diff --git a/README.md b/README.md index 308661d..51c748a 100644 --- a/README.md +++ b/README.md @@ -139,9 +139,9 @@ To use an existing SSH key, set the keypair name (for AWS) or public key text (f ### Access to UI and API endpoints -By default inbound access to the UI and API endpoints of your deployment will be allowed from the public IP of executing host. +The optional variable `ingress_extra_cidrs_and_ports` in the `terraform.tvars` file defines the list of client IP allowed to access - via ssh and https - the UI and API endpoints of your deployment. -To add additional CIDRs or IP ranges, set the optional `ingress_extra_cidrs_and_ports` variable in the `terraform.tvars` file. +When commented, this variable defaults to current public IP of the terraform client. In case this IP is a leased one - hence that might change overtime - you can uncomment this variable and set additional CIDRs or IP ranges via the `ingress_extra_cidrs_and_ports` variable. ### Notes on AWS authentication diff --git a/aws/terraform.tfvars.template b/aws/terraform.tfvars.template index 77db42b..5435bcd 100644 --- a/aws/terraform.tfvars.template +++ b/aws/terraform.tfvars.template @@ -35,6 +35,7 @@ deployment_template = "" # Specify the deployment pattern below. O # aws_key_pair = "" # Set this to specify the name of a pre-existing AWS keypair, e.g. my-keypair # If required use the variable below for any additional CIDRs to add the the AWS Security Groups +# When commented UI and SSH access will be allowed only from the public IP of executing host. # ingress_extra_cidrs_and_ports = { # cidrs = ["/32", "/32"], # ports = [443, 22] diff --git a/azure/main.tf b/azure/main.tf index 905989b..c939833 100644 --- a/azure/main.tf +++ b/azure/main.tf @@ -43,6 +43,7 @@ terraform { } provider "azurerm" { + subscription_id = var.azure_subscription_id features { resource_group { prevent_deletion_if_contains_resources = false @@ -64,11 +65,12 @@ module "cdp_azure_prereqs" { ingress_extra_cidrs_and_ports = local.ingress_extra_cidrs_and_ports # Inputs for BYO-VNet - create_vnet = var.create_vnet - cdp_resourcegroup_name = var.cdp_resourcegroup_name - cdp_vnet_name = var.cdp_vnet_name - cdp_subnet_names = var.cdp_subnet_names - cdp_gw_subnet_names = var.cdp_gw_subnet_names + create_vnet = var.create_vnet + cdp_resourcegroup_name = var.cdp_resourcegroup_name + cdp_vnet_name = var.cdp_vnet_name + cdp_subnet_names = var.cdp_subnet_names + cdp_gw_subnet_names = var.cdp_gw_subnet_names + cdp_delegated_subnet_names = var.cdp_delegated_subnet_names # Tags to apply resources (omitted by default) env_tags = var.env_tags diff --git a/azure/terraform.tfvars.template b/azure/terraform.tfvars.template index ddd7698..dd13daf 100644 --- a/azure/terraform.tfvars.template +++ b/azure/terraform.tfvars.template @@ -35,7 +35,9 @@ deployment_template = "" # Specify the deployment pattern below. O # public_key_text = "" # Set this to specifiy an existing SSH public key text, e.g. ssh-rsa AAA.... + # If required use the variable below for any additional CIDRs to add the Azure Security Groups +# When commented UI and SSH access will be allowed only from the public IP of executing host. # ingress_extra_cidrs_and_ports = { # cidrs = ["/32", "/32"], # ports = [443, 22] @@ -49,4 +51,5 @@ deployment_template = "" # Specify the deployment pattern below. O # cdp_resourcegroup_name="" # Name of pre-existing Resource Group for CDP environment. Required if create_vnet is false # cdp_vnet_name="" # Name of pre-existing VNet for CDP environment. Required if create_vnet is false # cdp_subnet_names=["",""] # List of pre-existing subnet names for CDP resources. Required if create_vnet is false -# cdp_gw_subnet_names=[""] # List of pre-existing subnet names for CDP Gateway. Required if create_vnet is false. NOTE: Can be an empty list depending on deployment_template. \ No newline at end of file +# cdp_gw_subnet_names=[""] # List of pre-existing subnet names for CDP Gateway. Required if create_vnet is false. NOTE: Can be an empty list depending on deployment_template. +# cdp_delegated_subnet_names=[""] # List of pre-existing subnet names delegated for Postgres flexible servers. NOTE: Can be an empty list depending on deployment_template. \ No newline at end of file diff --git a/azure/variables.tf b/azure/variables.tf index ca3824c..ad60cd2 100644 --- a/azure/variables.tf +++ b/azure/variables.tf @@ -166,5 +166,12 @@ variable "cdp_gw_subnet_names" { type = list(any) description = "List of subnet names for CDP Gateway. Required if create_vnet is false." + default = null +} + +variable "cdp_delegated_subnet_names" { + type = list(any) + description = "List of subnet names delegated for Flexible Servers. Required if create_vnet is false." + default = null } \ No newline at end of file diff --git a/gcp/terraform.tfvars.template b/gcp/terraform.tfvars.template index eb3725e..07c66f4 100644 --- a/gcp/terraform.tfvars.template +++ b/gcp/terraform.tfvars.template @@ -39,6 +39,7 @@ deployment_template = "" # Specify the deployment pattern below. O # public_key_text = "" # Set this to specifiy an existing SSH public key text, e.g. ssh-rsa AAA.... # If required use the variable below for any additional CIDRs to add the GCP Security Groups +# When commented UI and SSH access will be allowed only from the public IP of executing host. # ingress_extra_cidrs_and_ports = { # cidrs = ["/32", "/32"], # ports = [443, 22]