diff --git a/aws/multi_region/aws_key_pairs/README.md b/aws/multi_region/aws_key_pairs/README.md
new file mode 100644
index 0000000..8c1602b
--- /dev/null
+++ b/aws/multi_region/aws_key_pairs/README.md
@@ -0,0 +1,36 @@
+# ssh_keys
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | ~> 1.0 |
+| [tls](#requirement\_tls) | ~> 4.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [tls](#provider\_tls) | 4.0.4 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [tls_private_key.ssh_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [ssh\_key\_info](#output\_ssh\_key\_info) | SSH Keys for use with Kasm Deployment |
+
diff --git a/aws/multi_region/aws_key_pairs/main.tf b/aws/multi_region/aws_key_pairs/main.tf
new file mode 100644
index 0000000..8fb41c1
--- /dev/null
+++ b/aws/multi_region/aws_key_pairs/main.tf
@@ -0,0 +1,4 @@
+resource "aws_key_pair" "ssh_keys" {
+ key_name = "${var.project_name}-ssh-key"
+ public_key = var.ssh_authorized_keys
+}
\ No newline at end of file
diff --git a/aws/multi_region/aws_key_pairs/outputs.tf b/aws/multi_region/aws_key_pairs/outputs.tf
new file mode 100644
index 0000000..82e92c5
--- /dev/null
+++ b/aws/multi_region/aws_key_pairs/outputs.tf
@@ -0,0 +1,4 @@
+output "aws_key_pair_name" {
+ description = "The name of an aws keypair to use."
+ value = aws_key_pair.ssh_keys.key_name
+}
\ No newline at end of file
diff --git a/aws/multi_region/aws_key_pairs/providers.tf b/aws/multi_region/aws_key_pairs/providers.tf
new file mode 100644
index 0000000..a8d9277
--- /dev/null
+++ b/aws/multi_region/aws_key_pairs/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_version = "~> 1.0"
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+}
diff --git a/aws/multi_region/aws_key_pairs/variables.tf b/aws/multi_region/aws_key_pairs/variables.tf
new file mode 100644
index 0000000..6e7c1b4
--- /dev/null
+++ b/aws/multi_region/aws_key_pairs/variables.tf
@@ -0,0 +1,9 @@
+variable "ssh_authorized_keys" {
+ description = "The SSH Public Keys to be installed on the OCI compute instance"
+ type = string
+}
+
+variable "project_name" {
+ description = "The name of the deployment (e.g dev, staging). A short single word"
+ type = string
+}
\ No newline at end of file
diff --git a/aws/multi_region/deployment.tf b/aws/multi_region/deployment.tf
index 29c27f8..b0e5920 100644
--- a/aws/multi_region/deployment.tf
+++ b/aws/multi_region/deployment.tf
@@ -1,3 +1,14 @@
+###########################################################
+# Define SSH Keys to use for Deployment
+# This key pair will be replicated across each region below
+###########################################################
+module "ssh_keys" {
+ source = "./ssh_keys"
+
+ ssh_authorized_keys = var.ssh_authorized_keys
+ project_name = var.project_name
+}
+
###########################################################
# Define a primary region.
# This will house the Kasm Workspaces DB, and a set of
@@ -22,7 +33,7 @@ module "primary_region" {
admin_password = var.admin_password
manager_token = var.manager_token
service_registration_token = var.service_registration_token
- aws_key_pair = var.aws_key_pair
+ aws_key_pair = module.primary_aws_key_pairs.aws_key_pair_name
aws_domain_name = var.aws_domain_name
web_access_cidrs = var.web_access_cidrs
create_aws_ssm_iam_role = var.create_aws_ssm_iam_role
@@ -61,7 +72,7 @@ module "primary_region_webapps_and_agents" {
redis_password = var.redis_password
manager_token = var.manager_token
service_registration_token = var.service_registration_token
- aws_key_pair = var.aws_key_pair
+ aws_key_pair = module.primary_aws_key_pairs.aws_key_pair_name
kasm_db_ip = module.primary_region.kasm_db_ip
primary_vpc_id = module.primary_region.primary_vpc_id
certificate_arn = module.primary_region.certificate_arn
@@ -69,6 +80,12 @@ module "primary_region_webapps_and_agents" {
aws_ssm_instance_profile_name = var.aws_ssm_instance_profile_name
}
+module "primary_aws_key_pairs" {
+ source = "./aws_key_pairs"
