Check the following before getting started:
- Terraform CLI is installed on your local machine.
- You have an AWS account with the necessary permissions.
- AWS CLI is installed and configured.
Terraform will automatically use your default CLI credentials to interact with AWS.
You can set these credentials via aws configure command. You will be prompted to enter your Access Key, Secret Key, and default region:
aws configurePrompt:
AWS Access Key ID [None]: YOUR_ACCESS_KEY
AWS Secret Access Key [None]: YOUR_SECRET_KEY
Default region name [None]: us-west-2
Default output format [None]: json
For more details on how to configure aws-cli, please visit the official documentation.
Specify the module source and version in your .tf file, along with any required inputs.
module "vpc" {
source = "aviatrix/controlplane-aws" // TODO: Update when in registry
version = "0.10.5" // Only available using terraform registry
ha_distribution = "inter-az"
access_account_name = "AWS-Account"
admin_email = "admin@example.com"
asg_notif_email = "asg@example.com"
incoming_ssl_cidr = ["x.x.x.x/32"]
cop_incoming_https_cidr = ["x.x.x.x/32"]
keypair = "keypair1" // Must create manually
s3_backup_bucket = "backup-bucket" // Must create manually
s3_backup_region = "us-east-1"
// Optional
avx_customer_id = "aviatrix.com-abu-aBcd123-123456789.456789" // Update with your customer_id
}Once you've set up your configuration, initialize and apply it:
Enter the following into your terminal.
terraform initterraform apply
*Note: You will have to enter 'yes' in your cli to confirm your changes for terraform apply.
Deployment takes ~25 minutes to complete. Grab a coffee or read more about what Aviatrix can do here
For more details on how to use terraform, please visit the official documentation
Remember to use terraform plan before applying a configuration. It'll give you handy preview.
And one final tip, it is always a good practice to version control your Terraform configurations.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | ~>5.16.1 |
| Name | Version |
|---|---|
| aws | ~>5.16.1 |
| http | n/a |
| null | n/a |
| Name | Source | Version |
|---|---|---|
| aviatrix-iam-roles | ./aviatrix-controller-iam-roles | n/a |
| region1 | ./region-build | n/a |
| region2 | ./region-build | n/a |
| Name | Type |
|---|---|
| aws_iam_policy.ecs-policy | resource |
| aws_iam_policy.eventbridge-policy | resource |
| aws_iam_role.iam_for_ecs | resource |
| aws_iam_role.iam_for_eventbridge | resource |
| aws_iam_role_policy_attachment.attach-policy | resource |
| aws_iam_role_policy_attachment.eventbridge-attach-policy | resource |
| aws_route53_record.avx_primary | resource |
| null_resource.region_conflict | resource |
| aws_caller_identity.current | data source |
| aws_region.current | data source |
| aws_route53_zone.avx_zone | data source |
| http_http.avx_iam_id | data source |
| http_http.copilot_iam_id | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_account_name | The controller account friendly name (mapping to the AWS account ID) | string |
n/a | yes |
| admin_email | Controller admin email address | string |
n/a | yes |
| app_role_name | n/a | string |
"aviatrix-role-app" |
no |
| asg_notif_email | Email address for Controller failover notifications | string |
n/a | yes |
| avx_copilot_password | The service account password for the Aviatrix CoPilot | string |
"" |
no |
| avx_copilot_password_ssm_path | The path to the password for CoPilot | string |
"/aviatrix/copilot/password" |
no |
| avx_customer_id | The customer ID | string |
"" |
no |
| avx_customer_id_ssm_path | The path to the Aviatrix customer ID | string |
"/aviatrix/controller/customer_id" |
no |
| avx_customer_id_ssm_region | The region the customer ID parameter is in | string |
"us-east-1" |
no |
| avx_password | The admin password for the Aviatrix Controller | string |
"" |
no |
| avx_password_ssm_path | The path to the Aviatrix password | string |
"/aviatrix/controller/password" |
no |
| avx_password_ssm_region | The region the password parameter is in | string |
"us-east-1" |
no |
| controller_ha_enabled | Whether HA is enabled for the Controller | bool |
true |
no |
| controller_name | Name of controller that will be launched | string |
"" |
no |
| controller_version | The initial version of the Aviatrix Controller at launch | string |
"latest" |
no |
| cop_controller_auth_ip | Controller IP type to be used by CoPilot for authentication - public, or private | string |
"public" |
no |
| cop_default_data_volume_size | Default data volume disk size for Copilot | number |
8 |
no |
| cop_default_data_volume_type | Default data volume type for Copilot | string |
"gp3" |
no |
