Skip to content

Latest commit

 

History

History
86 lines (63 loc) · 4.62 KB

README.md

File metadata and controls

86 lines (63 loc) · 4.62 KB
Raw

Banyan AWS Connector Module

This module creates an EC2 instance for the Banyan Connector. The EC2 instance lives in a private subnet with no ingress from the internet.

Usage

provider "banyan" {
  api_key = var.api_key
}

provider "aws" {
  region = "us-east-1"
}

module "aws_connector" {
  source                 = "banyansecurity/banyan-connector/aws"
  
  name                   = "my-banyan-connector"
  vpc_id                 = "vpc-0e73afd7c24062f0a"
  subnet_id              = "subnet-00e393f22c3f09e16"
  member_security_groups = [aws_security_group.allow_conn.id]
}

Notes

The connector is deployed in a private subnet, so the default value for management_cidr uses SSH open to the world on port 22. You can use the CIDR of your VPC, or a bastion host, instead.

Requirements

Name Version
banyan >=0.9.2

Providers

Name Version
aws n/a
banyan >=0.9.2

Modules

No modules.

Resources

Name Type
aws_security_group.sg resource
aws_ami.ubuntu data source
aws_instance.connector_vm resource
banyan_api_key.accesstier resource
banyan_connector.connector resource

Inputs

Name Description Type Default Required
name Name to use when registering this Connector with the Command Center console string n/a yes
command_center_url URL of the Banyan Command Center string "https://net.banyanops.com" no
package_version Override to use a specific version of connector (e.g. 1.3.0) string null no
cluster Name of an existing Shield cluster to register this Access Tier with. This value is set automatically if omitted from the configuration string null no
tunnel_private_domains Any internal domains that can only be resolved on your internal network’s private DNS list(string) null no
tunnel_cidrs Backend CIDR Ranges that correspond to the IP addresses in your private network(s) list(string) null no
instance_type EC2 instance type to use when creating Connector instance string "t3.small" no
management_cidrs CIDR blocks to allow SSH connections from list(string) [ "0.0.0.0/0" ] no
name_prefix String to be added in front of all AWS object names string "banyan" no
ssh_key_name Name of an SSH key stored in AWS to allow management access string "" no
subnet_id ID of the subnet where the Connector instance should be created string n/a yes
tags Add tags to each resource map(any) null no
vpc_id ID of the VPC in which to create the Connector string n/a yes

Outputs

Name Description
api_key_id ID of the API key associated with the Connector
name Name to use when registering this Connector with the console
security_group_id The ID of the security group, which can be added as an inbound rule on other backend groups (example: sg-1234abcd)