FAQ | This is a LIVE service | Changelog

Skip to content
Snippets Groups Projects
user avatar
UIS DevOps Renovate Bot authored
dac9b380
History

UIS Traffic Manager mTLS module

This module is a standard terraform template for identifying the UIS traffic manager within GCP and enforcing that traffic is only allowed to originate from the traffic manager.

Requirements

This repository uses pre-commit so ensure that pre-commit is installed and hooks are enabled for this repository via:

pre-commit install

Usage

Usage is fairly simple. The only mandatory variable is project. Examples below:

module "uis_traffic_manager_mtls" {
  source  = "gitlab.developers.cam.ac.uk/uis/uis-traffic-manager-mtls/devops"
  version = "~> 1.0"

  project = local.project
}

Additionally the following options can be provided:

  • name: Prefix for resources' names. Default is 'uis-traffic-manager'.
  • uis_traffic_manager_ips: A list of IP addresses of the UIS Traffic Manager. Only provided IPs will be allowed.
  • pem_certificate_path: Path to the PEM certificate file
module "uis_traffic_manager_mtls" {
  source  = "gitlab.developers.cam.ac.uk/uis/uis-traffic-manager-mtls/devops"
  version = "~> 1.0"

  project = local.project

  name = "my-prefix"

  uis_traffic_manager_ips = ["x.x.x.x", "y.y.y.y"]
  pem_certificate_path    = "./my-cert.pem"
}

The module returns two "outputs":

  • security_policy_id: ID of created resourse of type google_compute_security_policy
  • server_tls_policy_id: ID of created resourse of type server_tls_policy_id

The outputs can be used later in load balancer configuration or anywhere required.