Note: Like HashiCorp Boundary, this module is relatively new and may contain some issues. If you do experience an issue, please create a new issue in the repository. Pull requests are also welcome!
This module uses Terraform to install HashiCorp Boundary in an Amazon Web Services (AWS) account.
This module uses the official documentation to install a highly available service.
This module creates the following resources:
- A virtual private cloud with all associated networking resources (e.g., public and private subnets, route tables, internet gateways, NAT gateways, etc)
- A PostgreSQL RDS instance used by the Boundary controllers
- Two AWS KMS keys, one for
rootand the other forworker-auth - An application load balancer (ALB) that serves as a gateway to the Boundary UI/API
- Two auto scaling groups, one for controller instances and the other for worker instances
For more information on Boundary, please visit the official documentation or the tutorials on HashiCorp Learn.
To use this module, the following environment variables are required:
| Name |
|---|
AWS_ACCESS_KEY_ID |
AWS_SECRET_ACCESS_KEY |
AWS_DEFAULT_REGION |
After exporting the environment variables, simply run the following command:
$ terraform apply
This module creates the controller instances before the worker instances. This implicit dependency ensures that the controller and worker instances share the same worker-auth KMS key.
The controller module also initializes the PostgreSQL database using the following command:
$ boundary database init -config /etc/boundary/configuration.hcl
After initializing the database, Boundary outputs information required to authenticate as defined here. Notably, the Auth Method ID, Login Name, and Password are generated.
Since initializing the database is a one-time operation, this module writes the output of the command to an S3 bucket so that the user always has access to this information.
In order to retrieve the information, you can invoke the following command:
$ $(terraform output s3command)
Note: The $ before the ( is required to run this command.
The result of running the command displays the contents of the cloud-init-output.log, which contains the output of the boundary database init command.
After you run this command, you can visit the Boundary UI using the dns_name output.
To authenticate to Boundary, you can reference this guide.
Note: If you attempt to run the authenticate command and are met with this error Error trying to perform authentication: dial tcp 127.0.0.1:9200: connect: connection refused, you can export the BOUNDARY_ADDR environment variable to the value of the DNS name of the ALB. For example:
export BOUNDARY_ADDR="http://$(terraform output dns_name)"
As mentioned in the beginning of the README, this module is relatively new and may have issues. If you do discover an issue, please create a new issue or a pull request.
As always, thanks for using this module!
| Name | Version |
|---|---|
| terraform | ~> 1.0 |
| terraform | >= 0.13 |
| Name | Version |
|---|---|
| aws | n/a |
| random | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| boundary_release | The version of Boundary to install | string |
"0.1.0" |
no |
| cidr_block | The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. | string |
"10.0.0.0/16" |
no |
| controller_desired_capacity | The capacity the controller Auto Scaling group attempts to maintain | number |
3 |
no |
| controller_instance_type | Specifies the instance type of the controller EC2 instance | string |
"t3.small" |
no |
| controller_max_size | The maximum size of the controller group | number |
3 |
no |
| controller_min_size | The minimum size of the controller group | number |
3 |
no |
| key_name | The name of the key pair | string |
"" |
no |
| private_subnets | List of private subnets | list(string) |
[] |
no |
| public_subnets | List of public subnets | list(string) |
[] |
no |
| tags | One or more tags | map(string) |
{} |
no |
| vpc_id | The ID of the VPC | string |
"" |
no |
| worker_desired_capacity | The capacity the worker Auto Scaling group attempts to maintain | number |
3 |
no |
| worker_instance_type | Specifies the instance type of the worker EC2 instance | string |
"t3.small" |
no |
| worker_max_size | The maximum size of the worker group | number |
3 |
no |
| worker_min_size | The minimum size of the worker group | number |
3 |
no |
| Name | Description |
|---|---|
| dns_name | The public DNS name of the controller load balancer |
| s3command | The S3 cp command used to display the contents of the cloud-init-output.log |