kasm-terraform/aws/standard/module/README.md

module

Requirements

Name	Version
terraform	~> 1.0
aws	~> 5.0

Providers

Name	Version
aws	5.36.0

Modules

No modules.

Resources

Name	Type
aws_acm_certificate.this	resource
aws_acm_certificate_validation.this	resource
aws_eip.this	resource
aws_iam_instance_profile.this	resource
aws_iam_role.this	resource
aws_iam_role_policy_attachment.this	resource
aws_instance.agent	resource
aws_instance.cpx	resource
aws_instance.db	resource
aws_instance.webapp	resource
aws_internet_gateway.this	resource
aws_lb.private	resource
aws_lb.public	resource
aws_lb_listener.http	resource
aws_lb_listener.https	resource
aws_lb_listener.private	resource
aws_lb_target_group.private	resource
aws_lb_target_group.public	resource
aws_lb_target_group_attachment.private	resource
aws_lb_target_group_attachment.public	resource
aws_nat_gateway.this	resource
aws_route53_health_check.kasm-elb-hc	resource
aws_route53_record.private	resource
aws_route53_record.public	resource
aws_route53_record.this	resource
aws_route_table.ig	resource
aws_route_table.nat	resource
aws_route_table_association.agent	resource
aws_route_table_association.alb	resource
aws_route_table_association.cpx	resource
aws_route_table_association.db	resource
aws_route_table_association.webapp	resource
aws_route_table_association.windows	resource
aws_s3_bucket.this	resource
aws_s3_bucket_policy.this	resource
aws_s3_bucket_public_access_block.this	resource
aws_s3_bucket_server_side_encryption_configuration.this	resource
aws_security_group.agent	resource
aws_security_group.cpx	resource
aws_security_group.db	resource
aws_security_group.private_lb	resource
aws_security_group.public_lb	resource
aws_security_group.webapp	resource
aws_security_group.windows	resource
aws_security_group_rule.agent	resource
aws_security_group_rule.agent_egress	resource
aws_security_group_rule.cpx	resource
aws_security_group_rule.cpx_egress	resource
aws_security_group_rule.db	resource
aws_security_group_rule.db_egress	resource
aws_security_group_rule.private_lb_agent	resource
aws_security_group_rule.private_lb_cpx	resource
aws_security_group_rule.private_lb_egress	resource
aws_security_group_rule.private_lb_windows	resource
aws_security_group_rule.public_lb_egress	resource
aws_security_group_rule.public_lb_ingress	resource
aws_security_group_rule.webapp_agent_ingress	resource
aws_security_group_rule.webapp_cpx	resource
aws_security_group_rule.webapp_egress	resource
aws_security_group_rule.webapp_private_lb_ingress	resource
aws_security_group_rule.webapp_public_lb_ingress	resource
aws_security_group_rule.webapp_windows	resource
aws_security_group_rule.windows	resource
aws_security_group_rule.windows_egress	resource
aws_subnet.agent	resource
aws_subnet.alb	resource
aws_subnet.cpx	resource
aws_subnet.db	resource
aws_subnet.webapp	resource
aws_subnet.windows	resource
aws_vpc.this	resource
aws_availability_zones.available	data source
aws_elb_service_account.main	data source
aws_iam_policy_document.this	data source
aws_route53_zone.this	data source

