Vendor Management

Outputs

Prerequisites

  • Go v1.11+
  • Terraform v0.11+

Installation

Clone the examples repository or download this example:

curl https://codeload.github.com/usermirror/examples/tar.gz/master | tar -xz --strip=1 examples-master/terraform-aws-proxy
cd terraform-aws-proxy

First install the Go dependencies:

make deps

Then install required Terraform providers:

terraform init

Configuration

Here's a sample for proxying Segment analytics data:

var apiURL *url.URL

if apiURL, err = url.Parse("https://api.segment.io"); err != nil {
  log.Fatal(err)
}

proxy.NewEncryptionProxy(proxy.Input{
  Targets: []*proxy.Target{
    &proxy.Target{PathPrefix: "/v1", Destination: apiURL, EncryptJSON: true},
  },
})

Deploying

Preview the changes that will be applied by Terraform with:

make plan

When you're ready to deploy, run the following command:

make apply

Testing

Now we're going to test this origin proxy by sending a test event. Replace SEGMENT_WRITE_KEY with your source's write key and structure the event how ever you like, the proxy encrypts all properties by default.

curl https://d291lgc8l.execute-api.us-west-2.amazonaws.com/a/v1/t \
  -d '{"anonymousId":"a1","event":"test","type":"track","properties":{"name":"abc"}}' \
  -H "Content-Type: application/json" \
  --user SEGMENT_WRITE_KEY:

You should see the following response:

{
  "success": true
}

Then open your source's debugger in the Segment app to see the encrypted event:

Event in the Segment Debugger

Great job! You're well on your way to securing your customer's data   🎉