Production ready Terraform scripts for IS deployment pattern

[ThilinaManamgoda]

Is your feature request related to a problem? Please describe. Currently we don’t provide Terraform scripts to set up required cloud infrastructure to run Identity server deployments.

This introduces the following pain points:

• Customers cannot spin production grade infra layer Identity server deployments
• Need CIAM expertise + K8s expertise to implement infrastructure(ex: Firewall configurations, blocking certain endpoints, monitoring critical endpoints).
• Have to keep up with latest Terraform providers to update the Terraform scripts
• Have to put effort to integrate deployment best practices, security best practices and latest security fixes

Describe the solution you would prefer

We need to provide Terraform scripts to set up required cloud infrastructure to run Identity server deployments.

• We need to consider Terraform scripts for following deployment patterns:
  • Identity server HA(minimum two servers)
  • Identity server as KM
• Beside this, we need to initiate collaborative efforts with other product teams to cater scenarios where multiple products are used to cater customer user cases.
• For each deployment pattern, we need to define different security levels where components, integrations would be added as the level advances, Ex:,
  • Basic(No firewall, No diagnostic settings, No Defender configurations)
  • Standard(firewall, diagnostic settings, Defender configurations)
  • Advanced(firewall, diagnostic settings, Defender configurations)
• We would need to support multiple cloud vendors for each terraform permutation. We will start with Azure as most of the RND efforts are already done and implementations already exists
• We need to implement Terraform scripts with following characteristics
  • Proper naming conventions
  • Use central Terraform modules
  • Implement security best practices
  • Proper versioning
  • Properly tested
• Ideally we should be able to maintain set of Terraform scripts for deployment patterns irrespective of the product versions
• Proper documentation.

[aaujayasena]

Shall we update the issue status. If this is not ready with the IS 7.0.0-rc1, please update the milestone. Ex: https://github.com/orgs/wso2/projects/97/views/1 board "backlog" @ThilinaManamgoda