This project runs terraform module to setup ISE VPC infrastructure on AWS
- Terraform >= 1.0.0
- AWS CLIv2
-
To install terraform, follow the instructions as per your operating system - Install Terraform
-
To install AWS CLIv2, follow the instructions mentioned here - Install AWS CLIv2
-
To configure and allow access to AWS account, create IAM user with least privilege access policy- create terraform-iam-policy
For more comprehensive information on configuring Identity and Access Management You can find detailed guidance here
-
create a Programmatic Access Key (AWS Access key and Secret key). Follow this document to manage access keys - How to manage aws access keys
Run aws configure as below and enter the access and secret keys.
aws configure
AWS Access Key ID [*******************]: <Enter access key>
AWS Secret Access Key [********************]: <Enter secret key>
Default region name [us-east-2]:
Before running terraform modules, follow below steps
-
Setup SSH for git, follow this documentation - How to setup SSH for git
-
It is mandatory to create a s3 bucket beforehand to store terraform backend state files which needs to be referenced in below terraform init command. Storing terraform state files in s3 provides enhanced collaboration, security and durability over keeping state files locally
- Existing s3 bucket can be used to store the backend files. If you want to create a new bucket, Refer this documentation - How to create a s3 bucket
- After creating s3 bucket, make sure to update the bucket name in the least privilege access policy
Clone this git repo by using below this command
git clone https://github3.cisco.com/techops-operation/ise_launch_template-terraform-aws-vpc.git
Please refer Below "Inputs" section and update the terraform.tfvars as per requirement. Once updated, run below commands to deploy the VPC stack
terraform init --upgrade \
-backend-config="bucket=<bucket_name>" \ # Specify the s3 bucket name created in prerequisites - step 2
-backend-config="region=<bucket_region>" \ # Specify the s3 bucket region e.g., us-east-1 for N. Virginia
-reconfigure
terraform plan
terraform apply
Type 'yes' when prompted after running terraform apply
This deployment takes approx 10 minutes to deploy.
| Name | Description | Type | Default |
|---|---|---|---|
| availability_zones | List of availability zones | list(string) |
[ |
| aws_region | AWS region | string |
"us-east-2" |
| create_eips | Create Elastic IPs for NAT Gateways | bool |
true |
| create_nat_gateways | Create NAT Gateways for public subnets | bool |
true |
| dhcp_domain_name | Domain name for DHCP options | string |
"ec2.internal" |
| dhcp_options_domain_name | Domain name for DHCP options | string |
"example.com" |
| domain_name_servers | List of DNS servers to use | list(string) |
[ |
| enable_dns_hostnames | Whether to enable DNS hostnames for the VPC | bool |
true |
| enable_dns_support | Whether to enable DNS support for the VPC | bool |
true |
| internet_gateway_name | Name tag for the Internet Gateway | string |
"Cisco_ISE_IGW" |
| ntp_servers | List of NTP servers to use | list(string) |
[ |
| private_subnet_cidrs | List of CIDR blocks for private subnets | list(string) |
[ |
| public_subnet_cidrs | List of CIDR blocks for public subnets | list(string) |
[ |
| region | AWS region for the resources | string |
"us-east-2" |
| vpc_cidr | CIDR block for the VPC | string |
"10.0.0.0/16" |
| vpc_name | Name tag for the VPC | string |
"cisco_ise" |
| Name | Description |
|---|---|
| dhcp_options_id | The ID of the DHCP Options |
| internet_gateway_id | The ID of the Internet Gateway |
| nat_eip_ids | The IDs of the NAT Elastic IPs |
| nat_gateway_ids | The IDs of the NAT Gateways |
| private_route_table_ids | The IDs of the private subnet route tables |
| private_subnet_ids | The IDs of the private subnets |
| public_route_table_id | The ID of the public subnet route table |
| public_subnet_ids | The IDs of the public subnets |
| random_string_value | Randomly generated string |
| s3_vpc_endpoint_id | The ID of the S3 VPC Endpoint |
| vpc_id | The ID of the VPC |
To destroy the ISE infrastructure resources created by this module, run below commands.
NOTE:
Manual changes/resource creation outside this terrform module will not be tracked in the terraform state and cause issues if user needs to upgrade/destory the deployed stack. Please avoid manual changes.
If still manual changes are needed then please keep a note of changes, revert them before making any upgrade or destroy.
terraform destroy -plan
terraform destroy
To know more about the destroy command, please refer this terraform destroy page
If you encounter issues with the terraform destroy command, attempt to run the command again. Additionally, you can track the resources managed by Terraform using the following command
terraform state list