| cop_incoming_https_cidr | Incoming CIDR for HTTPS access to the CoPilot | list(string) |
n/a | yes |
| cop_incoming_netflow_cidr | Incoming CIDR for Netflow sources to the CoPilot | list(string) |
[ |
no |
| cop_incoming_syslog_cidr | Incoming CIDR for Syslog sources to the CoPilot | list(string) |
[ |
no |
| cop_instance_type | CoPilot instance size | string |
"t3.2xlarge" |
no |
| cop_root_volume_size | Root volume disk size for Copilot | number |
25 |
no |
| cop_root_volume_type | Root volume type for Copilot | string |
"gp3" |
no |
| cop_type | Type of billing, can be 'Copilot' or 'CopilotARM' | string |
"Copilot" |
no |
| copilot_data_node_count | Desired number of CoPilot data nodes in a Fault-Tolerant deployment | number |
3 |
no |
| copilot_deployment | Desired CoPilot deployment type | string |
"simple" |
no |
| copilot_email | CoPilot user email address, if desired | string |
"" |
no |
| copilot_ha_enabled | Whether HA is enabled for CoPilot | bool |
true |
no |
| copilot_name | Name of copilot that will be launched | string |
"" |
no |
| copilot_username | CoPilot service account username, if desired | string |
"" |
no |
| create_iam_roles | n/a | bool |
true |
no |
| dr_keypair | Key pair which should be used by Aviatrix controller | string |
"" |
no |
| dr_region | DR Region for Aviatrix Controller | string |
"us-east-2" |
no |
| dr_subnet_ids | n/a | list(string) |
[] |
no |
| dr_vpc | VPC in which you want launch Aviatrix controller | string |
"" |
no |
| dr_vpc_cidr | n/a | string |
"10.0.1.0/24" |
no |
| dr_vpc_name | n/a | string |
"Aviatrix-DR-VPC" |
no |
| ec2_role_name | n/a | string |
"aviatrix-role-ec2" |
no |
| existing_copilot_dr_eip | Existing EIP to associate with the DR Aviatrix CoPilot | string |
"" |
no |
| existing_copilot_eip | Existing EIP to associate with the Aviatrix CoPilot (Main Node, in a Fault-Tolerant deployment) | string |
"" |
no |
| existing_dr_eip | Existing EIP to associate with the DR Aviatrix Controller | string |
"" |
no |
| existing_eip | Existing EIP to associate with the Aviatrix Controller | string |
"" |
no |
| ha_distribution | Desired Controller high availability distribution | string |
"single-az" |
no |
| incoming_ssl_cidr | Incoming cidr for security group used by controller | list(string) |
n/a | yes |
| instance_type | Controller instance size | string |
"t3.large" |
no |
| inter_region_backup_enabled | Specifies whether backups should be enabled on the primary controller in an inter-region deployment | bool |
false |
no |
| keypair | Key pair which should be used by Aviatrix controller | string |
n/a | yes |
| license_type | Type of billing, can be 'MeteredPlatinum', 'BYOL' or 'Custom' | string |
"BYOL" |
no |
| name_prefix | Additional name prefix for your environment resources | string |
"avx" |
no |
| private_zone | private hostzone definition | bool |
false |
no |
| record_name | The record name to be created under exisitng route 53 zone | string |
true |
no |
| region | The region to deploy this module in | string |
"us-east-1" |
no |
| root_volume_size | Root volume disk size for controller | number |
64 |
no |
| root_volume_type | Root volume type for Controller | string |
"gp3" |
no |
| s3_backup_bucket | S3 bucket for Controller DB backup | string |
n/a | yes |
| s3_backup_region | AWS region of S3 backup bucket | string |
n/a | yes |
| standby_instance_state | Standby instance state definition | string |
"Running" |
no |
| subnet_ids | n/a | list(string) |
[] |
no |
| subnet_name | n/a | string |
"Aviatrix-Public-Subnet" |
no |
| tags | Map of common tags which should be used for module resources | map(string) |
{} |
no |
| termination_protection | Enable/disable switch for termination protection | bool |
true |
no |
| use_existing_copilot_eip | Set to true if using an existing EIP for CoPilot | bool |
false |
no |
| use_existing_eip | Set to true if using an existing EIP | bool |
false |
no |
| use_existing_vpc | Set to true to use existing VPC. | bool |
false |
no |
| vpc | VPC in which you want launch Aviatrix controller | string |
"" |
no |
| vpc_cidr | n/a | string |
"10.0.0.0/24" |
no |
| vpc_name | n/a | string |
"Aviatrix-VPC" |
no |
| zone_name | The exisitng route 53 zone name | string |
true |
no |
| Name | Description |
|---|---|
| controller_name | n/a |
| controller_public_ip | n/a |
| copilot_name | n/a |
| copilot_public_ip | n/a |
| dr_controller_public_ip | n/a |
| dr_copilot_public_ip | n/a |
| dr_lb_dns_name | n/a |
| dr_region | n/a |
| ha_distribution | n/a |
| lb_dns_name | n/a |
| log_group_name | n/a |
| record_name | n/a |
| region | n/a |
| s3_backup_bucket | n/a |
| s3_backup_region | n/a |
| zone_name | n/a |