The instructions in this article enable you to use Terraform to install Cequence Bridge as an Azure Serverless Container app.
Prerequisites
- Azure subscription ID
- Terraform
- Access to the Azure CLI
- Credentials for the Cequence image repository on Gitlab. Your Cequence sales team or customer success team can provide these credentials.
Generating a traffic client and secret
In order to send traffic from the Cequence Bridge to the Cequence UAP platform, you first need to create auth credentials in UAP to enable the Bridge to authenticate to UAP. In order to create the auth credentials, follow the following steps in your UAP management portal.
- Log in to the UAP management portal UI.
The URL typically takes the form https://ui.<your-tenant-name>.<domain>. - Select General Settings > User Management.
The User Management pane appears. - Click the Clients tab.
- Click Add New Client.
The new client dialog box appears. - Type the client name in the Client Name field.
- Enable the Traffic Management toggle.
- To change the token lifespan from the default of 1800 seconds, type a whole number of seconds in Token Lifespan.
- Click Save.
A dialog box with the client secret appears. - Click the blue Copy icon to copy the secret to the clipboard, then click Close.
The client is now set up. Note the client name for future use.
The client list appears. - Note the value of the client secret for later use.
For security, the UI cannot show this value again.
Installation
Installing Cequence Bridge on Azure requires updating Terraform templates.
- Run the following command to log in to the Azure CLI.
az login
A list of tenants and subscription IDs appears. - Select a subscription and tenant from the list.
The terminal session returns to the shell environment. Note the selected subscription ID and tenant ID for later use. - Set the required environment variables. In a bash shell, run the following commands.
export ARM_SUBSCRIPTION_ID="your-subscription-id"
In Powershell, run the following commands.
export ARM_TENANT_ID="your-tenant-id"$env:ARM_SUBSCRIPTION_ID = "your-subscription-id"
$env:ARM_TENANT_ID = "your-tenant-id" - Download the compressed file that contains the Terraform templates.
- Extract the files by running the following command, then navigate to the directory that contains the extracted files.
tar -xvzf serverless-cequence-bridge-azure-<VERSION>.tar.gz
cd serverless-cequence-bridge-azure - Create a file named terraform.tfvars and type the configurations, as in the following example.
Detailed configuration information is available later in this article.
azure_region = "<region>"
azure_resource_group_name = "<resource_group_name>" -- If left blank a new resource group will be created
container_env = {
APIEDGE_CLIENT_ID = "<my-client-id>"
APIEDGE_CLIENT_SECRET = "<my-client-secret>"
UAP_SUB_DOMAIN = "<my-sub-domain>"
}
image_configuration = {
image = "registry.gitlab.com/cequence/releases/dataplane/cequence-bridge:5.2.1"
registry = "registry.gitlab.com"
username = "<registry-user>"
password = "<registry-token>"
} - Run the following command to register the namespace.
az provider register --namespace Microsoft.App
- Run the following commands to apply the Terraform changes.
terraform init
terraform apply
Verification
A successful installation of Cequence Bridge produces the following output.
url = "https://cequence-bridge-app-<NAME>.azurecontainerapps.io/api-transactions"
Note: The "NAME" attribute in the URL above is auto-assigned by Terraform, not configured by any configuration listed on this page.
Traffic sent to the above URL with the appropriate JSON body is visible in the Cequence UAP. Browse to the Sitemap Discovery page under "Threat Detection" to see if the requests you are sending via Cequence Bridge are making it to the UAP Platform.
Terraform configuration variables
The following table lists the primary Terraform configuration variables.
Name | Type |
Required/ |
Description |
azure_region | string | Yes | The Azure location where Cequence resources are deployed. |
azure_resource_group_name | string | No | Azure Resource Group in which all Cequence resources should be provisioned. If not provided, a new resource group will be created. |
container_env | object | Yes | The list of environment variables the Cequence container requires. |
container_limits | object | No | Memory and CPU limits. |
scaling_configuration | object | No | Minimum and maximum replica counts for the Cequence container. |
input_format_type | string | No | Reader input format type. The default value is unified. Specify json to use the JSON format instead. Each format expects a specific set of keys. |
container_env variables
The variables in this table refer to the client ID, secret, and UAP subdomain for the Cequence instance. This represents the auth configuration for the Bridge. Using these credentials, the Bridge authenticates itself to UAP.
Name | Type | Required |
APIEDGE_CLIENT_ID | string | Yes |
APIEDGE_CLIENT_SECRET | string | Yes |
UAP_SUB_DOMAIN | string | Yes |
container_limits variables
The variables in this table apply to the container_limits object.
Name | Type | Required | Description |
cpu | number | Yes |
Container CPU limit. Allowed values are 0.25, 0.5, 0.75, 1, 1.25, 1.5, 1.75, and 2. This value is 1 by default. |
memory | number | Yes |
Container Memory limit in GB. As a best practice, set this value to twice the value of cpu. By default, this value is 2. |
scaling_configuration variables
Name | Type | Required | Description |
min_replicas | number | Yes | Minimum number of replicas to maintain for the Cequence container. By default, this value is 1. |
max_replicas | number | Yes | Maximum number of replicas to maintain for the Cequence container. Must be at least equal to the value of min_replicas. By default, this value is 10. |