GCP Terraform Deployment Guide

Summary

The ThreatX Web Application and API Protection (WAAP) autoscaler sensor is a Terraform module that provides a ThreatX sensor cluster in the Google Cloud Platform (GCP).

The ThreatX Sensor can be deployed behind a GCP Network Load Balancer for high availability. To facilitate HA deployment, ThreatX provides a .tf deployment template. The template may be used โ€˜as isโ€™ or modified to help deployment into your particular GCP environment.

You must be familiar with Terraform modules to deploy the sensor.

Autoscaler

This template deploys a ThreatX autoscaler behind a network LB, and an egress NAT gateway. ThreatX sensors are deployed in two availability zones within the GCP region as shown in the following configuration example.

image001-2-1024x438

The Terraform Module

sensor-deploy.tf
module "threatx_sensor" {
  source              = "../"
  customer_name       = "<customer_name>"
  customer_sensor_key = "<customer_sensor_key>"
  deployment_name     = "<deployment_name>" # Unique name for this deployment (prod, test, etc.)
  waap_version        = "3.20.0"            # WAAP version to deploy. Default: Latest
  region              = "us-west1"
  jump_host_zone      = "us-west1-a"    
  sensor_zones        = ["us-west1-a", "us-west1-b"] # ["zone1","zone2"]
  deployment_cidr     = "10.128.0.0/28" # CIDR block for subnet
  machine_type        = "e2-medium"     # Default: e2-medium
  target_size         = 2               # Default: 2
  min_replicas        = 2               # Default: 2
  max_replicas        = 10              # Default: 10
  custom_sensor_tags  = ""              # String with comma separation per tag ("tag1,tag2,tag3")
}
hcl

Variables

Table 1. Required Module Variables
Parameter Description

customer_name

ThreatX customer name. Provided by the ThreatX SOC.

customer_sensor_key

ThreatX sensor key. Provided by the ThreatX SOC.

deployment_name

A name for the deployment. It is appended to resource names.

region

Region for the deployment.

sensor_zones

Zones for sensor deployment. At least two should be defined for redundancy.

jump_host_zone

Zone for jump host VM deployment.

deployment_cidr

CIDR block defining subnet created for this deployment. Ensure that the CIDR block is large enough to accommodate max_replicas.
Table 2. Optional Module Variables
Parameter Description

waap_version

Version of ThreatX WAAP to deploy. Default is latest. Specific versions are not currently supported.

machine_type

Machine type or size for sensors. Default is e2-standard-16.

target_size

Target number of sensor nodes for the autoscaling group. Default is 2.

min_replicas

Minimum number of sensor nodes. Default is 2.

max_replicas

Maximum number of sensor nodes. Default is 10.

custom_sensor_tags

Variable for customer sensor tag customization. Add as comma-separated string, such as "tag1,tag2,tag3".

Outupts

Table 3. Module Outputs
Name Description

load_balancer_ip

External IP address of the load balancer.

jump_host_ip

External IP address of the jump host.

network_id

Resource ID of the compute network.