Support host_tags, groups_by_userinfo, name_prefix

banyansecurity · Feb 26, 2021 · d7bfde3 · d7bfde3
1 parent ce97128
commit d7bfde3
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 # Local .terraform directories
 .terraform/
+.terraform.*
 
 # .tfstate files
 *.tfstate

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,17 @@
+## v1.1.10
+ * Support additional AccessTier tags via `host_tags` variable.
+ * Support large tokens via `groups_by_userinfo` variable.
+ * Support custom naming prefix for all AWS resources via `name_prefix` variable.
+
+## v1.1.9
+ * Align release to correct tag
+
+## v1.1.8
+ * Add custom tags to port 80 listener for NLB
+
+## v1.1.7
+ * Better support for port 80 redirects
+
 ## v1.1.6
  * Added parameter for setting an IAM Instance Profile on ASG instances.
 

diff --git a/main.tf b/main.tf
@@ -9,7 +9,7 @@ data aws_ami "default_ami" {
 }
 
 resource aws_security_group "sg" {
-  name        = "banyan-accesstier-sg"
+  name        = "${var.name_prefix}-accesstier-sg"
   description = "Elastic Access Tier ingress traffic"
   vpc_id      = var.vpc_id
 
@@ -64,7 +64,7 @@ resource aws_security_group "sg" {
 }
 
 resource "aws_autoscaling_group" "asg" {
-  name                      = "banyan-accesstier-asg"
+  name                      = "${var.name_prefix}-accesstier-asg"
   launch_configuration      = aws_launch_configuration.conf.name
   max_size                  = 10
   min_size                  = var.min_instances
@@ -90,7 +90,7 @@ resource "aws_autoscaling_group" "asg" {
 }
 
 resource aws_launch_configuration "conf" {
-  name_prefix     = "banyan-accesstier-conf-"
+  name_prefix     = "${var.name_prefix}-accesstier-conf-"
   image_id        = var.ami_id != "" ? var.ami_id : data.aws_ami.default_ami.id
   instance_type   = var.instance_type
   key_name        = var.ssh_key_name
@@ -124,14 +124,15 @@ resource aws_launch_configuration "conf" {
     "BANYAN_SITE_DOMAIN_NAMES=", join(",", var.site_domain_names), " ",
     "BANYAN_SITE_AUTOSCALE=true ",
     "BANYAN_API=${var.api_server} ",
-    "BANYAN_HOST_TAGS= ",
+    "BANYAN_GROUPS_BY_USERINFO=${var.groups_by_userinfo} ",
+    "BANYAN_HOST_TAGS=", join(",", [for k, v in var.host_tags: format("%s=%s", k, v)]), " ",
     "./install ${var.refresh_token} ${var.cluster_name} \n",
     "echo 'Port 2222' >> /etc/ssh/sshd_config && /bin/systemctl restart sshd.service\n",
   ], var.custom_user_data))
 }
 
 resource aws_alb "nlb" {
-  name                             = "banyan-nlb"
+  name                             = "${var.name_prefix}-nlb"
   load_balancer_type               = "network"
   internal                         = false
   subnets                          = var.public_subnet_ids
@@ -143,7 +144,7 @@ resource aws_alb "nlb" {
 }
 
 resource aws_lb_target_group "target443" {
-  name     = "banyan-tg-443"
+  name     = "${var.name_prefix}-tg-443"
   vpc_id   = var.vpc_id
   port     = 443
   protocol = "TCP"
@@ -173,7 +174,7 @@ resource aws_lb_listener "listener443" {
 resource aws_lb_target_group "target80" {
   count = var.redirect_http_to_https ? 1 : 0
 
-  name     = "banyan-tg-80"
+  name     = "${var.name_prefix}-tg-80"
   vpc_id   = var.vpc_id
   port     = 80
   protocol = "TCP"
@@ -203,7 +204,7 @@ resource aws_lb_listener "listener80" {
 }
 
 resource aws_lb_target_group "target8443" {
-  name     = "banyan-tg-8443"
+  name     = "${var.name_prefix}-tg-8443"
   vpc_id   = var.vpc_id
   port     = 8443
   protocol = "TCP"
@@ -231,7 +232,7 @@ resource aws_lb_listener "listener8443" {
 }
 
 resource aws_autoscaling_policy "cpu_policy" {
-  name                   = "banyan-cpu-scaling-policy"
+  name                   = "${var.name_prefix}-cpu-scaling-policy"
   autoscaling_group_name = aws_autoscaling_group.asg.name
   policy_type            = "TargetTrackingScaling"
   target_tracking_configuration {

diff --git a/variables.tf b/variables.tf
@@ -121,3 +121,21 @@ variable "tags" {
   description = "Add tags to each resource"
   default     = null
 }
+
+variable "host_tags" {
+  type        = map 
+  description = "Additional tags to assign to this AccessTier"
+  default     = {"type": "access_tier"}
+}
+
+variable "groups_by_userinfo" {
+  type        = bool
+  description = "Derive groups information from userinfo endpoint"
+  default     = false
+}
+
+variable "name_prefix" {
+  type        = string
+  description = "String to be added in front of all AWS object names"
+  default     = "banyan"
+}