Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Using DuploCloud exclusive Terraform provider
The DuploCloud provider offers a seamless way to interact with the DuploCloud API, facilitating the integration of AWS Security Hub and infrastructure management using Terraform (TF) and AWS Cloud Development Kit (CDK). This integration not only enhances security through a built-in Security Information and Event Management (SIEM) system but also directly supports the attachment of new AWS accounts to the AWS Security Hub, typically recommended for production environments to optimize costs.
Detailed documentation can be obtained from:
DuploCloud supports AWS Security Hub integration out of the box, enabling users to attach new accounts to their AWS Security Hub easily. This feature is particularly useful in production accounts, allowing for cost savings by avoiding activating this service in non-production environments.
For implementing Infrastructure as Code (IaC), DuploCloud integrates well with Terraform and CDK scripts. However, Terraform offers distinct advantages, including its broader vendor support and the ease of maintaining infrastructure with a single language across different tools and services. Terraform's extensive community support and compatibility with various open-source tools make it a preferred choice for many developers.
Terraform: DuploCloud provides a Terraform provider that makes it straightforward to utilize DuploCloud's security constructs, such as tenant IAM roles, instance profiles, and KMS keys. This ensures that resources created via Terraform can fully leverage DuploCloud's security features.
CDK: DuploCloud's security constructs must be manually referenced in the CDK scripts for resources created with CDK. Despite this, DuploCloud's security monitoring capabilities remain effective across all resources, ensuring compliance and security regardless of the IaC tool used.
The fundamental difference between using Terraform and CDK with DuploCloud lies in managing security constructs and variable referencing. Terraform allows for direct referencing of DuploCloud's security constructs, making it more efficient for managing credentials and configurations. In contrast, CDK requires manual input of these constructs, which can be less efficient. Despite these differences, both Terraform and CDK are viable options for integrating with DuploCloud, with Terraform being the preferred choice due to its broader support and versatility.`
Once Terraform Exporter Utility is configured, export Environment Variables and execute listed commands.
cd tenant-terraform-generator
make run
New Folders would be available under tenant-terraform-generator/target/<customer-name>/<tenant>
Under terraform
folder, admin-tenant, aws-services and app projects would be available. These projects would be referenced later to create new tenants and resources.
admin-tenant: This project manages the creation of DuploCloud tenant and tenant-related resources.
aws-services: This project manages data services like Redis, RDS, Kafka, S3 buckets, Cloudfront, EMR and Elastic Search inside DuploCloud.
app: This project manages DuploCloud services like EKS, ECS.
Information about working with DuploCloud's Terraform provider
See how recently updated Terraform license changes may impact your DevOps. Contact HashiCorp, Inc. support, if needed, to ensure your usage is in compliance.
The following utilities are available to manage Terraform for DuploCloud
Before you begin to install the utility, you must have certain prerequisites in place.
https://github.com/duplocloud/tenant-terraform-generator.git
DuploCloud provides a Terraform Exporter Utility to export the terraform code that represents the infrastructure deployed in a DuploCloud Tenant.
This is often very useful in order to:
Generate and persist DuploCloud Terraform IaC which can be version controlled in the future.
Clone a new Tenant based on an already existing Tenant.
While executing the Utility, If you encounter an issue, we suggest referring the following guide to help you troubleshoot.
Follow the sequence based on the Project (admin-tenant
, aws-services
and app).
Perform plan and apply actions in one project prior to switching another project.
Export following environment variables in the shell while running the terraform projects.
This project manages the creation of DuploCloud tenant and resources related to the tenant.
Execute Script in this sequence:
cd target/customer-name/tenant-name
Dry-Run and Review
scripts/plan.sh <new tenant name> admin-tenant
Deploy Resources
scripts/apply.sh <new tenant name> admin-tenant
This project manages data services like Redis, RDS, Kafka, S3 buckets, Cloudfront, EMR and Elastic Search inside DuploCloud.
This project manages containerized applications inside DuploCloud like EKS Services, ECS, docker native service.
Follow the below Project sequence (app, aws-services and admin-tenant) while deleting the resources:
scripts/destroy.sh <new tenant name created above> app
scripts/destroy.sh <new tenant name created above> aws-services
scripts/destroy.sh <new tenant name created above> admin-tenant
Please for assistance.
DuploCloud Terraform Exporter Utility provides scripts to create Infrastructure based on Tenant, using the . Executing the scripts creates Tenant, Services, and Applications. These resources can be viewed in DuploCloud Portal.
Environment Details can be found .