This module sets up VPCs, DNS zones, and security groups for running validator nodes on polkadot.
For Terraform v0.12.0+
module "this" {
source = "github.com/insight-infrastructure/terraform-aws-polkadot-network"
}
No issue is creating limit on this module.
| Name | Version |
|---|---|
| aws | n/a |
| cloudflare | n/a |
| template | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| all_enabled | Bool to enable all the security groups | bool |
false |
no |
| allow_ssh_commands | Allows the SSH user to execute one-off commands. Pass 'True' to enable. Warning: These commands are not logged and increase the vulnerability of the system. Use at your own discretion. | string |
"" |
no |
| api_enabled | Boolean to allow api related traffic | bool |
false |
no |
| api_sg_name | Name for the api security group | string |
"api-sg" |
no |
| azs | List of availability zones | list(string) |
[] |
no |
| bastion_enabled | Boolean to enable a bastion host. All ssh traffic restricted to bastion | bool |
false |
no |
| bastion_host_name | The hostname for bastion | string |
"bastion" |
no |
| bastion_instance_type | The instance type of the bastion instances. | string |
"t2.nano" |
no |
| bastion_monitoring_enabled | Cloudwatch monitoring on bastion | bool |
true |
no |
| bastion_sg_name | Name for the bastion security group | string |
"bastion-sg" |
no |
| bucket_force_destroy | The bucket and all objects should be destroyed when using true | bool |
false |
no |
| bucket_name | Bucket name were the bastion will store the logs | string |
"" |
no |
| bucket_versioning | Enable bucket versioning or not | bool |
true |
no |
| cidr | The cidr range for network | string |
"10.0.0.0/16" |
no |
| cloudflare_enable | Make records in cloudflare | bool |
false |
no |
| consul_enabled | Boolean to allow consul traffic | bool |
false |
no |
| consul_sg_name | Name for the consult security group | string |
"consul-sg" |
no |
| corporate_ip | The corporate IP you want to restrict ssh traffic to | string |
"" |
no |
| create_bastion | Bool to create bastion instance | bool |
false |
no |
| create_internal_domain | Boolean to create an internal split horizon DNS | bool |
false |
no |
| create_public_regional_subdomain | Boolean to create regional subdomain - ie us-east-1.example.com | bool |
false |
no |
| domain_name | #### DNS #### | string |
"" |
no |
| extra_user_data_content | Additional scripting to pass to the bastion host. For example, this can include installing postgresql for the psql command. |
string |
"" |
no |
| hids_enabled | Boolean to enable intrusion detection systems traffic | bool |
false |
no |
| hids_sg_name | Name for the HIDS security group | string |
"hids-sg" |
no |
| id | A unique identifier for the deployment | string |
"" |
no |
| internal_tld | The top level domain for the internal DNS | string |
"internal" |
no |
| k8s_enabled | Boolean to enable kubernetes | bool |
false |
no |
| k8s_sg_name | Name for the consult security group | string |
"k8s-sg" |
no |
| log_auto_clean | Enable or not the lifecycle | bool |
false |
no |
| log_expiry_days | Number of days before logs expiration | number |
90 |
no |
| log_glacier_days | Number of days before moving logs to Glacier | number |
60 |
no |
| log_standard_ia_days | Number of days before moving logs to IA Storage | number |
30 |
no |
| logging_enabled | Boolean to allow logging related traffic | bool |
false |
no |
| logging_sg_name | Name for the logging security group | string |
"logging-sg" |
no |
| monitoring_enabled | Boolean to for prometheus related traffic | bool |
false |
no |
| monitoring_sg_name | Name for the monitoring security group | string |
"monitoring-sg" |
no |
| name | The name of the deployment | string |
"polkadot-api" |
no |
| namespace | The namespace to deploy into | string |
"polkadot" |
no |
| network_name | The network name, ie kusama / mainnet | string |
"kusama" |
no |
| num_azs | The number of AZs to deploy into | number |
0 |
no |
| polkadot_network_settings | Map of port settings for one or more polkadot networks | map(map(string)) |
{ |
no |
| public_key_paths | List of paths to public ssh keys | list(string) |
[] |
no |
| public_ssh_port | Set the SSH port to use from desktop to the bastion | number |
22 |
no |
| root_domain_name | The public domain | string |
"" |
no |
| subdomain | The subdomain | string |
"" |
no |
| tags | The tags of the deployment | map(string) |
{} |
no |
| validator_enabled | Boolean to allow validator related traffic | bool |
false |
no |
| validator_sg_name | Name for the validator security group | string |
"validator-sg" |
no |
| vpc_name | The name of the VPC | string |
"" |
no |
| zone_id | The zone ID to configure as the root zoon - ie subdomain.example.com's zone ID | string |
"" |
no |
| Name | Description |
|---|---|
| api_security_group_id | n/a |
| azs | n/a |
| bastion_security_group_id | #### SGs #### |
| consul_security_group_id | n/a |
| hids_security_group_id | n/a |
| internal_tld | n/a |
| k8s_security_group_id | n/a |
| logging_security_group_id | n/a |
| monitoring_security_group_id | n/a |
| private_subnets | n/a |
| private_subnets_cidr_blocks | n/a |
| public_regional_domain | n/a |
| public_subnet_cidr_blocks | n/a |
| public_subnets | n/a |
| root_domain_name | #### DNS #### |
| validator_security_group_id | n/a |
| vpc_id | #### VPC #### |
Module managed by [{{ cookiecutter.owner }}](github.com/{{ cookiecutter.owner }})
Apache 2 Licensed. See LICENSE for full details.