CDO’s Terraform provider allows customers to automate the management of their CDO infrastructure. You can use it to onboard and manage devices, users, and other resources across their CDO environment.
For example, if you are a Managed Services Provider, your organization may need to, for each new customer, create a new CDO tenant, set up a Secure Device Connector (SDC), onboard the customer’s devices, and add a list of users to manage these resources. The CDO terraform provider makes it easy for you to rapidly create repeatable environments such as these that are managed and version controlled as code.
The following example demonstrates how to use the CDO Terraform provider to rapidly stand up a new CDO tenant.
⚠️ Note: See the README.md in the
vsphere
directory to create an SDC in vSphere using Terraform.
To use this example, you need the following:
Follow the instructions in the CDO documentation to create an API Only User with Super-Admin role. Copy the API token you have generated and keep it safe. You will need it soon.
If you want to have the CDO example provider create a sample AWS VPC and subnet to deploy ASAvs and SDCs into your environment, set your AWS credentials in your environment. See the AWS documentation to learn more.
In order to be able to use the CDO Terraform Provider, you need to set a bunch of variables that tell the example about your environment. This can be set by performing the following steps:
terraform.tfvars.sample
file to terraform.tfvars
:cp terraform.tfvars.sample terraform.tfvars
terraform.tfvars
and set the values as appropriate.terraform init
terraform plan -out plan.out
terraform apply plan.out
To destroy all of the resources created by this Terraform provider, run:
terraform destroy
In order to allow for the deployment of CDO resources to your AWS account, the Terraform mcode in the modules/aws_vpc
folder creates the following:
us-east-1
AWS region.The Terraform code creates a list of users that can use your CDO tenant. You can modify the e-mail addresses of the users here to create your own users. Once this part of the code runs, you can verify this in CDO as follows:
The code uses the CDO Terraform Provider to create an SDC in CDO, and then uses the AWS cdo-sdc Terraform module to create an SDC instance in the private subnet of the AWS VPC you created, and initialize it using the bootstrap data for the created SDC. Once this part of the code runs, you can verify this in CDO as follows:
sdc-in-aws
with the status set to Active.The code uses the asav
module in modules/asav
to create an ASAv in your AWS VPC. The ASAv deployed has three interfaces:
Deploying this ASAv can take up to 15 minutes, so please be patient.
It then uses the CDO terraform provider to onboard this deployed ASA to CDO.
We create ASA and SDC resources in CDO.
The code uses the ftdv
module in modules/ftdv
to create an FTDv in your AWS VPC. The ASAv deployed has three interfaces:
Deploying this FTDv can take up to 20 minutes, so please be patient.
It then uses the CDO terraform provider to onboard this deployed FTD to CDO.
We use Gitleaks to catch secrets being committed to the repository by accident. The first line of defense is before you ever push to GitHub using a pre-commit hook.
Please enable the pre-commit hook before you commit anything to this repository, even in a branch.
pre-commit
brew install pre-commit
pre-commit autoupdate
pre-commit install
Now any commits you make will be scanned by Gitleaks
The Gitleaks License is free, and stored in the GITLEAKS_LICENSE
secret. In addition, it is saved to Conjur. Speak to Jay, Doron, Siddhu, or Pedro to access it.
Owner
Contributors
Categories
Products
Cisco Security Cloud Control (SCC)Programming Languages
HCLLicense
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community