# IaC & Terraform

> :::info
Ensure you've visited our [marketplace page](https://aws.amazon.com/marketplace/pp/prodview-7ulmdnoq5jnwu) and accepted the terms & conditions, and any private offers you may have been extended for your AWS account, first.
:::

:::info
Ensure you've visited our [marketplace page](https://aws.amazon.com/marketplace/pp/prodview-7ulmdnoq5jnwu) and accepted the terms & conditions, and any private offers you may have been extended for your AWS account, first.
:::

## IMAGE IDENTIFIERS

| key          | value                     |
| ------------ | ------------------------- |
| owner-alias  | aws-marketplace           |
| product-code | bz1yq0sc5ta99w5j7jjwzym8g |
| architecture | x86_64                    |

These filters will result in all the historic versions too. The _latest_ among these is recommended.

### BYOL

In case you have a licence key from us, there's a [dedicated BYOL marketplace page](https://aws.amazon.com/marketplace/pp/prodview-7hafqjdkvnfyk) to accept the terms at, and product-code: `a7z5gi2mkpzvo93r2e8csl2ld` .

## TERRAFORM MODULES

You may want to consider our fully-working [modules at the Terraform Registry](https://registry.terraform.io/modules/ChaserSystems), which include **preconfigured high availability, load balancing and auto scaling**. The examples within extend from the canonical [terraform-aws-modules/vpc/aws](https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws) module at the registry.

:::info
Contact us for expert help at `devsecops@chasersystems.com` at any stage of your journey – we'll jump on a screen-sharing call right away!
:::

## CLOUDFORMATION

Equivalent CloudFormation templates are available on [our GitHub profile](https://github.com/orgs/ChaserSystems/repositories?q=cloudformation).

## DEPLOYMENT ESSENTIALS

For effective functioning, the DiscrimiNAT Firewall will need:

1. A machine type with at least 2 vCPU and 2 GiB RAM. A `t3.small` should suffice where throughput requirements are basic and allowlists small. Otherwise a `c6a.large` (or `c6i.large`) makes a good choice for constant throughput. [Talk to our DevSecOps](/support) to get the sizing right!
1. An IAM policy that can read some EC2 metadata, write logs and set instance health (of itself). See the [IAM Instance Profile](../iam-instance-profile/) page for details.
1. Ability to forward IP packets with the `SourceDestCheck` property of the network interface turned off.
1. A public IP with routing to the Internet via the AWS supplied Internet Gateway.

## aws CLI EXAMPLE

#### Lookup

```plaintext
aws ec2 describe-images                             \
  --query                                              \
  'sort_by(Images, &CreationDate)[-1].ImageId'         \
  --filters                                            \
  "Name=owner-alias,Values=aws-marketplace"            \
  "Name=product-code,Values=bz1yq0sc5ta99w5j7jjwzym8g" \
  "Name=architecture,Values=x86_64"                    \
  --no-cli-pager --output text
```