable definition files to create and configure and EC2 Auto-Scaling Group to create a highly available Squid Proxy service. A Network Load Balancer is also created to forward traffic to the proxy instances. This module can be used to assist in deploying Cloudera Data Platform (CDP) Public Cloud in a fully private networking configuration where the CDP Environment uses a proxy configuration via the Network Load Balancer.

Usage

The examples directory has example of using this module:

  • ex01-minimal_inputs demonstrates how this module can be used to create Squid proxy instances and NLB in a networking VPC. The terraform-aws-vpc module is also used as part of this example.

The sample terraform.tfvars.sample describes the required inputs for the example.

Requirements

Name Version
terraform > 1.3.0
aws >= 5.30

Providers

Name Version
aws >= 5.30

Modules

No modules.

Resources

Name Type
aws_autoscaling_attachment.proxy_asg_tg_attach resource
aws_autoscaling_group.proxy_asg resource
aws_launch_template.proxy_lt resource
aws_lb.proxy_lb resource
aws_lb_listener.proxy_lb_listener resource
aws_lb_target_group.proxy_tg resource
aws_route.vpc_tgw_route resource
aws_security_group.proxy_sg resource
aws_security_group_rule.proxy_egress resource
aws_security_group_rule.proxy_ingress resource
aws_security_group_rule.proxy_lb_ingress resource
aws_ami.proxy_default_ami data source
aws_network_interface.proxy_lb data source
aws_region.current data source
aws_vpc.proxy_vpc data source

Inputs

Name Description Type Default Required
lb_subnet_ids The IDs of the subnet for the Network Load Balancer list(any) n/a yes
network_load_balancer_name Name of Network Load Balancer for the Proxy. string n/a yes
proxy_autoscaling_group_name Name of Autoscaling Group for the Proxy VMs. string n/a yes
proxy_aws_keypair_name SSH Keypair name for the proxy VM string n/a yes
proxy_launch_template_name Name of Launch Template for the Proxy VMs. string n/a yes
proxy_subnet_ids The IDs of the subnet where the proxy VMs will run list(any) n/a yes
target_group_proxy_name Name of Target Group for the Proxy. string n/a yes
vpc_id VPC ID for where the proxy VM will run string n/a yes
autoscaling_group_scaling Minimum, maximum and desired size of EC2 instance in the Auto Scaling Group. 
object({
    min_size         = number
    max_size         = number
    desired_capacity = number
  })
 
{
  "desired_capacity": 3,
  "max_size": 6,
  "min_size": 3
}
 no
aws_region AWS region, used in Proxy Whitelist configuration files. If not provided will perform lookup of aws_region data source. string null no
cdp_region CDP Control Plane region, used in Proxy Whitelist configuration files. string "us-west-1" no
create_proxy_sg Flag to specify if the Security Group for the proxy should be created. bool true no
egress_rules List of egress rules to create. Used only if create_proxy_sg is true 
list(object({
    cidrs     = list(string)
    from_port = number
    to_port   = optional(number)
    protocol  = string
  }))
 
[
  {
    "cidrs": [
      "0.0.0.0/0"
    ],
    "from_port": 0,
    "protocol": "all",
    "to_port": 0
  }
]
 no
enable_proxy_public_ip Assign a public IP address to the Proxy VM bool true no
env_tags Tags applied to provisioned resources map(any) {} no
ingress_rules List of ingress rules to create. Used only if create_proxy_sg is true 
list(object({
    cidrs     = list(string)
    from_port = number
    to_port   = optional(number)
    protocol  = string
  }))
 [] no
proxy_aws_ami The AWS AMI to use for the proxy VM string null no
proxy_aws_instance_type The EC2 instance type to use for the proxy VM string "t3.medium" no
proxy_launch_template_user_data_file Location of the AWS Launch Template user data script. If not specified the files/user-data-proxy.sh.tpl file accompanying the module is used. string null no
proxy_port Port number which the proxy and NLB listens number 3129 no
proxy_security_group_id ID for existing Security Group to be used for the proxy VM. Required when create_proxy_sg is false string null no
proxy_security_group_name Name of Proxy Security Group for CDP environment. Used only if create_proxy_sg is true. string null no
proxy_whitelist_file Location of the Proxy Whitelist file. If not specified the files/squid-http-whitelist.txt.tpl file accompanying the module is used. string null no
route_tables_to_update List of any route tables to update to point to the Network interface of the Proxy VM 
list(object({
    route_tables           = list(string)
    availability_zones     = optional(list(string))
    destination_cidr_block = string
  }))
 [] no

Outputs

Name Description
proxy_lb_arn ARN of the Proxy Load Balancer
proxy_lb_dns_name DNS Name of the Proxy Load Balancer
proxy_port Port where Proxy is running