GCP Terraform Deployment Guide

Summary

The ThreatX Web Application and API Protection (WAAP) autoscaler sensor is a Terraform module that provides a ThreatX sensor cluster in the Google Cloud Platform (GCP).

The ThreatX Sensor can be deployed behind a GCP Network Load Balancer for high availability. To facilitate HA deployment, ThreatX provides a .tf deployment template. The template may be used ‘as is’ or modified to help deployment into your particular GCP environment.

You must be familiar with Terraform modules to deploy the sensor.

Autoscaler

This template deploys a ThreatX autoscaler behind a network LB, and an egress NAT gateway. ThreatX sensors are deployed in two availability zones within the GCP region as shown in the following configuration example.

image001-2-1024x438

The Terraform Module

sensor-deploy.tf
module "threatx_sensor" {
  source              = "../"
  customer_name       = "<customer_name>"
  customer_sensor_key = "<customer_sensor_key>"
  deployment_name     = "<deployment_name>" # Unique name for this deployment (prod, test, etc.)
  waap_version        = "3.20.0"            # WAAP version to deploy. Default: Latest
  region              = "us-west1"
  jump_host_zone      = "us-west1-a"    
  sensor_zones        = ["us-west1-a", "us-west1-b"] # ["zone1","zone2"]
  deployment_cidr     = "10.128.0.0/28" # CIDR block for subnet
  machine_type        = "e2-medium"     # Default: e2-medium
  target_size         = 2               # Default: 2
  min_replicas        = 2               # Default: 2
  max_replicas        = 10              # Default: 10
  custom_sensor_tags  = ""              # String with comma separation per tag ("tag1,tag2,tag3")
}

Variables

Table 1. Required Module Variables
Parameter Description

customer_name

ThreatX customer name. Provided by the ThreatX SOC.

customer_sensor_key

ThreatX sensor key. Provided by the ThreatX SOC.

deployment_name

A name for the deployment. It is appended to resource names.

region

Region for the deployment.

sensor_zones

Zones for sensor deployment. At least two should be defined for redundancy.

jump_host_zone

Zone for jump host VM deployment.

deployment_cidr

CIDR block defining subnet created for this deployment. Ensure that the CIDR block is large enough to accommodate max_replicas.
Table 2. Optional Module Variables
Parameter Description

waap_version

Version of ThreatX WAAP to deploy. Default is latest. Specific versions are not currently supported.

machine_type

Machine type or size for sensors. Default is e2-standard-16.

target_size

Target number of sensor nodes for the autoscaling group. Default is 2.

min_replicas

Minimum number of sensor nodes. Default is 2.

max_replicas

Maximum number of sensor nodes. Default is 10.

custom_sensor_tags

Variable for customer sensor tag customization. Add as comma-separated string, such as "tag1,tag2,tag3".

Outupts

Table 3. Module Outputs
Name Description

load_balancer_ip

External IP address of the load balancer.

jump_host_ip

External IP address of the jump host.

network_id

Resource ID of the compute network.