A Terraform script to deploy a FortiGate-VM Cluster on AWS for Cross-AZ deployment
- Terraform >= 1.0
- Terraform Provider AWS 3.63.0
- Terraform Provider Template 2.2.0
Terraform deploys the following components:
- A AWS VPC with 8 subnets. 4 subnets in one AZ. 4 subnets in second AZ.
- Two FortiGate-VM (PAYG) instances with four NICs.
- Two Network Security Group rules: one for external, one for internal.
- Two Route tables: one for internal subnet and one for external subnet.
To deploy the FortiGate-VM to AWS:
- Clone the repository.
- Customize variables in the
terraform.tfvars.exampleandvariables.tffile as needed. And renameterraform.tfvars.exampletoterraform.tfvars.
Note
In the license_format variable, there are two different choices.
Either token or file. Token is FortiFlex token, and file is FortiGate-VM license file.
- Initialize the providers and modules:
$ cd XXXXX $ terraform init - Submit the Terraform plan:
$ terraform plan
- Verify output.
- Confirm and apply the plan:
$ terraform apply
- If output is satisfactory, type
yes.
Output will include the information necessary to log in to the FortiGate-VM instances:
Outputs:
FGTActiveMGMTPublicIP = <Active FGT Management Public IP>
FGTClusterPublicFQDN = <Cluster Public FQDN>
FGTClusterPublicIP = <Cluster Public IP>
FGTPassiveMGMTPublicIP = <Passive FGT Management Public IP>
Password = <FGT Password>
Username = <FGT admin>
To destroy the instance, use the command:
$ terraform destroyFortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services. For direct issues, please refer to the Issues tab of this GitHub project. For other questions related to this project, contact [email protected].
License © Fortinet Technologies. All rights reserved.