This README serves as a quick start guide to deploy Zscaler Cloud Connector resources in an AWS cloud using Terraform. To learn more about the resources created when deploying Cloud Connector with Terraform, see Deployment Templates for Zscaler Cloud Connector.
Use this repository to create the deployment resources required to deploy and operate Cloud Connector in a new or existing virtual private cloud (VPC). The examples directory contains complete automation scripts for both greenfield/POV and brownfield/production use.
The AWS Terraform scripts leverage Terraform v1.1.9 which includes full binary and provider support for macOS M1 chips, but any Terraform version 0.13.7 should be generally supported.
- provider registry.terraform.io/hashicorp/aws v4.7.x
- provider registry.terraform.io/hashicorp/random v3.3.x
- provider registry.terraform.io/hashicorp/local v2.2.x
- provider registry.terraform.io/hashicorp/null v3.1.x
- provider registry.terraform.io/providers/hashicorp/tls v3.4.x
- A valid AWS account with Administrator Access to deploy required resources
- AWS ACCESS KEY ID
- AWS SECRET ACCESS KEY
- AWS Region (E.g. us-west-2)
- Subscribe and accept the terms of using Amazon Linux 2 (for base deployments with workloads + bastion) at this link
- Subscribe and accept the terms of using Zscaler Cloud Connector image at this link
- A valid Zscaler Cloud Connector provisioning URL generated from the Zscaler Cloud & Branch Connector Admin Portal
- Zscaler Cloud Connector Credentials (api key, username, password) are stored in AWS Secrets Manager
Use this if you are building an entire cluster from the ground up. These templates include a bastion host and test workloads and are designed for greenfield/POV testing.
Use the Starter Deployment Template to deploy your Cloud Connector in a new VPC.
Use the Starter Deployment Template with ZPA to deploy your Cloud Connector in a new VPC with ZPA DNS resolver capability.
Use the Starter Deployment Template with High Availability to deploy your Cloud Connector in a new VPC with lambda health monitoring for failover. This template achieves high availability between two Cloud Connectors and sets up data traffic across multiple TCP connections.
- Note This is only available as reference for legacy users. Zscaler's recommended deployment method is Gateway Load Balancer (GWLB), which distributes traffic across multiple Cloud Connectors and achieves high availability.
Use the Starter Deployment Template with High Availability to deploy your Cloud Connector in a new VPC with lambda health monitoring for failover and ZPA DNS resolver capability. This template achieves high availability between two Cloud Connectors and sets up data traffic across multiple TCP connections.
- Note This is only available as reference for legacy users. Zscaler's recommended deployment method is Gateway Load Balancer (GWLB), which distributes traffic across multiple Cloud Connectors and achieves high availability.
Use the Starter Deployment Template with GWLB to deploy your Cloud Connector in a new VPC and to load balance traffic across multiple Cloud Connectors. Zscaler's recommended deployment method is Gateway Load Balancer (GWLB). GWLB distributes traffic across multiple Cloud Connectors and achieves high availability.
Brownfield deployment templates are most applicable for production deployments and have more customization options than a "base" deployment. They also do not include a bastion or workload hosts deployed. See Modules for the Terraform configurations for brownfield deployment.
Use the Custom Deployment template with GWLB to deploy your Cloud Connector in a new or existing VPC and load balance traffic across multiple Cloud Connectors. Zscaler's recommended deployment method is Gateway Load Balancer (GWLB). GWLB distributes traffic across multiple Cloud Connectors and achieves high availability. Optional ZPA/Route53 add-on capabilities.