You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
Brian Salcedo e28cacea42 post-receive from gitea 1 year ago
tpm needed tpm/remoteip.conf, ssh_authorized_keys 3 years ago
.gitignore needed tpm/remoteip.conf, ssh_authorized_keys 3 years ago
Dockerfile initial commit 3 years ago
Makefile initial commit 3 years ago
README.md post-receive from gitea 1 year ago
build.sh needed tpm/remoteip.conf, ssh_authorized_keys 3 years ago
config.tf.dist initial commit 3 years ago
main.tf initial commit 3 years ago
networking.tf initial commit 3 years ago
security.tf initial commit 3 years ago

README.md

Team Password Manager on AWS & Cloudflare via Terraform

Deploy Team Password Manager on AWS EC2 via Terraform.

Prerequisites:

Just do the damn thing:

  1. copy config.tf.dist to config.tf
  2. edit config.tf (provide your AWS and Cloudflare API credentials)
  3. make

Details:

Once the Terraform Apply is complete, A CoreOS instance runs a systemd unit (included in the user-data created by build.sh) which builds and runs a container that, in turn, brings up the Team Password Manager stack via docker-compose. The two build-stage containers then vanish - along with their files - and the end result is three running containers:

  • tpm_proxy_1 - A Traefik container with automatic LetsEncrypt configured.
  • tpm_app_1 - The Team Password Manager application running in a custom build of php:7.0-apache
  • tpm_database_1 - MySQL database for the app (mariadb:latest)

The final three containers are configured to survive unexpected shutdowns or reboots. Application data persistance and ACME storage is provided through the creation of two docker volumes.

Security:

The AWS Security Group resource is in security.tf, which defaults to allowing only HTTP & HTTPS. No SSH keys are associated with the instance - thus it is inaccessible (except for the app).