mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
3.3 KiB
3.3 KiB
MDM addon
This addon enables MDM functionality for Fleet. It does this via several secrets in AWS that stores the necessary values. The following secrets are created:
- dep
- scep
- apn
Note: dep is optional. If Apple Business Manager (ABM) is not used, set the dep variable to null and it will be omitted.
Since this module cannot determine the value for the secrets at apply time, this module must be applied in 2 phases:
- In the first phase, just add the module without passing additional config to the main Fleet module
- In the second phase, after the secret values have been populated, apply while also passing the additional config to the main Fleet module.
The secrets should have the following layouts, note that all values are strings. If a value is a JSON object, string escape it.:
DEP
{
"token": <token>,
"cert": <cert>,
"key": <key>,
"token-encrypted": <key>
}
SCEP
{
"crt": <crt>,
"key": <key>,
"challenge": <challenge>
}
APN
{
"FLEET_MDM_APPLE_MDM_PUSH_CERT_PEM": <cert>,
"FLEET_MDM_APPLE_MDM_PUSH_KEY_PEM": <privkey>
}
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| aws | n/a |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_iam_policy.main | resource |
| aws_secretsmanager_secret.apn | resource |
| aws_secretsmanager_secret.dep | resource |
| aws_secretsmanager_secret.scep | resource |
| aws_iam_policy_document.main | data source |
| aws_region.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apn_secret_name | n/a | string |
"fleet-apn" |
no |
| dep_secret_name | n/a | string |
"fleet-dep" |
no |
| public_domain_name | n/a | string |
n/a | yes |
| scep_secret_name | n/a | string |
"fleet-scep" |
no |
Outputs
| Name | Description |
|---|---|
| apn | n/a |
| dep | n/a |
| extra_environment_variables | n/a |
| extra_execution_iam_policies | n/a |
| extra_secrets | n/a |
| scep | n/a |