UIS Traffic Manager mTLS module
This module is a standard terraform template for identifying the UIS traffic manager within GCP and enforcing that traffic is only allowed to originate from the traffic manager.
Requirements
This repository uses pre-commit so ensure that pre-commit is installed and hooks are enabled for this repository via:
pre-commit installUsage
Usage is fairly simple. The only mandatory variable is project.
Examples below:
module "uis_traffic_manager_mtls" {
source = "gitlab.developers.cam.ac.uk/uis/uis-traffic-manager-mtls/devops"
version = "~> 1.0"
project = local.project
}Additionally the following options can be provided:
-
name: Prefix for resources' names. Default is 'uis-traffic-manager'. -
uis_traffic_manager_ips: A list of IP addresses of the UIS Traffic Manager. Only provided IPs will be allowed. -
pem_certificate_path: Path to the PEM certificate file
module "uis_traffic_manager_mtls" {
source = "gitlab.developers.cam.ac.uk/uis/uis-traffic-manager-mtls/devops"
version = "~> 1.0"
project = local.project
name = "my-prefix"
uis_traffic_manager_ips = ["x.x.x.x", "y.y.y.y"]
pem_certificate_path = "./my-cert.pem"
}The module returns two "outputs":
-
security_policy_id: ID of created resourse of typegoogle_compute_security_policy -
server_tls_policy_id: ID of created resourse of typeserver_tls_policy_id
The outputs can be used later in load balancer configuration or anywhere required.