This project will deploy Kasm Workspaces in a multi-server deployment in AWS within a single region of your choice. Each role is placed in a separate subnet and traffic from user sessions on the Agent egresses out of a Nat Gateway.
Consider creating a special sub account for the Kasm deployment.
In your AWS account create a DNS Public zone that matches the desired domain name for the deployment. e.g kasm.contoso.com
In the desired AWS region create an aws Key pair. The key name will be value used in the aws_key_pair
variable and it will be configured as the SSH key for the deployed EC2 machines.
Create a user via the IAM console that will be used for the terraform deployment. Give the user Programatic Access and attach the existing policy AdministratorAccess. Save the key and key secret
-
Initialize the project
terraform init
-
Open
terraform.tfvars
and update the variable values. The variable definitions, descriptions, and validation expectations can be found in thevariables.tf
file.
NOTE: This document assumes you are using a separate file named
secrets.tfvars
for the AWS credentials generated in the AWS API Keys section above. The .gitignore file in this repository will ignore any files namedsecrets.tfvars
since they are expected to have sensitive values in them. This will prevent you from accidentally committing them to source control. If you would rather use Environment variables or some other AWS credential method in lieu of thesecrets.tfvars
file, check out the AWS Terraform provider documentation for more information about configuring your environment.
-
Verify the configuration
terraform plan -var-file secrets.tfvars
-
Deploy
terraform apply -var-file secrets.tfvars
-
Login to the Deployment as an Admin via the domain defined; e.g.,
https://kasm.contoso.com
-
Navigate to the Agents tab, and enable each Agent after it checks in. (May take a few minutes)
-
Now you are ready to add Workspaces via the registry and start using Kasm!
Name | Version |
---|---|
terraform | ~> 1.0 |
aws | ~> 5.0 |
No providers.
Name | Source | Version |
---|---|---|
standard | ./module | n/a |
No resources.
Name | Description | Type | Default | Required |
---|---|---|---|---|
admin_password | The administrative user password. No special characters | string |
n/a | yes |
agent_hdd_size_gb | The HDD size in GB to configure for the Kasm Agent instances | number |
n/a | yes |
agent_instance_type | The instance type for the Agents | string |
n/a | yes |
aws_access_key | The AWS access key used for deployment | string |
n/a | yes |
aws_default_tags | Default tags to apply to all AWS resources for this deployment | map(any) |
{} |
no |
aws_domain_name | The Route53 Zone used for the dns entries. This must already exist in the AWS account. (e.g dev.kasm.contoso.com). The deployment will be accessed via this zone name via https | string |
n/a | yes |
aws_key_pair | The name of an aws keypair to use. | string |
n/a | yes |
aws_region | The AWS Region used for deployment | string |
"us-east-1" |
no |
aws_secret_key | The AWS secret key used for deployment | string |
n/a | yes |
aws_ssm_iam_role_name | The name of the SSM EC2 role to associate with Kasm VMs for SSH access | string |
"" |
no |
aws_ssm_instance_profile_name | The name of the SSM EC2 Instance Profile to associate with Kasm VMs for SSH access | string |
"" |
no |
cpx_hdd_size_gb | The HDD size in GB to configure for the Kasm cpx RDP instances | number |
n/a | yes |
cpx_instance_type | The instance type for the cpxamole RDP nodes | string |
n/a | yes |
create_aws_ssm_iam_role | Create an AWS SSM IAM role to attach to VMs for SSH/console access to VMs. | bool |
false |
no |
database_password | The password for the database. No special characters | string |
n/a | yes |
db_hdd_size_gb | The HDD size in GB to configure for the Kasm Database instances | number |
n/a | yes |
db_instance_type | The instance type for the Database | string |
n/a | yes |
ec2_ami_id | The AMI used for the EC2 nodes. Recommended Ubuntu 22.04 LTS. | string |
n/a | yes |
kasm_build | The URL for the Kasm Workspaces build | string |
n/a | yes |
kasm_zone_name | A name given to the kasm deployment Zone | string |
"default" |
no |
manager_token | The manager token value for Agents to authenticate to webapps. No special characters | string |
n/a | yes |
num_agents | The number of Agent Role Servers to create in the deployment | number |
n/a | yes |
num_cpx_nodes | The number of Agent Role Servers to create in the deployment | number |
n/a | yes |
num_webapps | The number of WebApp role servers to create in the deployment | number |
n/a | yes |
project_name | The name of the deployment (e.g dev, staging). A short single word | string |
n/a | yes |
redis_password | The password for the Redis server. No special characters | string |
n/a | yes |
service_registration_token | The service registration token value for cpx RDP servers to authenticate to webapps. No special characters | string |
n/a | yes |
swap_size | The amount of swap (in MB) to configure inside the compute instances | number |
n/a | yes |
user_password | The standard (non administrator) user password. No special characters | string |
n/a | yes |
vpc_subnet_cidr | The subnet CIDR to use for the VPC | string |
"10.0.0.0/16" |
no |
web_access_cidrs | CIDR notation of the bastion host allowed to SSH in to the machines | list(string) |
n/a | yes |
webapp_hdd_size_gb | The HDD size in GB to configure for the Kasm WebApp instances | number |
n/a | yes |
webapp_instance_type | The instance type for the webapps | string |
n/a | yes |
Name | Description |
---|---|
kasm_zone_settings | Upstream Auth settings to apply to Kasm Zone configuration |