diff --git a/README.md b/README.md index b9413e4d..68a9be8f 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ edb-terraform generate \ --infra-file edb-terraform/docs/examples/aws/edb-ra-3.yml cd example terraform init -terraform apply +terraform apply -var "force_dynamic_ip=true" terraform destroy ``` @@ -219,3 +219,57 @@ edb-terraform setup ├── terraform.tfvars.json # Automatically detected Terraform variables. Original values under `edb-terraform/terraform.tfvars.yml` └── common_vars.tf # Terraform placeholder variables used by all providers ``` + +## Configurations +Each provider has a: +- set of example configurations available under the docs directory. +- spec object within `variables.tf` of its specification module. + +AWS +- [spec](./edbterraform/data/terraform/aws/modules/specification/variables.tf) +- [examples](./docs/examples/aws/machines-v2.yml) + +Azure +- [spec](./edbterraform/data/terraform/azure/modules/specification/variables.tf) +- [examples](./docs/examples/azure/machines-v2.yml) + +GCloud +- [spec](./edbterraform/data/terraform/gcloud/modules/specification/variables.tf) +- [examples](./docs/examples/gcloud/machines-v2.yml) + +### Networking +By default, there are 4 `defaults` availabe when defining ports: +- `public` - ports for publics access +- `service` - ports for limited access +- `internal` - ports for all internal access +- `""` - ports without defaults (Default) + +When defining `service` ports, +users can use 2 variables to dynamically update the allowed ips on top of adding values under the `cidrs` key. +This is meant for single time use and in most cases you should set the expected cidr ranges. +- `service_cidrblocks` - a list of cidrblocks for service access. +- `force_dynamic_ip` - use an http endpoint to get the current public ip and appended to service_cidrblocks. + +> :warning: +> Policy rules might block generic rules such as `0.0.0.0/0`, +> which is often used by users with changing ips. +> This can cause unexpected ssh errors since resources are available before policies are applied. +> If possible, make use of a jump host to have a set of persistent ips. +> Otherwise, make use of the `force_dynamic_ip` or `service_cidrblocks` options to dynamically set service ips. + +> :warning: +> Only AWS supports security groups, which allows for more flexibility with port configurations. +> We mimic the functionality of security groups for Azure and GCloud to allow ports to be defined per instance. + +### Environment variables +Terraform allows for top-level variables to be defined with cli arguments or environment variables. + +For any variable you can define: +- Environment variables for all stages: `TF_VAR_ARGS=` +- Environment variables for a targetted stage: `TF_VAR_ARGS_=` +- Environment variables for root variables: `TF_VAR_=` +- CLI Arguments for root variables: `-var =` + +Example variable: +- `TF_VAR_force_dynamic_ip=true` is the same as `-var force_dynamic_ip=true` +- `TF_VAR_service_cidrblocks='["0.0.0.0/0"]'`