strongdm

This component provisions strongDM gateway, relay and roles

Usage

Stack Level: Regional

Use this in the catalog or use these variables to overwrite the catalog values.

components:
  terraform:
    strong-dm:
      vars:
        enabled: true

Variables

Required Variables

region (string) required

AWS Region

ssm_account (string) required

Account (stage) housing SSM parameters

ssm_region (string) required

AWS Region housing SSM parameters

Optional Variables

create_roles (bool) optional

Set true to create roles (should only be set in one account)

Default value: false

dns_zone (string) optional

DNS zone (e.g. example.com) into which to install the web host.

Default value: null

gateway_count (number) optional

Number of gateways to provision

Default value: 2

install_gateway (bool) optional

Set true to install a pair of gateways

Default value: false

install_relay (bool) optional

Set true to install a pair of relays

Default value: true

kms_alias_name (string) optional

AWS KMS alias used for encryption/decryption default is alias used in SSM

Default value: "alias/aws/ssm"

kubernetes_namespace (string) optional

The Kubernetes namespace to install the release into. Defaults to default.

Default value: null

register_nodes (bool) optional

Set true to register nodes as SSH targets

Default value: true

relay_count (number) optional

Number of relays to provision

Default value: 2

Context Variables

The following variables are defined in the context.tf file of this module and part of the terraform-null-label pattern.

additional_tag_map (map(string)) optional

Additional tags for appending to tags_as_list_of_maps. Not added to tags.
Required: No

Default value: { }

attributes (list(string)) optional

Additional attributes (e.g. 1)
Required: No

Default value: [ ]

context (any) optional

Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.

Required: No

Default value:

{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}

delimiter (string) optional

Delimiter to be used between namespace, environment, stage, name and attributes.
Defaults to - (hyphen). Set to "" to use no delimiter at all.

Required: No

Default value: null

enabled (bool) optional

Set to false to prevent the module from creating any resources
Required: No

Default value: null

environment (string) optional

Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'
Required: No

Default value: null

id_length_limit (number) optional

Limit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for default, which is 0.
Does not affect id_full.

Required: No

Default value: null

label_key_case (string) optional

The letter case of label keys (tag names) (i.e. name, namespace, environment, stage, attributes) to use in tags.
Possible values: lower, title, upper.
Default value: title.

Required: No

Default value: null

label_order (list(string)) optional

The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present.

Required: No

Default value: null

label_value_case (string) optional

The letter case of output label values (also used in tags and id).
Possible values: lower, title, upper and none (no transformation).
Default value: lower.

Required: No

Default value: null

name (string) optional

Solution name, e.g. 'app' or 'jenkins'
Required: No

Default value: null

namespace (string) optional

Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'
Required: No

Default value: null

regex_replace_chars (string) optional

Regex to replace chars with empty string in namespace, environment, stage and name.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.

Required: No

Default value: null

stage (string) optional

Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'
Required: No

Default value: null

tags (map(string)) optional

Additional tags (e.g. map('BusinessUnit','XYZ')
Required: No

Default value: { }

Dependencies

Requirements

• terraform, version: >= 0.13.0
• aws, version: >= 3.0
• helm, version: >= 2.2.0
• sdm, version: >= 1.0.19

Providers

• aws, version: >= 3.0
• aws, version: >= 3.0
• helm, version: >= 2.2.0
• sdm, version: >= 1.0.19

Modules

Name	Version	Source	Description
iam_roles	latest	../account-map/modules/iam-roles	n/a
iam_roles_network	latest	../account-map/modules/iam-roles	n/a
this	0.24.1	cloudposse/label/null	n/a

Resources

The following resources are used by this module:

• aws_ssm_parameter.gateway_tokens (resource)
• aws_ssm_parameter.relay_tokens (resource)
• aws_ssm_parameter.ssh_admin_token (resource)
• helm_release.cleanup (resource)
• helm_release.gateway (resource)
• helm_release.node (resource)
• helm_release.relay (resource)
• sdm_node.gateway (resource)
• sdm_node.relay (resource)

Data Sources

The following data sources are used by this module:

• aws_ssm_parameter.api_access_key (data source)
• aws_ssm_parameter.api_secret_key (data source)
• aws_ssm_parameter.ssh_admin_token (data source)

References

• https://github.com/spotinst/spotinst-kubernetes-helm-charts
• https://docs.spot.io/ocean/tutorials/spot-kubernetes-controller/