Skip to content

Latest commit

 

History

History
71 lines (60 loc) · 9.61 KB

README.md

File metadata and controls

71 lines (60 loc) · 9.61 KB

Required VPC Components

Please review the table below and ensure to create the specified VPC resources for setting up the VPC infrastructure. NOTE: Minimum 2 subnets are required by this module to ensure availability

Resource Type Count Comments
aws_vpc 1 private network
vpc_dhcp_options 1 default values
Domain name: ${region}.compute.internal
Domain name servers: AmazonProvidedDNS
NTP servers:
internet_gateway 1 It will be associated with public route table
public_subnet_route_table 1 depends on number of subnets provided by user
private_subnet_route_tables 3 depends on number of subnets provided by user
public_subnet_route 3 depends on number of subnets provided by user
private_subnet_route 3 depends on number of subnets provided by user
nat_gateways 3 It will be associated with private route table
nat_ips 3 depends on number of subnets provided by user
public_subnet 3 depends on user input
private_subnet 3 depends on user input

Terraform variables

The module uses below input variables. Update the values in terraform.tfvars file as per requirement

⚠️ Please only update the terraform input variables in terraform.tfvars file

Inputs

Name Description Type Default
vpc_cidr CIDR block for the VPC string "10.0.0.0/16"
vpc_id VPC ID string "vpc-057efe0e8a68a3b55"
vpc_name Name tag for the VPC string "cisco_ise"
aws_region Specify the AWS region string "us-east-1"
availability_zones List of availability zones list(string) 
[
  "us-east-1a",
  "us-east-1b",
  "us-east-1c"
]
public_subnet_cidrs List of CIDR blocks for public subnets list(string) 
[
  "10.0.1.0/24",
  "10.0.2.0/24",
  "10.0.3.0/24"
]
private_subnet_cidrs List of CIDR blocks for private subnets list(string) 
[
  "10.0.11.0/24",
  "10.0.12.0/24",
  "10.0.13.0/24"
]
subnet_id_list List of subnet IDs to launch resources in. The list should contain subnet id's in following order - ["subnetid in A AZ", "subnetid in B AZ", "subnetid in C AZ"] list(string) 
[
  "subnet-045716712cef0ea64",
  "subnet-00951b7d1a25cd789",
  "subnet-00c1fd9e924862a07"
]
internet_gateway_name Name tag for the Internet Gateway string "Cisco_ISE_IGW"
primary_instance_config Specify the configuration for primary pan instance where key is the hostname and values are instance attributes
Hostname only supports alphanumeric characters and hyphen (-). The length of the hostname should not exceed 19 characters.Example usage -
{
primary-ise-server = {
instance_type = "t3.xlarge"
storage_size = 500
}
}		 
map(object({
    instance_type = string
    storage_size  = number
  }))
 n/a
secondary_instance_config Specify the configuration for secondary pan instance where key is the hostname and values are instance attributes.
Hostname only supports alphanumeric characters and hyphen (-). The length of the hostname should not exceed 19 characters.
Example usage -
{
secondary-ise-server = {
instance_type = "t3.xlarge"
storage_size = 500
services = "Session,Profiler,pxGrid"
roles = "SecondaryAdmin"
}
}		 
map(object({
    instance_type = string
    storage_size  = number
    services      = optional(string, "Session,Profiler,pxGrid")
    roles         = optional(string, "SecondaryAdmin,SecondaryMonitoring")
  }))
 n/a
psn_instance_config Specify the configuration for PSN nodes where key is the hostname and values are instance attributes.
Hostname only supports alphanumeric characters and hyphen (-). The length of the hostname should not exceed 19 characters. Example usage -
{
secmonitoring-server = {
instance_type = "t3.xlarge"
storage_size = 500
roles = "SecondaryMonitoring"
}
psn-ise-server-2 = {
instance_type = "t3.xlarge"
storage_size = 600
services = "Session,Profiler,PassiveIdentity"
}
}		 
map(object({
    instance_type = string
    storage_size  = number
    services      = optional(string, "Session,Profiler")
    roles         = optional(string, " ")
  }))
 n/a
key_pair_name To access the Cisco ISE instance via SSH, choose the key pair that you created/imported in AWS.
Create/import a key pair in AWS now if you have not configured one already.
Usage example: ssh -i mykeypair.pem [email protected].
NOTE: The username for ISE 3.1 is "admin" and for ISE 3.2/3.3 is "iseadmin".		 string "ise-test-nv"
ebs_encrypt Choose true to enable EBS encryption bool false
enable_stickiness Choose true or false to enable/disable stickiness for the load balancer bool true
ise_version The version of Cisco ISE (3.1 or 3.2 or 3.3) string "3.1"
password The password for username (admin) to log in to the Cisco ISE GUI. The password must contain a minimum of 6 and maximum of 25 characters, and must include at least one numeral, one uppercase letter, and one lowercase letter. Password should not be the same as username or its reverse(admin or nimdaesi) or (cisco or ocsic). Allowed Special Characters @~*!,+=_- string ""
time_zone Enter a timezone that is allowed by ISE nodes. For information on the supported timezone formats, refer to this documentation - https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/cli_guide/b_ise_CLI_Reference_Guide_33/b_ise_CLIReferenceGuide_33_chapter_011.html?#wp2884933107 string "UTC"
ers_api Enter yes/no to enable/disable ERS string "yes"
open_api Enter yes/no to enable/disable OpenAPI string "yes"
px_grid Enter yes/no to enable/disable pxGrid string "yes"
px_grid_cloud Enter yes/no to enable/disable pxGrid Cloud. To enable pxGrid Cloud, you must enable pxGrid. If you disallow pxGrid, but enable pxGrid Cloud, pxGrid Cloud services are not enabled on launch string "yes"
primarynameserver Enter the IP address of the Primary name server. Only IPv4 addresses are supported string "169.254.169.253"
ntpserver Enter the IPv4 address or FQDN of the NTP server that must be used for synchronization. string "169.254.169.123"
dns_domain Enter a domain name in correct syntax (for example, cisco.com). The valid characters for this field are ASCII characters, numerals, hyphen (-), and period (.). If you use the wrong syntax, Cisco ISE services might not come up on launch. string "example.com"

Outputs

Name Description
primary_instance_id Instance id of the primary ISE node
secondary_instance_id Instance id of the secondary ISE node
psn_instance_id Instance id of the PSN ISE nodes
primary_private_ip Private IP address of primary ISE node
secondary_private_ip Private IP address of Secondary ISE node
psn_private_ip Private IP address of PSN ISE nodes
primary_dns_name Private DNSName of the primary ISE node
secondary_dns_name Private DNSName of the primary ISE node
psn_dns_name Private DNSName of the PSN ISE nodes