Quick Start StrongDM With Terraform and AWS

Last modified on October 4, 2023

Overview

This Terraform module gets you up and running with StrongDM quickly by automating the creation of a variety of users, resources, and gateways. Keep reading to get hands-on experience and test StrongDM’s capabilities when integrating with Amazon Web Services (AWS).

Prerequisites

To successfully run the AWS Terraform module, you need the following:

  • A StrongDM administrator account. If you do not have one, sign up for a trial.
  • A StrongDM API key, which you can generate in the StrongDM Admin UI. Your StrongDM API key needs all permissions granted to it in order to generate the users and resources for these Terraform scripts.
  • Terraform v0.14.0 or higher installed on your computer.
  • An AWS account and an AWS API key with permissions to provision all intended AWS resources. To control these settings, go to your AWS Dashboard and click Key Pairs.

Run the Terraform Module

Our public GitHub repository stores code examples for your Terraform onboarding quick start with AWS. To work with the examples in our repository, follow these directions.

  1. Clone the repository:

    git clone https://github.com/strongdm/terraform-sdm-onboarding.git
    
  2. Switch to the directory containing the cloned project:

    cd terraform-sdm-onboarding
    
  3. Initialize the working directory containing the Terraform configuration files:

    terraform init
    
  4. Execute the actions proposed in the Terraform plan:

    terraform apply
    
  5. The script asks you for the following values. If you prefer not to enter these values each time you run the module, you can store them in the variables.tf file found in the root of the project.

    • Your AWS access key ID and secret
    • Your AWS region
    • Your StrongDM API key ID and secret
    • Your StrongDM administrator email

    Once you add these values, the script runs until it is complete. Note any errors. If there are no errors, you should see new resources, such as gateways, databases, or servers, in the StrongDM Admin UI. Additionally, your AWS Management Console displays any new EC2 instances added when you ran the module.

  6. If necessary, remove the resources created with your Terraform plan:

    terraform destroy
    

Customize the Terraform Module

You can optionally modify the onboarding.tf file to meet your needs, including altering the resource prefix, or spinning up additional resources that are commented out in the script.

To give you an idea of the script’s total run time, the file provides estimates to indicate the time it may take to spin up each resource after Terraform triggers it. Additionally, there are a few other items to consider in relation to the onboarding.tf file:

  • You can add resource tags at the bottom of the file.
  • You may choose not to provision any of the resources listed by commenting them out in the script or by altering their value to false. In order to successfully test, you need to keep at least one resource and one StrongDM gateway.

Conclusion

Feel free to create additional resources and to test as much as needed. Once you are finished testing, remember to run terraform destroy from your project directory. With this command, Terraform deprovisions the AWS assets it created and it also removes the StrongDM assets from the Admin UI. This cleans up after your testing and ensures that test assets do not accumulate unwanted costs while sitting unused.