Skip to content
/ terraform-aws-banyan-accesstier Public
forked from banyansecurity/terraform-aws-banyan-accesstier

Terraform module to create an Access Tier in AWS for Banyan Security customers

License

Apache-2.0 license
0 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rb-nr/terraform-aws-banyan-accesstier

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
examples
examples
 
 
.gitignore
.gitignore
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
UPGRADE.md
UPGRADE.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Banyan AWS Access Tier Module

Creates an autoscaling Access Tier for use with Banyan Security.

This module creates an AWS auto-scaling group (ASG) and a network load balancer (NLB) for a Banyan Access Tier. Only the NLB is exposed to the public internet. The Access Tier and your applications live in private subnets with no ingress from the internet.

Usage

module "aws_accesstier" {
  source                 = "banyansecurity/banyan-accesstier/aws"
  region                 = "us-east-1"
  vpc_id                 = "vpc-0e73afd7c24062f0a"
  public_subnet_ids      = ["subnet-09ef9206ca406ffe7", "subnet-0bcb18d59e3ff3cc7"]
  private_subnet_ids     = ["subnet-00e393f22c3f09e16", "subnet-0dfce8195de704b65"]
  cluster_name           = "my-banyan-shield"
  site_name              = "my-banyan-site"
  site_domain_names      = ["*.banyan.mycompany.com"]
  ssh_key_name           = "my-ssh-key"
  refresh_token          = "eyJhbGciOiJSUzI1NiIsIm..."
  redirect_http_to_https = true
}

Notes

The default value for management_cidr leaves SSH open to the world on port 2222. You should probably use the CIDR of your VPC, or a bastion host, instead.

It's probably also a good idea to leave the refresh_token out of your code and pass it as a variable instead, so you don't accidentally commit your Banyan API token to your version control system:

variable "refresh_token" {
  type = string
}

module "aws_accesstier" {
  source                 = "banyansecurity/banyan-accesstier/aws"
  refresh_token          = var.refresh_token
  ...
}
export TF_VAR_refresh_token="eyJhbGciOiJSUzI1NiIsIm..."
terraform plan

Inputs

Name Description Type Default Required
region Region in which to create Access Tier string n/a yes
cluster_name Name of an existing Shield cluster to register this Access Tier with string n/a yes
site_name Name to use when registering this Access Tier with the console string n/a yes
private_subnet_ids IDs of the subnets where the Access Tier should create instances list(string) n/a yes
public_subnet_ids IDs of the subnets where the load balancer should create endpoints list(string) n/a yes
refresh_token API token generated from the Banyan console string n/a yes
site_domain_names List of aliases or CNAMEs that will direct traffic to this Access Tier list(string) n/a yes
ami_id ID of a custom AMI to use when creating Access Tier instances (leave blank to use default) string "" no
api_server URL to the Banyan API server string "https://net.banyanops.com/api/v1" no
cross_zone_enabled Allow load balancer to distribute traffic to other zones bool true no
default_ami_name If no AMI ID is supplied, use the most recent AMI from this project string "amzn2-ami-hvm-2.0.*-x86_64-ebs" no
healthcheck_cidrs CIDR blocks to allow health check connections from (recommended to use the VPC CIDR range) list(string) 
[
  "0.0.0.0/0"
]
 no
instance_type EC2 instance type to use when creating Access Tier instances string "t3.large" no
management_cidrs CIDR blocks to allow SSH connections from list(string) 
[
  "0.0.0.0/0"
]
 no
min_instances Minimum number of Access Tier instances to keep alive number 2 no
package_name Override to use a specific version of netagent (e.g. banyan-netagent-1.5.0) string "banyan-netagent" no
ssh_key_name Name of an SSH key stored in AWS to allow management access string "" no
vpc_id ID of the VPC in which to create the Access Tier string n/a yes
custom_user_data A list of strings representing commands to add to the Launch Configuration user data to execute during instance initialization. Each string (or each command) must end with \n. Example: ["touch some/file\n", "wget ...\n"] list(string) [] no
redirect_http_to_https If true, requests to the AccessTier on port 80 will be redirected to port 443 bool false no
iam_instance_profile The name attribute of the IAM instance profile to associate with launched instances. string null no

Outputs

Name Description
nlb_dns_name DNS name of the load balancer (example: banyan-nlb-b335ff082d3b27ff.elb.us-east-1.amazonaws.com)
nlb_zone_id Zone ID of the load balancer (example: Z26RNL4JYFTOTI)
security_group_id The ID of the security group attached to the access tier instances, which can be added as an inbound rule on other backend groups (example: sg-1234abcd)

Authors

Module created and managed by Todd Radel.

License

Licensed under Apache 2. See LICENSE for details.

About

Terraform module to create an Access Tier in AWS for Banyan Security customers

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • HCL 100.0%