+ ssh_authorized_keys = module.ssh_keys.ssh_public_key
+ project_name = var.project_name
+}
+
#####################################################################
#
# Add a webapp and agent module for each additional region desired.
@@ -84,6 +101,7 @@ module "region2_webapps" {
webapp_instance_type = var.webapp_instance_type
webapp_hdd_size_gb = var.webapp_hdd_size_gb
swap_size = var.swap_size
+ aws_key_pair = module.region2_aws_key_pairs.aws_key_pair_name
ec2_ami = var.primary_region_ec2_ami_id
webapp_subnet_ids = module.primary_region.webapp_subnet_ids
webapp_security_group_id = module.primary_region.webapp_security_group_id
@@ -94,7 +112,7 @@ module "region2_webapps" {
database_password = var.database_password
redis_password = var.redis_password
manager_token = var.manager_token
- aws_key_pair = var.aws_key_pair
+
kasm_db_ip = module.primary_region.kasm_db_ip
primary_vpc_id = module.primary_region.primary_vpc_id
certificate_arn = module.primary_region.certificate_arn
@@ -120,7 +138,7 @@ module "region2_agents" {
aws_domain_name = var.aws_domain_name
project_name = var.project_name
kasm_build = var.kasm_build
- aws_key_pair = var.aws_key_pair
+ aws_key_pair = module.region2_aws_key_pairs.aws_key_pair_name
manager_token = var.manager_token
service_registration_token = var.service_registration_token
aws_ssm_instance_profile_name = var.aws_ssm_instance_profile_name
@@ -131,6 +149,18 @@ module "region2_agents" {
}
}
+module "region2_aws_key_pairs" {
+ source = "./aws_key_pairs"
+
+ ssh_authorized_keys = module.ssh_keys.ssh_public_key
+ project_name = var.project_name
+
+ providers = {
+ aws = aws.region2
+ }
+}
+
+
#########################################################################
#
# Uncomment the below section and update the provider and the settings
@@ -158,7 +188,7 @@ module "region2_agents" {
# database_password = var.database_password
# redis_password = var.redis_password
# manager_token = var.manager_token
-# aws_key_pair = var.aws_key_pair
+# aws_key_pair = module.region2_aws_key_pairs
# kasm_db_ip = module.primary_region.kasm_db_ip
# primary_vpc_id = module.primary_region.primary_vpc_id
# certificate_arn = module.primary_region.certificate_arn
@@ -195,3 +225,14 @@ module "region2_agents" {
# aws = aws.region3
# }
# }
+
+# module "region3_aws_key_pairs" {
+# source = "./aws_key_pairs"
+
+# ssh_authorized_keys = module.ssh_keys.ssh_public_key
+# project_name = var.project_name
+
+# providers = {
+# aws = aws.region3
+# }
+# }
\ No newline at end of file
diff --git a/aws/multi_region/outputs.tf b/aws/multi_region/outputs.tf
index 776357b..0ff0b93 100644
--- a/aws/multi_region/outputs.tf
+++ b/aws/multi_region/outputs.tf
@@ -16,6 +16,10 @@ Proxy address: ${join("", slice(split("-", var.secondary_regio
ZONE
}
+output "ssh_keys" {
+ description = "SSH Keys to be used with your Kasm Deployment"
+ value = module.ssh_keys.ssh_key_info
+}
#########################################################################
#
# Uncomment the below section and update the provider and the settings
diff --git a/aws/multi_region/ssh_keys/README.md b/aws/multi_region/ssh_keys/README.md
