-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathoutputs.tf
executable file
·73 lines (54 loc) · 3.2 KB
/
outputs.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
locals {
testbedconfig = <<TB
***Disclaimer***
By default, these templates store two critical files to the "examples" directory. DO NOT delete/lose these files:
1. Terraform State file (terraform.tfstate) - Terraform must store state about your managed infrastructure and configuration.
This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.
Terraform uses state to determine which changes to make to your infrastructure.
Prior to any operation, Terraform does a refresh to update the state with the real infrastructure.
If this file is missing, you will NOT be able to make incremental changes to the environment resources without first importing state back to terraform manually.
2. SSH Private Key (.pem) file - Zscaler templates will attempt to create a new local private/public key pair for VM access (if a pre-existing one is not specified).
You (and subsequently Zscaler) will NOT be able to remotely access these VMs once deployed without valid SSH access.
***Disclaimer***
1) Copy the SSH key to the bastion host
scp -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ${var.name_prefix}-key-${random_string.suffix.result}.pem ec2-user@${module.bastion.public_dns}:/home/ec2-user/.
2) SSH to the bastion host
ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ec2-user@${module.bastion.public_dns}
3) SSH to the Cloud Connectors
ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem zsroot@<< CC mgmt IP >> -o "proxycommand ssh -W %h:%p -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ec2-user@${module.bastion.public_dns}"
Note: Due to the dynamic nature of autoscaling groups, you will need to login to the AWS console and identify the mgmt IP (network interface device index #1) for each CC deployed and insert into the above command replacing "<< CC mgmt IP >>"
Note: You can also login to the Cloud Connectors directly from the AWS Console via Session Manager.
4) SSH to the server host
ssh -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ec2-user@${module.workload.private_ip[0]} -o "proxycommand ssh -W %h:%p -i ${var.name_prefix}-key-${random_string.suffix.result}.pem ec2-user@${module.bastion.public_dns}"
All Workload IPs. Replace private IP below with ec2-user@"ip address" in ssh example command above.
${join("\n", module.workload.private_ip)}
VPC:
${module.network.vpc_id}
All CC AZs:
${join("\n", module.cc_asg.availability_zone)}
All NAT GW IPs:
${join("\n", module.network.nat_gateway_ips)}
GWLB Endpoint Service Name:
${module.gwlb_endpoint.vpce_service_name}
GWLB Endpoint Service ARN:
${module.gwlb_endpoint.vpce_service_arn}
All GWLB Endpoint IDs:
${join("\n", module.gwlb_endpoint.gwlbe)}
GWLB:
${module.gwlb.gwlb_arn}
All CC IAM Role ARNs:
${join("\n", module.cc_iam.iam_instance_profile_arn)}
All Autoscaling Group IDs:
${join("\n", module.cc_asg.autoscaling_group_ids)}
Launch Template ID:
${module.cc_asg.launch_template_id}
TB
}
output "testbedconfig" {
description = "AWS Testbed results"
value = local.testbedconfig
}
resource "local_file" "testbed" {
content = local.testbedconfig
filename = "../testbed.txt"
}