HCP Boundary with GitHub webhooks for Atlantis

Currently I use ngrok to allow GitHub webhooks to reach my Atlantis server in an AWS VPC (private subnet).

Can HCP Boundary be setup, so that GitHub webhooks can reach my Atlantis server running in a private subnet?

My Atlantis server is running on EC2, so I can install Boundary binaries on that machine if needed.

Not sure if it is relevant, but I use Nomad to launch the Atlantis binary (raw_exec) and the process can be made to register in Consul, if needed/for ease.

If the above is possible, is there an easy to follow step by step guide to achieve the same?

That’s more of a machine-identity situation; for that, Consul is usually a better choice as it’s designed for exactly that kind of thing (specifically, the service mesh features).

1 Like

Thanks for the answer. I did have the nagging feeling that HCP Boundary (or even self managed Boundary) would not be the correct tool for this.

BTW, I presume the ingress gateway is what I would be needing from the service mesh?

It’s going to be a combination of that, plus probably setting up the basic service discovery to identify your Atlantis server and the access policies (intentions) in Consul to allow only authorized traffic through to it. (To be honest Consul is not something I’m deeply familiar with the specifics of on that level but it’s definitely the place to start.)

1 Like