Welcome to the CyberArk PAMonCloud Controller Terraform Module repository! This project provides a tool to simplify the deployment of PAMonCloud Controller node, which includes everything you need in order to run PAMonCloud BYOI on Azure. It consists the required software installed, as well as permissions delegated to the VM using role assignments. The controller node is Ubuntu 22.04 based.
Before using these modules, ensure you have the following:
- Terraform installed
- Azure account with necessary permissions for deploying resources
- A valid PAM_Self-Hosted_on_Azure.zip file containing the BYOI solution
Instructions for downloading the PAM_Self-Hosted_on_Azure.zip file can be found here. It should be uploaded to an Azure Storage Account Container, the deployment will ask for the Storage Account and Container names in order to upload it to the controller.
Below is an example usage of this Terraform module:
module "pamoncloud_controller" {
source = "cyberark/pamoncloud-controller/azurerm"
resource_group_name = "ResourceGroupName"
location = "westeurope"
vnet_cidr = "172.31.0.0/16"
subnet_cidr = "172.31.1.0/24"
allowed_ssh_cidr = "3.5.7.9/32"
vm_admin_user = "azureadmin"
vm_admin_password = "VMAdminPassword"
vm_size = "Standard_B2s"
storage_account_id = "/subscriptions/12345678-1234-5678-1234-567812345678/resourceGroups/PAM-Storage/providers/Microsoft.Storage/storageAccounts/storageaccountname"
container_name = "ContainerName"
file_name = "PAM_Self-Hosted_on_Azure.zip"
}See examples directory for working examples to reference.
| Name | Version |
|---|---|
| terraform | 1.9.8 |
| Name | Version |
|---|---|
| azurerm | 3.116.0 |
No modules.
| Name | Description | Type | Default |
|---|---|---|---|
| resource_group_name | Resource Group name | string |
"PAMonCloud-BYOI-Controller-RG" |
| location | Location of the RG and VM | string |
"westeurope" |
| vnet_cidr | CIDR block for the VNET | string |
"10.0.0.0/16" |
| subnet_cidr | CIDR block for the subnet | string |
"10.0.1.0/24" |
| allowed_ssh_cidr | CIDR block allowed for SSH inbound access | string |
"0.0.0.0/0" |
| vm_admin_user | Admin user for the VM | string |
"azureadmin" |
| vm_admin_password | Password for VM admin user | string |
n/a |
| vm_size | VM size for the controller | string |
"Standard_D2s_v3" |
| storage_account_id | Resource ID of the storage account containing the BYOI zip | string |
n/a |
| container_name | Name of the storage account container with BYOI zip | string |
n/a |
| file_name | BYOI zip file name to be downloaded from Azure storage account | string |
n/a |
| Name | Description |
|---|---|
| rg_name | Controller's RG name. |
| vm_name | Controller's VM name. |
| vm_public_ip | Controller's VM public IP. |
You can use the terraform state show command followed by: module.<module_name>.<resource_name>
Example: terraform state show 'module.pamoncloud_controller.azurerm_virtual_machine.controller_vm:'
For list objects, you can use terraform state list to get all objects within the list.
| Resource | Description |
|---|---|
azurerm_virtual_machine.controller_vm |
The virtual machine for the controller. |
| Resource | Description |
|---|---|
azurerm_user_assigned_identity.controller_identity |
Identity to manage VM permissions. |
azurerm_role_assignment.storage_account_role_assignment |
Assignment of the identity. |
| Resource | Description |
|---|---|
azurerm_resource_group.controller_rg |
Resource group. |
azurerm_virtual_network.controller_vnet |
Virtual network for the subnet. |
azurerm_network_security_group.controller_nsg |
Network security group for the subnet. |
azurerm_network_interface.controller_network_interface |
Network interface for the VM. |
- Examples: Ready-to-use examples.
This repository is subject to the following licenses:
- Terraform templates: Licensed under the Apache License, Version 2.0 (LICENSE).
We welcome contributions! Please see our Contributing Guidelines for more details.
CyberArk is a global leader in Identity Security, providing powerful solutions for managing privileged access. Learn more at www.cyberark.com.