Skip to main content
Sponsor @cloudposse

zscaler

This component is responsible for provisioning ZScaler Private Access Connector instances on Amazon Linux 2 AMIs.

Prior to provisioning this component, it is required that a SecureString SSM Parameter containing the ZScaler App Connector Provisioning Key is populated in each account corresponding to the regional stack the component is deployed to, with the name of the SSM Parameter matching the value of var.zscaler_key.

This parameter should be populated using chamber, which is included in the geodesic image:

chamber write zscaler key <value>

Where <value> is the ZScaler App Connector Provisioning Key. For more information on how to generate this key, see: ZScaler documentation on Configuring App Connectors.

Usage

Stack Level: Regional

The typical stack configuration for this component is as follows:

components:
  terraform:
    zscaler:
      vars:
        zscaler_count: 2

Preferably, regional stack configurations can be kept DRY by importing catalog/zscaler via the imports list at the top of the configuration.

import:
  ...
  - catalog/zscaler

Variables

Required Variables

region (string) required

AWS region

Optional Variables

ami_owner (string) optional

The owner of the AMI used for the ZScaler EC2 instances.


Default value: "amazon"

ami_regex (string) optional

The regex used to match the latest AMI to be used for the ZScaler EC2 instances.


Default value: "^amzn2-ami-hvm.*"

aws_ssm_enabled (bool) optional

Set true to install the AWS SSM agent on each EC2 instances.


Default value: true

instance_type (string) optional

The instance family to use for the ZScaler EC2 instances.


Default value: "m5n.large"

secrets_store_type (string) optional

Secret store type for Zscaler provisioning keys. Valid values: SSM, ASM (but ASM not currently supported)


Default value: "SSM"

security_group_rules (list(any)) optional

A list of maps of Security Group rules.
The values of map is fully completed with aws_security_group_rule resource.
To get more info see security_group_rule.



Default value:

[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "from_port": 0,
    "protocol": "-1",
    "to_port": 65535,
    "type": "egress"
  }
]
zscaler_count (number) optional

The number of Zscaler instances.


Default value: 1

zscaler_key (string) optional

SSM key (without leading /) for the Zscaler provisioning key secret.


Default value: "zscaler/key"

Context Variables

The following variables are defined in the context.tf file of this module and part of the terraform-null-label pattern.

additional_tag_map (map(string)) optional

Additional tags for appending to tags_as_list_of_maps. Not added to tags.
Required: No

Default value: { }

attributes (list(string)) optional

Additional attributes (e.g. 1)
Required: No

Default value: [ ]

context (any) optional

Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.


Required: No

Default value:

{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
delimiter (string) optional

Delimiter to be used between namespace, environment, stage, name and attributes.
Defaults to - (hyphen). Set to "" to use no delimiter at all.


Required: No

Default value: null

enabled (bool) optional

Set to false to prevent the module from creating any resources
Required: No

Default value: null

environment (string) optional

Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'
Required: No

Default value: null

id_length_limit (number) optional

Limit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for default, which is 0.
Does not affect id_full.


Required: No

Default value: null

label_key_case (string) optional

The letter case of label keys (tag names) (i.e. name, namespace, environment, stage, attributes) to use in tags.
Possible values: lower, title, upper.
Default value: title.


Required: No

Default value: null

label_order (list(string)) optional

The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present.


Required: No

Default value: null

label_value_case (string) optional

The letter case of output label values (also used in tags and id).
Possible values: lower, title, upper and none (no transformation).
Default value: lower.


Required: No

Default value: null

name (string) optional

Solution name, e.g. 'app' or 'jenkins'
Required: No

Default value: null

namespace (string) optional

Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'
Required: No

Default value: null

regex_replace_chars (string) optional

Regex to replace chars with empty string in namespace, environment, stage and name.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.


Required: No

Default value: null

stage (string) optional

Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'
Required: No

Default value: null

tags (map(string)) optional

Additional tags (e.g. map('BusinessUnit','XYZ')
Required: No

Default value: { }

Outputs

instance_id

Instance ID

private_ip

Private IP of the instance

Dependencies

Requirements

  • terraform, version: >= 0.13.0
  • aws, version: >= 3.0
  • null, version: >= 3.0
  • random, version: >= 3.0
  • template, version: >= 2.2
  • utils, version: >= 1.10.0

Providers

  • aws, version: >= 3.0
  • template, version: >= 2.2

Modules

NameVersionSourceDescription
ec2_zscaler0.32.2cloudposse/ec2-instance/awsn/a
iam_roleslatest../account-map/modules/iam-rolesn/a
this0.24.1cloudposse/label/nulln/a

Resources

The following resources are used by this module:

Data Sources

The following data sources are used by this module:

References