new file mode 100644
index 0000000..8c1602b
--- /dev/null
+++ b/aws/multi_region/ssh_keys/README.md
@@ -0,0 +1,36 @@
+# ssh_keys
+
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | ~> 1.0 |
+| [tls](#requirement\_tls) | ~> 4.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [tls](#provider\_tls) | 4.0.4 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [tls_private_key.ssh_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [ssh\_key\_info](#output\_ssh\_key\_info) | SSH Keys for use with Kasm Deployment |
+
diff --git a/aws/multi_region/ssh_keys/main.tf b/aws/multi_region/ssh_keys/main.tf
new file mode 100644
index 0000000..859d1aa
--- /dev/null
+++ b/aws/multi_region/ssh_keys/main.tf
@@ -0,0 +1,4 @@
+resource "tls_private_key" "ssh_key" {
+ count = var.ssh_authorized_keys == "" ? 1 : 0
+ algorithm = "ED25519"
+}
diff --git a/aws/multi_region/ssh_keys/outputs.tf b/aws/multi_region/ssh_keys/outputs.tf
new file mode 100644
index 0000000..96ca61d
--- /dev/null
+++ b/aws/multi_region/ssh_keys/outputs.tf
@@ -0,0 +1,17 @@
+output "ssh_key_info" {
+ description = "SSH Keys for use with Kasm Deployment"
+ value = <<-SSHKEYS
+ SSH Keys:
+ %{if var.ssh_authorized_keys == ""}
+ Public Key: ${tls_private_key.ssh_key[0].public_key_openssh}
+ Private Key:
+ ${tls_private_key.ssh_key[0].private_key_openssh}
+ %{endif}
+ SSHKEYS
+}
+
+output "ssh_public_key" {
+ description = "The name of an aws keypair to use."
+ value = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
+
+}
\ No newline at end of file
diff --git a/aws/multi_region/ssh_keys/providers.tf b/aws/multi_region/ssh_keys/providers.tf
new file mode 100644
index 0000000..a93c06f
--- /dev/null
+++ b/aws/multi_region/ssh_keys/providers.tf
@@ -0,0 +1,13 @@
+terraform {
+ required_version = "~> 1.0"
+ required_providers {
+ tls = {
+ source = "hashicorp/tls"
+ version = "~> 4.0"
+ }
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+}
diff --git a/aws/multi_region/ssh_keys/variables.tf b/aws/multi_region/ssh_keys/variables.tf
new file mode 100644
index 0000000..6e7c1b4
--- /dev/null
+++ b/aws/multi_region/ssh_keys/variables.tf
@@ -0,0 +1,9 @@
+variable "ssh_authorized_keys" {
+ description = "The SSH Public Keys to be installed on the OCI compute instance"
+ type = string
+}
+
+variable "project_name" {
+ description = "The name of the deployment (e.g dev, staging). A short single word"
+ type = string
+}
\ No newline at end of file
diff --git a/aws/standard/deployment.tf b/aws/standard/deployment.tf
index 2a8c189..66d1abf 100644
--- a/aws/standard/deployment.tf
+++ b/aws/standard/deployment.tf
@@ -1,6 +1,5 @@
module "standard" {
source = "./module"
- aws_key_pair = var.aws_key_pair
aws_region = var.aws_region
aws_domain_name = var.aws_domain_name
project_name = var.project_name
@@ -23,6 +22,7 @@ module "standard" {
cpx_hdd_size_gb = var.cpx_hdd_size_gb
ec2_ami = var.ec2_ami_id
swap_size = var.swap_size
+ ssh_authorized_keys = var.ssh_authorized_keys
web_access_cidrs = var.web_access_cidrs
database_password = var.database_password