Inputs

Name	Description	Type	Default	Required
admin_password	The administrative user password. No special characters	string	n/a	yes
agent_hdd_size_gb	The HDD size for Kasm Agent nodes	number	n/a	yes
agent_instance_type	The instance type for the Agents	string	"t3.medium"	no
agent_security_rules	A map of objects of security rules to apply to the Kasm WebApp server	map(object({ from_port = number to_port = number protocol = string }))	{ "https": { "from_port": 443, "protocol": "tcp", "to_port": 443 } }	no
anywhere	Anywhere route subnet	string	"0.0.0.0/0"	no
aws_domain_name	The Route53 Zone used for the dns entries. This must already exist in the AWS account. (e.g dev.kasm.contoso.com). The deployment will be accessed via this zone name via https	string	n/a	yes
aws_key_pair	The name of an aws keypair to use.	string	n/a	yes
aws_region	The AWS region for the deployment. (e.g us-east-1)	string	n/a	yes
aws_ssm_iam_role_name	The name of the SSM EC2 role to associate with Kasm VMs for SSH access	string	""	no
aws_ssm_instance_profile_name	The name of the SSM EC2 Instance Profile to associate with Kasm VMs for SSH access	string	""	no
cpx_hdd_size_gb	The HDD size for Kasm Guac RDP nodes	number	n/a	yes
cpx_instance_type	The instance type for the cpxamole RDP nodes	string	"t3.medium"	no
cpx_security_rules	A map of objects of security rules to apply to the Kasm Connection Proxy server	map(object({ from_port = number to_port = number protocol = string }))	{ "https": { "from_port": 443, "protocol": "tcp", "to_port": 443 } }	no
create_aws_ssm_iam_role	Create an AWS SSM IAM role to attach to VMs for SSH/console access to VMs.	bool	false	no
database_password	The password for the database. No special characters	string	n/a	yes
db_hdd_size_gb	The HDD size for Kasm DB	number	n/a	yes
db_instance_type	The instance type for the Database	string	"t3.small"	no
db_security_rules	A map of objects of security rules to apply to the Kasm DB	map(object({ from_port = number to_port = number protocol = string }))	{ "postgres": { "from_port": 5432, "protocol": "tcp", "to_port": 5432 } }	no
default_egress	Default egress security rule for all security groups	map(object({ from_port = number to_port = number protocol = string cidr_subnets = list(string) }))	{ "all": { "cidr_subnets": [ "0.0.0.0/0" ], "from_port": 0, "protocol": "-1", "to_port": 0 } }	no
ec2_ami	The AMI used for the EC2 nodes. Recommended Ubuntu 20.04 LTS.	string	n/a	yes
kasm_build	The URL for the Kasm Workspaces build	string	n/a	yes
kasm_zone_name	A name given to the kasm deployment Zone	string	"default"	no
manager_token	The manager token value for Agents to authenticate to webapps. No special characters	string	n/a	yes
num_agents	The number of Agent Role Servers to create in the deployment	number	2	no
num_cpx_nodes	The number of cpx RDP Role Servers to create in the deployment	number	2	no
num_webapps	The number of WebApp role servers to create in the deployment	number	2	no
private_lb_security_rules	A map of objects of security rules to apply to the Private ALB	map(object({ from_port = number to_port = number protocol = string }))	{ "https": { "from_port": 443, "protocol": "tcp", "to_port": 443 } }	no
project_name	The name of the deployment (e.g dev, staging). A short single word	string	n/a	yes
public_lb_security_rules	A map of objects of security rules to apply to the Public ALB	map(object({ from_port = number to_port = number protocol = string }))	{ "http": { "from_port": 80, "protocol": "tcp", "to_port": 80 }, "https": { "from_port": 443, "protocol": "tcp", "to_port": 443 } }	no
service_registration_token	The service registration token value for cpx RDP servers to authenticate to webapps. No special characters	string	n/a	yes
swap_size	The amount of swap (in MB) to configure inside the compute instances	number	n/a	yes
user_password	The standard (non administrator) user password. No special characters	string	n/a	yes
vpc_subnet_cidr	The subnet CIDR to use for the VPC	string	"10.0.0.0/16"	no
web_access_cidrs	CIDR notation of the bastion host allowed to SSH in to the machines	list(string)	[ "0.0.0.0/0" ]	no
webapp_hdd_size_gb	The HDD size for Kasm Webapp nodes	number	n/a	yes
webapp_instance_type	The instance type for the webapps	string	"t3.small"	no
webapp_security_rules	A map of objects of security rules to apply to the Kasm WebApp server	object({ from_port = number to_port = number protocol = string })	{ "from_port": 443, "protocol": "tcp", "to_port": 443 }	no
windows_security_rules	A map of objects of security rules to apply to the Kasm Windows VMs	map(object({ from_port = number to_port = number protocol = string }))	{ "cpx_api": { "from_port": 4902, "protocol": "tcp", "to_port": 4902 }, "cpx_rdp": { "from_port": 3389, "protocol": "tcp", "to_port": 3389 }, "webapp_api": { "from_port": 4902, "protocol": "tcp", "to_port": 4902 } }	no

Outputs

No outputs.