Skip to content

Commit

Permalink
Sync aws Terraform module documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
pan-dev-content-sync-trigger[bot] authored Feb 14, 2024
1 parent 1433b54 commit a1a3cb4
Showing 1 changed file with 1 addition and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ Use a web browser to access https://x.x.x.x and login with admin and your previo
|------|-------------|------|---------|:--------:|
| <a name="input_global_tags"></a> [global\_tags](#input\_global\_tags) | Global tags configured for all provisioned resources | `map(any)` | `{}` | no |
| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | Prefix used in names for the resources (VPCs, EC2 instances, autoscaling groups etc.) | `string` | `""` | no |
| <a name="input_panoramas"></a> [panoramas](#input\_panoramas) | A map defining Panorama instances<br /><br />Following properties are available:<br />- `instances`: map of Panorama instances with attributes:<br /> - `az`: name of the Availability Zone<br /> - `private_ip_address`: private IP address for management interface<br />- `panos_version`: PAN-OS version used for Panorama<br />- `network`: definition of network settings in object with attributes:<br /> - `vpc`: name of the VPC (needs to be one of the keys in map `vpcs`)<br /> - `vpc_subnet`: key of the VPC and subnet connected by '-' character<br /> - `security_group`: security group assigned to ENI used by Panorama<br /> - `create_public_ip`: true, if public IP address for management should be created<br />- `ebs`: EBS settings defined in object with attributes:<br /> - `volumes`: list of EBS volumes attached to each instance<br /> - `kms_key_alias`: KMS key alias used for encrypting Panorama EBS<br />- `iam`: IAM settings in object with attrbiutes:<br /> - `create_role`: enable creation of IAM role<br /> - `role_name`: name of the role to create or use existing one<br />- `enable_imdsv2`: whether to enable IMDSv2 on the EC2 instance<br /><br />Example:<pre>{<br /> panorama\_ha\_pair = {<br /> instances = {<br /> "primary" = {<br /> az = "eu-central-1a"<br /> private\_ip\_address = "10.255.0.4"<br /> }<br /> "secondary" = {<br /> az = "eu-central-1b"<br /> private\_ip\_address = "10.255.1.4"<br /> }<br /> }<br /><br /> panos\_version = "10.2.3"<br /><br /> network = {<br /> vpc = "management\_vpc"<br /> vpc\_subnet = "management\_vpc-mgmt"<br /> security\_group = "panorama\_mgmt"<br /> create\_public\_ip = true<br /> }<br /><br /> ebs = {<br /> volumes = [<br /> {<br /> name = "ebs-1"<br /> ebs\_device\_name = "/dev/sdb"<br /> ebs\_size = "2000"<br /> ebs\_encrypted = true<br /> },<br /> {<br /> name = "ebs-2"<br /> ebs\_device\_name = "/dev/sdc"<br /> ebs\_size = "2000"<br /> ebs\_encrypted = true<br /> }<br /> ]<br /> kms\_key\_alias = "aws/ebs"<br /> }<br /><br /> iam = {<br /> create\_role = true<br /> role\_name = "panorama"<br /> }<br /><br /> enable\_imdsv2 = false<br /> }<br />}</pre> | <pre>map(object({<br /> instances = map(object({<br /> az = string<br /> private\_ip\_address = string<br /> }))<br /><br /> panos\_version = string<br /><br /> network = object({<br /> vpc = string<br /> vpc\_subnet = string<br /> security\_group = string<br /> create\_public\_ip = bool<br /> })<br /><br /> ebs = object({<br /> volumes = list(object({<br /> name = string<br /> ebs\_device\_name = string<br /> ebs\_size = string<br /> ebs\_encrypted = bool<br /> }))<br /> kms\_key\_alias = string<br /> })<br /><br /> iam = object({<br /> create\_role = bool<br /> role\_name = string<br /> })<br /><br /> enable\_imdsv2 = bool<br /> }))</pre> | `{}` | no |
| <a name="input_panoramas"></a> [panoramas](#input\_panoramas) | A map defining Panorama instances<br /><br />Following properties are available:<br />- `instances`: map of Panorama instances with attributes:<br /> - `az`: name of the Availability Zone<br /> - `private_ip_address`: private IP address for management interface<br />- `panos_version`: PAN-OS version used for Panorama<br />- `network`: definition of network settings in object with attributes:<br /> - `vpc`: name of the VPC (needs to be one of the keys in map `vpcs`)<br /> - `vpc_subnet`: key of the VPC and subnet connected by '-' character<br /> - `security_group`: security group assigned to ENI used by Panorama<br /> - `create_public_ip`: true, if public IP address for management should be created<br />- `ebs`: EBS settings defined in object with attributes:<br /> - `volumes`: list of EBS volumes attached to each instance<br /> - `kms_key_alias`: KMS key alias used for encrypting Panorama EBS<br />- `iam`: IAM settings in object with attrbiutes:<br /> - `create_role`: enable creation of IAM role<br /> - `role_name`: name of the role to create or use existing one<br />- `enable_imdsv2`: whether to enable IMDSv2 on the EC2 instance<br /><br />Example:<pre>{<br /> panorama\_ha\_pair = {<br /> instances = {<br /> "primary" = {<br /> az = "eu-central-1a"<br /> private\_ip\_address = "10.255.0.4"<br /> }<br /> "secondary" = {<br /> az = "eu-central-1b"<br /> private\_ip\_address = "10.255.1.4"<br /> }<br /> }<br /><br /> panos\_version = "10.2.3"<br /><br /> network = {<br /> vpc = "management\_vpc"<br /> vpc\_subnet = "management\_vpc-mgmt"<br /> security\_group = "panorama\_mgmt"<br /> create\_public\_ip = true<br /> }<br /><br /> ebs = {<br /> volumes = [<br /> {<br /> name = "ebs-1"<br /> ebs\_device\_name = "/dev/sdb"<br /> ebs\_size = "2000"<br /> ebs\_encrypted = true<br /> },<br /> {<br /> name = "ebs-2"<br /> ebs\_device\_name = "/dev/sdc"<br /> ebs\_size = "2000"<br /> ebs\_encrypted = true<br /> }<br /> ]<br /> kms\_key\_alias = "aws/ebs"<br /> }<br /><br /> iam = {<br /> create\_role = true<br /> role\_name = "panorama"<br /> }<br /><br /> enable\_imdsv2 = false<br /> }<br />}</pre> | <pre>map(object({<br /> instances = map(object({<br /> az = string<br /> private\_ip\_address = string<br /> }))<br /><br /> panos\_version = string<br /><br /> network = object({<br /> vpc = string<br /> vpc\_subnet = string<br /> security\_group = string<br /> create\_public\_ip = bool<br /> })<br /><br /> ebs = object({<br /> volumes = list(object({<br /> name = string<br /> ebs\_device\_name = string<br /> ebs\_size = string<br /> }))<br /> encrypted = bool<br /> kms\_key\_alias = string<br /> })<br /><br /> iam = object({<br /> create\_role = bool<br /> role\_name = string<br /> })<br /><br /> enable\_imdsv2 = bool<br /> }))</pre> | `{}` | no |
| <a name="input_region"></a> [region](#input\_region) | AWS region used to deploy whole infrastructure | `string` | n/a | yes |
| <a name="input_ssh_key_name"></a> [ssh\_key\_name](#input\_ssh\_key\_name) | Name of the SSH key pair existing in AWS key pairs and used to authenticate to VM-Series or test boxes | `string` | n/a | yes |
| <a name="input_vpcs"></a> [vpcs](#input\_vpcs) | A map defining VPCs with security groups and subnets.<br /><br />Following properties are available:<br />- `name`: VPC name<br />- `cidr`: CIDR for VPC<br />- `security_groups`: map of security groups<br />- `subnets`: map of subnets with properties:<br /> - `az`: availability zone<br /> - `set`: internal identifier referenced by main.tf<br />- `routes`: map of routes with properties:<br /> - `vpc_subnet`: built from key of VPCs concatenate with `-` and key of subnet in format: `VPCKEY-SUBNETKEY`<br /> - `to_cidr`: destination IP range<br /> - `next_hop_key`: must match keys use to create TGW attachment, IGW, GWLB endpoint or other resources<br /> - `next_hop_type`: internet\_gateway, nat\_gateway, transit\_gateway\_attachment or gwlbe\_endpoint<br /><br />Example:<pre>{<br /> security\_vpc = {<br /> name = "security-vpc"<br /> cidr = "10.100.0.0/16"<br /> security\_groups = {<br /> panorama\_mgmt = {<br /> name = "panorama\_mgmt"<br /> rules = {<br /> all\_outbound = {<br /> description = "Permit All traffic outbound"<br /> type = "egress", from\_port = "0", to\_port = "0", protocol = "-1"<br /> cidr\_blocks = ["0.0.0.0/0"]<br /> }<br /> https = {<br /> description = "Permit HTTPS"<br /> type = "ingress", from\_port = "443", to\_port = "443", protocol = "tcp"<br /> cidr\_blocks = ["130.41.247.0/24"]<br /> }<br /> ssh = {<br /> description = "Permit SSH"<br /> type = "ingress", from\_port = "22", to\_port = "22", protocol = "tcp"<br /> cidr\_blocks = ["130.41.247.0/24"]<br /> }<br /> }<br /> }<br /> }<br /> subnets = {<br /> "10.100.0.0/24" = { az = "eu-central-1a", set = "mgmt" }<br /> "10.100.64.0/24" = { az = "eu-central-1b", set = "mgmt" }<br /> }<br /> routes = {<br /> mgmt\_default = {<br /> vpc\_subnet = "security\_vpc-mgmt"<br /> to\_cidr = "0.0.0.0/0"<br /> next\_hop\_key = "security\_vpc"<br /> next\_hop\_type = "internet\_gateway"<br /> }<br /> }<br /> }<br />}</pre> | <pre>map(object({<br /> name = string<br /> cidr = string<br /> security\_groups = any<br /> subnets = map(object({<br /> az = string<br /> set = string<br /> }))<br /> routes = map(object({<br /> vpc\_subnet = string<br /> to\_cidr = string<br /> next\_hop\_key = string<br /> next\_hop\_type = string<br /> }))<br /> }))</pre> | `{}` | no |
Expand Down

0 comments on commit a1a3cb4

Please sign in to comment.