diff --git a/aws/standard/module/agent.tf b/aws/standard/module/agent.tf
index 045739b..f48219a 100644
--- a/aws/standard/module/agent.tf
+++ b/aws/standard/module/agent.tf
@@ -5,7 +5,7 @@ resource "aws_instance" "agent" {
instance_type = var.agent_instance_type
vpc_security_group_ids = [aws_security_group.agent.id]
subnet_id = aws_subnet.agent.id
- key_name = var.aws_key_pair
+ key_name = aws_key_pair.ssh_keys.key_name
iam_instance_profile = one(aws_iam_instance_profile.this[*].id)
associate_public_ip_address = true
diff --git a/aws/standard/module/db.tf b/aws/standard/module/db.tf
index 5bc6f56..89e88d5 100644
--- a/aws/standard/module/db.tf
+++ b/aws/standard/module/db.tf
@@ -3,7 +3,7 @@ resource "aws_instance" "db" {
instance_type = var.db_instance_type
vpc_security_group_ids = [aws_security_group.db.id]
subnet_id = aws_subnet.db.id
- key_name = var.aws_key_pair
+ key_name = aws_key_pair.ssh_keys.key_name
iam_instance_profile = one(aws_iam_instance_profile.this[*].id)
root_block_device {
diff --git a/aws/standard/module/guac_rdp.tf b/aws/standard/module/guac_rdp.tf
index d21f4ab..ac876be 100644
--- a/aws/standard/module/guac_rdp.tf
+++ b/aws/standard/module/guac_rdp.tf
@@ -5,7 +5,7 @@ resource "aws_instance" "cpx" {
instance_type = var.cpx_instance_type
vpc_security_group_ids = aws_security_group.cpx[*].id
subnet_id = one(aws_subnet.cpx[*].id)
- key_name = var.aws_key_pair
+ key_name = aws_key_pair.ssh_keys.key_name
iam_instance_profile = one(aws_iam_instance_profile.this[*].id)
root_block_device {
diff --git a/aws/standard/module/kms.tf b/aws/standard/module/kms.tf
new file mode 100644
index 0000000..831138b
--- /dev/null
+++ b/aws/standard/module/kms.tf
@@ -0,0 +1,4 @@
+resource "aws_key_pair" "ssh_keys" {
+ key_name = "${var.project_name}-ssh-key"
+ public_key = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
+}
\ No newline at end of file
diff --git a/aws/standard/module/provider.tf b/aws/standard/module/provider.tf
index d50a6bd..e67f361 100644
--- a/aws/standard/module/provider.tf
+++ b/aws/standard/module/provider.tf
@@ -6,5 +6,9 @@ terraform {
source = "hashicorp/aws"
version = "~> 5.0"
}
+ tls = {
+ source = "hashicorp/tls"
+ version = "~> 4.0"
+ }
}
}
diff --git a/aws/standard/module/ssh_keys.tf b/aws/standard/module/ssh_keys.tf
new file mode 100644
index 0000000..e7e0034
--- /dev/null
+++ b/aws/standard/module/ssh_keys.tf
@@ -0,0 +1,16 @@
+resource "tls_private_key" "ssh_key" {
+ count = var.ssh_authorized_keys == "" ? 1 : 0
+ algorithm = "ED25519"
+}
+
+output "ssh_key_info" {
+ description = "SSH Keys for use with Kasm Deployment"
+ value = <<-SSHKEYS
+ SSH Keys:
+ %{if var.ssh_authorized_keys == ""}
+ Public Key: ${tls_private_key.ssh_key[0].public_key_openssh}
+ Private Key:
+ ${tls_private_key.ssh_key[0].private_key_openssh}
+ %{endif}
+ SSHKEYS
+}
\ No newline at end of file
diff --git a/aws/standard/module/webapp.tf b/aws/standard/module/webapp.tf
index d29d35c..e00a3cf 100644
--- a/aws/standard/module/webapp.tf
+++ b/aws/standard/module/webapp.tf
@@ -5,7 +5,7 @@ resource "aws_instance" "webapp" {
instance_type = var.webapp_instance_type
