HashiCorp Boundary is a secure and efficient way to access distributed infrastructure. It provides secure access to SSH, RDP, and HTTP(S) resources, without the need for VPNs or exposing the infrastructure to the public internet.
This README file explains how to set up a multi-hop deployment using Boundary as discussed in my blog post: https://medium.com/hashicorp-engineering/hcp-boundary-multi-hop-deployment-with-terraform-174a5d046410
Boundary allows for secure access to resources across multiple networks and environments. A multi-hop deployment can be set up to allow users to access resources in a private network, without exposing that network to the Internet. The multi-hop deployment in this repo has been setup as follows:
- Configure HCP Boundary.
- Deploy a Boundary Ingress Worker in a public network.
- Deploy a Boundary Egress Worker in a private network.
- Establish a connection between the Boundary Controller and the Boundary Workers.
- Deploy a server instance in a private subnet.
- Configure Boundary to allow access to resources in the private network.
Your HCP Boundary Cluster needs to be created prior to executing the Terraform code. For people new to HCP, a trial can be utilised, which will give $50 credit to try, which is ample to test this solution.
With this setup, users can securely access resources in the private network without needing to connect directly to the network, or expose resources publicly to the Internet
The following tfvars variables have been defined in a terraform.tfvars file.
-
boundary_addr
: The HCP Boundary address, e.g. "https://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.boundary.hashicorp. cloud" -
auth_method_id
: "ampw_xxxxxxxxxx" -
password_auth_method_login_name
: = "" -
password_auth_method_password
: = "" -
private_vpc_cidr
: = "" -
private_subnet_cidr
: = "" -
aws_vpc_cidr
: = "" -
aws_subnet_cidr
: = "" -
aws_access
: = "" -
aws_secret
: = ""