This repository has been archived by the owner on Dec 17, 2024. It is now read-only.
Releases: skyscrapers/terraform-teleport
Releases · skyscrapers/terraform-teleport
New teleport-ecs module
Run teleport on ECS (#8) * Teleport ecs module * Bump LB module * Bump version of teleport * Generate proxy token to register to the auth servers * Fixes for logs + naming * Fixes for lb * Add DNS * Add description + DNS is optional * Enable the node service on auth and expose port 3022 * Add description to variables * Add readme * Tweak memory limits of containers I checked the test setup we run now and we use less than 10% of the memory. So I tweaked the memory consumption to that number to 128MB instead of 512MB * Add tsh entry * Use fixed port for auth server * Fix dns resource name * Don't advertise EC2 ip address for the proxy servers * Bump alb and nlb target groups module version * Refactor the whole teleport ecs module Now using an ELB in front of the proxy service * Switch ELB protocol to ssl instead of https so websockets work * Don't deploy proxy multiple times in the same instance, because of the fixed ports * Lock host port for auth server to overcome Teleport bug Aparently, as the auth server is also a node, it's reporting to the cluster with the EC2 host IP, so other nodes in the cluster use that IP to connect to auth * Parametrize teleport log severity setting * Add securitygroup rules * Added a cloudwatch logs container together with auth to ship audit logs And other format fixes * Make dynamodb table and region a variable for the iam permissions * Increase CPU reservation of teleport * Disable node on auth server * Fix readme header level * Update readme with recent changes in teleport-ecs module * Added further documentation for teleport-ecs module * Corrected some resource names in teleport-ecs module * Set default value for aws_region of iam-policy module * Use the same aws_region variable for all resources in teleport-ecs
2.2.1 Add general teleport config to the teleport-bootstrap module
We want to add the systemd service file and general config file of teleport to the module so that we can use it in other modules.
2.2.0
Instead of replacing inside a yaml file. Echo to a separate file that can be used as an systemd environment file.
Fix private IP fetch mechanism in bootstrap script
Use more robust way to get private ip in bootstrap script (#3) * Use more robust way to get private ip in bootstrap script Previously I was always using the interface eth0 to fetch the private IP, but not all instances use that interface name. This will use instance metadata if available, if not it will use a regular expression to extract the first private IP available. * Add comment in bootstrap script
Fix in bootstrap script module outupt
2.1.1 Fix bootstrap script output. Not a list
New teleport-bootstrap-script module
886b958
This commit was signed with the committer’s verified signature.
iuriaranda
iuri
2.1.0 Add - before the instance id in nodename
Allow nodes to access auth server through its public IP address
61888c1
This commit was signed with the committer’s verified signature.
iuriaranda
iuri
Allow nodes to connect to port 3025 to the world Right now nodes access the auth server through its public IP address will change back when they access it through its private address
Added missing rule for trusted clusters
7146044
This commit was signed with the committer’s verified signature.
iuriaranda
iuri
2.0.4 Added missing rule for trusted clusters reverse ssh tunnel
Add additional security group rules for trusted clusters
1231f4a
This commit was signed with the committer’s verified signature.
iuriaranda
iuri
2.0.3 Add rule for auth to connect to trusted clusters
Allow port 443 on bastion for LetsEncrypt
1c069e6
This commit was signed with the committer’s verified signature.
iuriaranda
iuri
2.0.2 letsencrypt standalone connects through 443