vpc_security_group_ids = [aws_security_group.webapp.id]
subnet_id = aws_subnet.webapp[count.index].id
- key_name = var.aws_key_pair
+ key_name = aws_key_pair.ssh_keys.key_name
iam_instance_profile = one(aws_iam_instance_profile.this[*].id)
root_block_device {
diff --git a/aws/standard/output.tf b/aws/standard/output.tf
index f119c29..897d68e 100644
--- a/aws/standard/output.tf
+++ b/aws/standard/output.tf
@@ -5,3 +5,9 @@ Kam Zone configuration for zone: default
Upstream Auth address: ${var.aws_region}-private.${var.aws_domain_name}
ZONE
}
+
+output "ssh_key_info" {
+ description = "SSH Keys to use with Kasm Deployment"
+ value = module.standard.ssh_key_info
+ sensitive = true
+}
diff --git a/digitalocean/single_server/module/dns.tf b/digitalocean/single_server/module/dns.tf
index ec051c2..1a6cc6a 100644
--- a/digitalocean/single_server/module/dns.tf
+++ b/digitalocean/single_server/module/dns.tf
@@ -16,7 +16,7 @@ resource "digitalocean_record" "static" {
resource "digitalocean_certificate" "cert" {
name = "${var.project_name}-cert"
type = "lets_encrypt"
- domains = [digitalocean_domain.default.id]
+ domains = [digitalocean_domain.default.name]
lifecycle {
create_before_destroy = true
diff --git a/oci/single_server/deployment.tf b/oci/single_server/deployment.tf
index b4bf79e..3ca37eb 100644
--- a/oci/single_server/deployment.tf
+++ b/oci/single_server/deployment.tf
@@ -34,3 +34,9 @@ module "kasm" {
admin_password = var.admin_password
user_password = var.user_password
}
+
+output "ssh_key_info" {
+ description = "SSH Keys to use with Kasm Deployment"
+ value = module.standard.ssh_key_info
+ sensitive = true
+}
\ No newline at end of file
diff --git a/oci/single_server/module/instance.tf b/oci/single_server/module/instance.tf
index 578feed..d755ec7 100644
--- a/oci/single_server/module/instance.tf
+++ b/oci/single_server/module/instance.tf
@@ -24,7 +24,7 @@ resource "oci_core_instance" "kasm_instance" {
}
metadata = {
- ssh_authorized_keys = var.ssh_authorized_keys
+ ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
user_data = base64encode(templatefile("${path.module}/userdata/bootstrap.sh",
{
kasm_build_url = var.kasm_build_url
diff --git a/oci/single_server/module/ssh_keys.tf b/oci/single_server/module/ssh_keys.tf
new file mode 100644
index 0000000..e7e0034
--- /dev/null
+++ b/oci/single_server/module/ssh_keys.tf
@@ -0,0 +1,16 @@
+resource "tls_private_key" "ssh_key" {
+ count = var.ssh_authorized_keys == "" ? 1 : 0
+ algorithm = "ED25519"
+}
+
+output "ssh_key_info" {
+ description = "SSH Keys for use with Kasm Deployment"
+ value = <<-SSHKEYS
+ SSH Keys:
+ %{if var.ssh_authorized_keys == ""}
+ Public Key: ${tls_private_key.ssh_key[0].public_key_openssh}
+ Private Key:
+ ${tls_private_key.ssh_key[0].private_key_openssh}
+ %{endif}
+ SSHKEYS
+}
\ No newline at end of file
diff --git a/oci/standard/deployment.tf b/oci/standard/deployment.tf
index c36861b..8f2d55b 100644
--- a/oci/standard/deployment.tf
+++ b/oci/standard/deployment.tf
@@ -44,3 +44,9 @@ module "kasm" {
database_password = var.database_password
service_registration_token = var.service_registration_token
