Skip to content

Latest commit

 

History

History
121 lines (83 loc) · 9.04 KB

README.md

File metadata and controls

121 lines (83 loc) · 9.04 KB

AWS Multi-Server Single Region

This project will deploy Kasm Workspaces in a multi-server deployment in AWS within a single region of your choice. Each role is placed in a separate subnet and traffic from user sessions on the Agent egresses out of a Nat Gateway.

Diagram

Pre-Configuration

Consider creating a special sub account for the Kasm deployment.

DNS Zone

In your AWS account create a DNS Public zone that matches the desired domain name for the deployment. e.g kasm.contoso.com

SSH Key Pair

In the desired AWS region create an aws Key pair. The key name will be value used in the aws_key_pair variable and it will be configured as the SSH key for the deployed EC2 machines.

AWS API Keys

Create a user via the IAM console that will be used for the terraform deployment. Give the user Programatic Access and attach the existing policy AdministratorAccess. Save the key and key secret

Terraform Configuration

  1. Initialize the project

    terraform init
    
  2. Open terraform.tfvars and update the variable values. The variable definitions, descriptions, and validation expectations can be found in the variables.tf file.

NOTE: This document assumes you are using a separate file named secrets.tfvars for the AWS credentials generated in the AWS API Keys section above. The .gitignore file in this repository will ignore any files named secrets.tfvars since they are expected to have sensitive values in them. This will prevent you from accidentally committing them to source control. If you would rather use Environment variables or some other AWS credential method in lieu of the secrets.tfvars file, check out the AWS Terraform provider documentation for more information about configuring your environment.

  1. Verify the configuration

    terraform plan -var-file secrets.tfvars
    
  2. Deploy

    terraform apply -var-file secrets.tfvars
    
  3. Login to the Deployment as an Admin via the domain defined; e.g., https://kasm.contoso.com

  4. Navigate to the Agents tab, and enable each Agent after it checks in. (May take a few minutes)

  5. Now you are ready to add Workspaces via the registry and start using Kasm!

Requirements

Name Version
terraform ~> 1.0
aws ~> 5.0

Providers

No providers.

Modules

Name Source Version
standard ./module n/a

Resources

No resources.

Inputs

Name Description Type Default Required
admin_password The administrative user password. No special characters string n/a yes
agent_hdd_size_gb The HDD size in GB to configure for the Kasm Agent instances number n/a yes
agent_instance_type The instance type for the Agents string n/a yes
aws_access_key The AWS access key used for deployment string n/a yes
aws_default_tags Default tags to apply to all AWS resources for this deployment map(any) {} no
aws_domain_name The Route53 Zone used for the dns entries. This must already exist in the AWS account. (e.g dev.kasm.contoso.com). The deployment will be accessed via this zone name via https string n/a yes
aws_key_pair The name of an aws keypair to use. string n/a yes
aws_region The AWS Region used for deployment string "us-east-1" no
aws_secret_key The AWS secret key used for deployment string n/a yes
aws_ssm_iam_role_name The name of the SSM EC2 role to associate with Kasm VMs for SSH access string "" no
aws_ssm_instance_profile_name The name of the SSM EC2 Instance Profile to associate with Kasm VMs for SSH access string "" no
cpx_hdd_size_gb The HDD size in GB to configure for the Kasm cpx RDP instances number n/a yes
cpx_instance_type The instance type for the cpxamole RDP nodes string n/a yes
create_aws_ssm_iam_role Create an AWS SSM IAM role to attach to VMs for SSH/console access to VMs. bool false no
database_password The password for the database. No special characters string n/a yes
db_hdd_size_gb The HDD size in GB to configure for the Kasm Database instances number n/a yes
db_instance_type The instance type for the Database string n/a yes
ec2_ami_id The AMI used for the EC2 nodes. Recommended Ubuntu 22.04 LTS. string n/a yes
kasm_build The URL for the Kasm Workspaces build string n/a yes
kasm_zone_name A name given to the kasm deployment Zone string "default" no
manager_token The manager token value for Agents to authenticate to webapps. No special characters string n/a yes
num_agents The number of Agent Role Servers to create in the deployment number n/a yes
num_cpx_nodes The number of Agent Role Servers to create in the deployment number n/a yes
num_webapps The number of WebApp role servers to create in the deployment number n/a yes
project_name The name of the deployment (e.g dev, staging). A short single word string n/a yes
redis_password The password for the Redis server. No special characters string n/a yes
service_registration_token The service registration token value for cpx RDP servers to authenticate to webapps. No special characters string n/a yes
swap_size The amount of swap (in MB) to configure inside the compute instances number n/a yes
user_password The standard (non administrator) user password. No special characters string n/a yes
vpc_subnet_cidr The subnet CIDR to use for the VPC string "10.0.0.0/16" no
web_access_cidrs CIDR notation of the bastion host allowed to SSH in to the machines list(string) n/a yes
webapp_hdd_size_gb The HDD size in GB to configure for the Kasm WebApp instances number n/a yes
webapp_instance_type The instance type for the webapps string n/a yes

Outputs

Name Description
kasm_zone_settings Upstream Auth settings to apply to Kasm Zone configuration

Detailed Terraform Deployment Diagram

Detailed Diagram