-
Notifications
You must be signed in to change notification settings - Fork 31
/
_variables.tf
392 lines (320 loc) · 11.1 KB
/
_variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
# == REQUIRED VARS
variable "name" {
description = "Name of this ECS cluster."
}
variable "instance_types" {
description = "Instance type for ECS workers"
type = list(any)
default = []
}
variable "architecture" {
default = "x86_64"
description = "Architecture to select the AMI, x86_64 or arm64"
}
variable "volume_type" {
default = "gp2"
description = "The EBS volume type"
}
variable "tags" {
description = "Map of tags that will be added to created resources. By default resources will be tagged with terraform=true."
type = map(string)
default = {}
}
variable "on_demand_percentage" {
description = "Percentage of on-demand intances vs spot."
default = 100
}
variable "on_demand_base_capacity" {
description = "You can designate a base portion of your total capacity as On-Demand. As the group scales, per your settings, the base portion is provisioned first, while additional On-Demand capacity is percentage-based."
default = 0
}
variable "vpc_id" {
description = "VPC ID to deploy the ECS cluster."
}
variable "private_subnet_ids" {
type = list(string)
description = "List of private subnet IDs for ECS instances and Internal ALB when enabled."
}
variable "public_subnet_ids" {
type = list(string)
description = "List of public subnet IDs for ECS ALB."
}
variable "secure_subnet_ids" {
type = list(string)
description = "List of secure subnet IDs for EFS."
}
variable "certificate_arn" {}
variable "extra_certificate_arns" {
type = list(string)
description = "Extra ACM certificates to add to ALB Listeners"
default = []
}
# == OPTIONAL VARS
variable "security_group_ids" {
type = list(string)
default = []
description = "Extra security groups for instances."
}
variable "security_group_ecs_nodes_outbound_cidrs" {
type = list(string)
default = ["0.0.0.0/0"]
description = "ECS Nodes outbound allowed CIDRs for the security group."
}
variable "userdata" {
default = ""
description = "Extra commands to pass to userdata."
}
variable "alb" {
default = true
description = "Whether to deploy an ALB or not with the cluster."
}
variable "alb_http_listener" {
default = true
description = "Whether to enable HTTP listeners"
}
variable "alb_sg_allow_alb_test_listener" {
default = true
description = "Whether to allow world access to the test listeners"
}
variable "alb_sg_allow_egress_https_world" {
default = true
description = "Whether to allow ALB to access HTTPS endpoints - needed when using OIDC authentication"
}
variable "alb_only" {
default = false
description = "Whether to deploy only an alb and no cloudFront or not with the cluster."
}
variable "alb_internal" {
default = false
description = "Deploys a second internal ALB for private APIs."
}
variable "alb_enable_deletion_protection" {
default = false
description = "Enable deletion protection for ALBs"
}
variable "certificate_internal_arn" {
default = ""
description = "certificate arn for internal ALB."
}
variable "alb_ssl_policy" {
default = "ELBSecurityPolicy-2016-08"
type = string
description = "The name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS."
}
variable "alb_internal_ssl_policy" {
default = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
type = string
description = "The name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS."
}
variable "alb_drop_invalid_header_fields" {
default = true
type = bool
description = "Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false)."
}
variable "asg_min" {
default = 1
description = "Min number of instances for autoscaling group."
}
variable "asg_max" {
default = 4
description = "Max number of instances for autoscaling group."
}
variable "asg_protect_from_scale_in" {
default = false
description = "(Optional) Allows setting instance protection. The autoscaling group will not select instances with this setting for termination during scale in events."
}
variable "asg_target_capacity" {
default = 70
description = "Target average capacity percentage for the ECS capacity provider to track for autoscaling."
}
variable "alarm_sns_topics" {
default = []
description = "Alarm topics to create and alert on ECS instance metrics."
}
variable "alarm_asg_high_cpu_threshold" {
description = "Max threshold average CPU percentage allowed in a 2 minutes interval (use 0 to disable this alarm)."
default = 80
}
variable "alarm_ecs_high_memory_threshold" {
description = "Max threshold average Memory percentage allowed in a 2 minutes interval (use 0 to disable this alarm)."
default = 80
}
variable "alarm_ecs_high_cpu_threshold" {
description = "Max threshold average CPU percentage allowed in a 2 minutes interval (use 0 to disable this alarm)."
default = 80
}
variable "alarm_alb_latency_anomaly_threshold" {
description = "ALB Latency anomaly detection width (use 0 to disable this alarm)."
default = 2
}
variable "alarm_alb_500_errors_threshold" {
description = "Max threshold of HTTP 500 errors allowed in a 5 minutes interval (use 0 to disable this alarm)."
default = 10
}
variable "alarm_alb_400_errors_threshold" {
description = "Max threshold of HTTP 4000 errors allowed in a 5 minutes interval (use 0 to disable this alarm)."
default = 10
}
variable "alarm_efs_credits_low_threshold" {
description = "Alerts when EFS credits fell below this number in bytes - default 1000000000000 is 1TB of a maximum of 2.31T of credits (use 0 to disable this alarm)."
default = 1000000000000
}
variable "target_group_arns" {
default = []
type = list(string)
description = "List of target groups for ASG to register."