}
+
+output "ssh_key_info" {
+ description = "SSH Keys to use with Kasm Deployment"
+ value = module.standard.ssh_key_info
+ sensitive = true
+}
diff --git a/oci/standard/module/agent.tf b/oci/standard/module/agent.tf
index d23146b..3c8e76a 100644
--- a/oci/standard/module/agent.tf
+++ b/oci/standard/module/agent.tf
@@ -27,7 +27,7 @@ resource "oci_core_instance" "agent" {
metadata = {
- ssh_authorized_keys = var.ssh_authorized_keys
+ ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
user_data = base64encode(templatefile("${path.module}/userdata/agent_bootstrap.sh",
{
kasm_build_url = var.kasm_build_url
diff --git a/oci/standard/module/bastion.tf b/oci/standard/module/bastion.tf
index 214bd30..02d6663 100644
--- a/oci/standard/module/bastion.tf
+++ b/oci/standard/module/bastion.tf
@@ -25,6 +25,6 @@ resource "oci_core_instance" "bastion" {
}
metadata = {
- ssh_authorized_keys = var.ssh_authorized_keys
+ ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
}
}
diff --git a/oci/standard/module/cpx.tf b/oci/standard/module/cpx.tf
index 58ddc8c..cbd6f0f 100644
--- a/oci/standard/module/cpx.tf
+++ b/oci/standard/module/cpx.tf
@@ -27,7 +27,7 @@ resource "oci_core_instance" "cpx" {
metadata = {
- ssh_authorized_keys = var.ssh_authorized_keys
+ ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
user_data = base64encode(templatefile("${path.module}/userdata/cpx_bootstrap.sh",
{
kasm_build_url = var.kasm_build_url
diff --git a/oci/standard/module/db.tf b/oci/standard/module/db.tf
index 1c8694f..cc8be68 100644
--- a/oci/standard/module/db.tf
+++ b/oci/standard/module/db.tf
@@ -24,7 +24,7 @@ resource "oci_core_instance" "db" {
}
metadata = {
- ssh_authorized_keys = var.ssh_authorized_keys
+ ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
user_data = base64encode(templatefile("${path.module}/userdata/db_bootstrap.sh",
{
kasm_build_url = var.kasm_build_url
diff --git a/oci/standard/module/ssh_keys.tf b/oci/standard/module/ssh_keys.tf
new file mode 100644
index 0000000..e7e0034
--- /dev/null
+++ b/oci/standard/module/ssh_keys.tf
@@ -0,0 +1,16 @@
+resource "tls_private_key" "ssh_key" {
+ count = var.ssh_authorized_keys == "" ? 1 : 0
+ algorithm = "ED25519"
+}
+
+output "ssh_key_info" {
+ description = "SSH Keys for use with Kasm Deployment"
+ value = <<-SSHKEYS
+ SSH Keys:
+ %{if var.ssh_authorized_keys == ""}
+ Public Key: ${tls_private_key.ssh_key[0].public_key_openssh}
+ Private Key:
+ ${tls_private_key.ssh_key[0].private_key_openssh}
+ %{endif}
+ SSHKEYS
+}
\ No newline at end of file
diff --git a/oci/standard/module/webapp.tf b/oci/standard/module/webapp.tf
index b881218..eb99776 100644
--- a/oci/standard/module/webapp.tf
+++ b/oci/standard/module/webapp.tf
@@ -26,7 +26,7 @@ resource "oci_core_instance" "webapp" {
}
metadata = {
- ssh_authorized_keys = var.ssh_authorized_keys
+ ssh_authorized_keys = var.ssh_authorized_keys == "" ? tls_private_key.ssh_key[0].public_key_openssh : var.ssh_authorized_keys
user_data = base64encode(templatefile("${path.module}/userdata/webapp_bootstrap.sh",
{
kasm_build_url = var.kasm_build_url