No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Brian Salcedo 27c0427ebb needed tpm/remoteip.conf, ssh_authorized_keys 1 year ago
tpm needed tpm/remoteip.conf, ssh_authorized_keys 1 year ago
.gitignore needed tpm/remoteip.conf, ssh_authorized_keys 1 year ago
Dockerfile initial commit 1 year ago
Makefile initial commit 1 year ago
README.md README punctuation lol? 1 year ago
build.sh needed tpm/remoteip.conf, ssh_authorized_keys 1 year ago
config.tf.dist initial commit 1 year ago
main.tf initial commit 1 year ago
networking.tf initial commit 1 year ago
security.tf initial commit 1 year ago

README.md

Team Password Manager on AWS & Cloudflare via Terraform

Deploy Team Password Manager on AWS EC2 via Terraform.

Prerequisites:

Just do the damn thing:

  1. copy config.tf.dist to config.tf
  2. edit config.tf (provide your AWS and Cloudflare API credentials)
  3. make

Details:

Once the Terraform Apply is complete, A CoreOS instance runs a systemd unit (included in the user-data created by build.sh) which builds and runs a container that, in turn, brings up the Team Password Manager stack via docker-compose. The two build-stage containers then vanish - along with their files - and the end result is three running containers:

  • tpm_proxy_1 - A Traefik container with automatic LetsEncrypt configured.
  • tpm_app_1 - The Team Password Manager application running in a custom build of php:7.0-apache
  • tpm_database_1 - MySQL database for the app (mariadb:latest)

The final three containers are configured to survive unexpected shutdowns or reboots. Application data persistance and ACME storage is provided through the creation of two docker volumes.

Security:

The AWS Security Group resource is in security.tf, which defaults to allowing only HTTP & HTTPS. No SSH keys are associated with the instance - thus it is inaccessible (except for the app).