}
variable "autoscaling_health_check_grace_period" {
default = 300
description = "The length of time that Auto Scaling waits before checking an instance's health status. The grace period begins when an instance comes into service."
}
variable "autoscaling_default_cooldown" {
default = 300
description = "The amount of time, in seconds, after a scaling activity completes before another scaling activity can start."
}
variable "instance_volume_size" {
description = "Volume size for docker volume (in GB)."
default = 30
}
variable "instance_volume_size_root" {
description = "Volume size for root volume (in GB)."
default = 16
}
variable "lb_access_logs_bucket" {
type = string
default = ""
description = "Bucket to store logs from lb access."
}
variable "lb_access_logs_prefix" {
type = string
default = ""
description = "Bucket prefix to store lb access logs."
}
variable "enable_schedule" {
default = false
description = "Enables schedule to shut down and start up instances outside business hours."
}
variable "schedule_cron_start" {
type = string
default = ""
description = "Cron expression to define when to trigger a start of the auto-scaling group. E.g. '0 20 * * *' to start at 8pm GMT time."
}
variable "schedule_cron_stop" {
type = string
default = ""
description = "Cron expression to define when to trigger a stop of the auto-scaling group. E.g. '0 10 * * *' to stop at 10am GMT time."
}
variable "backup" {
type = string
default = "true"
description = "Assing a backup tag to efs resource - Backup will be performed by AWS Backup."
}
variable "throughput_mode" {
type = string
default = "bursting"
description = "Throughput mode for the file system. Defaults to bursting. Valid values: bursting, provisioned."
}
variable "provisioned_throughput_in_mibps" {
default = 0
description = "The throughput, measured in MiB/s, that you want to provision for the file system."
}
variable "alarm_prefix" {
type = string
description = "String prefix for cloudwatch alarms. (Optional)"
default = "alarm"
}
variable "ebs_key_arn" {
type = string
description = "ARN of a KMS Key to use on EBS volumes"
default = ""
}
variable "efs_key_arn" {
type = string
description = "ARN of a KMS Key to use on EFS volumes"
default = ""
}
variable "wafv2_enable" {
default = false
description = "Deploys WAF V2 with Managed rule groups"
}
variable "wafv2_managed_rule_groups" {
type = list(string)
default = ["AWSManagedRulesCommonRuleSet"]
description = "List of WAF V2 managed rule groups, set to count"
}
variable "wafv2_managed_block_rule_groups" {
type = list(string)
default = []
description = "List of WAF V2 managed rule groups, set to block"
}
variable "wafv2_rate_limit_rule" {
type = number
default = 0
description = "The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable)"
}
variable "create_iam_service_linked_role" {
type = bool
default = false
description = "Create iam_service_linked_role for ECS or not."
}
variable "fargate_only" {
default = false
description = "Enable when cluster is only for fargate and does not require ASG/EC2/EFS infrastructure"
}
variable "ec2_key_enabled" {
default = false
description = "Generate a SSH private key and include in launch template of ECS nodes"
}
variable "vpn_cidr" {
default = ["10.37.0.0/16"]
description = "Cidr of VPN to grant ssh access to ECS nodes"
}
variable "create_efs" {
type = bool
default = true
description = "Enables creation of EFS volume for cluster"
}
variable "asg_capacity_rebalance" {
type = bool
default = false
description = "Indicates whether capacity rebalance is enabled"
}
variable "efs_lifecycle_transition_to_ia" {
type = string
default = ""
description = "Option to enable EFS Lifecycle Transaction to IA"
validation {
condition = contains(["AFTER_7_DAYS", "AFTER_14_DAYS", "AFTER_30_DAYS", "AFTER_60_DAYS", "AFTER_90_DAYS", ""], var.efs_lifecycle_transition_to_ia)
error_message = "Indicates how long it takes to transition files to the IA storage class. Valid values: AFTER_7_DAYS, AFTER_14_DAYS, AFTER_30_DAYS, AFTER_60_DAYS, AFTER_90_DAYS. Or leave empty if not used."
}
}
variable "efs_lifecycle_transition_to_primary_storage_class" {
type = bool
default = false
description = "Option to enable EFS Lifecycle Transaction to Primary Storage Class"
}
variable "extra_task_policies_arn" {
type = list(string)
default = []
description = "Extra policies to add to the task definition permissions"
}
variable "container_insights" {
type = bool
default = false
description = "Enables CloudWatch Container Insights for a cluster."
}
variable "alb_test_listener" {
type = bool
default = true
description = "Enables a second listener on ports 8080 and 8443 for a phased deploy/cutover (blue/green)"
}
variable "code_deploy" {
type = bool
default = true
description = "Enables CodeDeploy role to be used for deployment"
}
variable "idle_timeout" {
type = number
default = 400
description = "IDLE time for ALB on seconds."
}