Introduction

3min
|
Terraform
Boundary

The Get started tutorials gave you a tour of the Admin Console UI and examined different Boundary resources.

This sequence of tutorials demonstrates common Boundary resource management operations. Complete the tutorials in sequential order to create the complete set of resources shown in the diagram below.

Resources

Prerequisites

To complete this tutorial, you need:

A Boundary binary in your PATH. This tutorial uses the 0.8.1 version of Boundary.
Terraform 0.13.0 or greater provides an optional workflow for these tutorials. The binary must be available in your PATH.

To perform the tasks described in this collection, you need to have a Boundary environment. Refer to the Getting Started tutorial to install and start Boundary in dev mode.

Get setup

Start by running Boundary in dev mode:

$ boundary dev==> Boundary server configuration:        [Controller] AEAD Key Bytes: cXte2+fkVq/mnQ/VKO3cOL0bYQZKqJsQhWgPLvX9VsY=          [Recovery] AEAD Key Bytes: XGcczs8FJ7lIwd8PQJaP34go/ILiPIeMs+7anHkK+vE=       [Worker-Auth] AEAD Key Bytes: Y9A1Gw4Ja+IJbFtuGTSXLIw3L+aEPcwEpN+/lRqvWIQ=               [Recovery] AEAD Type: aes-gcm                   [Root] AEAD Type: aes-gcm            [Worker-Auth] AEAD Type: aes-gcm                                Cgo: disabled     Controller Public Cluster Addr: 127.0.0.1:9201             Dev Database Container: bold_heisenberg                   Dev Database Url: postgres://postgres:password@localhost:55001/boundary?sslmode=disable         Generated Admin Login Name: admin           Generated Admin Password: password          Generated Host Catalog Id: hcst_1234567890                  Generated Host Id: hst_1234567890              Generated Host Set Id: hsst_1234567890      Generated Oidc Auth Method Id: amoidc_1234567890             Generated Org Scope Id: o_1234567890  Generated Password Auth Method Id: ampw_1234567890         Generated Project Scope Id: p_1234567890                Generated Target Id: ttcp_1234567890  Generated Unprivileged Login Name: user    Generated Unprivileged Password: password                         Listener 1: tcp (addr: "127.0.0.1:9200", cors_allowed_headers: "[]", cors_allowed_origins: "[*]", cors_enabled: "true", max_request_duration: "1m30s", purpose: "api")                         Listener 2: tcp (addr: "127.0.0.1:9201", max_request_duration: "1m30s", purpose: "cluster")                         Listener 3: tcp (addr: "127.0.0.1:9203", max_request_duration: "1m30s", purpose: "ops")                         Listener 4: tcp (addr: "127.0.0.1:9202", max_request_duration: "1m30s", purpose: "proxy")                          Log Level: info                              Mlock: supported: false, enabled: false                            Version: Boundary v0.8.0                        Version Sha: 9b48dbc2fd4f9a9f0bda4ca68488590f681dbd9e+CHANGES           Worker Public Proxy Addr: 127.0.0.1:9202==> Boundary server started! Log data will stream in below:{  "id": "QH3NNVS84T",  "source": "https://hashicorp.com/boundary/dev-controller/boundary-dev",  "specversion": "1.0",  "type": "system",  "data": {    "version": "v0.1",    "op": "github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent",    "data": {      "@original-log-level": "none",      "@original-log-name": "aws",      "msg": "configuring client automatic mTLS"    }  },  "datacontentype": "text/plain",  "time": "2022-04-19T13:38:37.377958-06:00"}...... More output ......

Note

If you plan on using Terraform to configure Boundary, copy the [Recovery] key generated by boundary dev. In the example above this key is XGcczs8FJ7lIwd8PQJaP34go/ILiPIeMs+7anHkK+vE=.

Next, the Manage Scopes tutorial demonstrates basic resource management and permissions modeling.

Collection Overview

Self-managed administration

Manage scopes