Terraform module which creates AWS resources for Tyk Gateway.
This module includes the following components:
- Security groups for LB and instances
- Application Load Balancer for gateway instances, with target group, listeners and health checks
- Launch configuration for gateway instances based on latest Amazon Linux 2 AMI and official tyk-gateway package
- Auto-scaling group that utilises the launch configuration and LB target groups for fault-tolerance and zero-downtime deployments
- Optional scaling policies based on group's CPU utilisation
module "tyk_gateway" {
source = "modules/tyk-gateway/aws"
vpc_id = "vpc-a123f4da"
instance_subnets = ["subnet-012345c34d32a4ca9", "subnet-5432108982f9ca6c3"]
lb_subnets = ["subnet-1cfbde23", "subnet-326ab10e"]
ssh_sg_id = "sg-0f12c3fb044629789"
key_name = "ssh-key-name"
redis_host = "some.redis"
redis_port = "6379"
redis_password = "secret"
instance_type = "c5.large"
min_size = 2
max_size = 4
create_scaling_policies = true
port = "80"
gateway_version = "2.9.4"
gateway_secret = "supersecret1"
shared_node_secret = "supersecret2"
dashboard_url = "http://module.tyk_dashboard.dns_name:80"
enable_detailed_analytics = "false"
}This example will create a launch configuration with tyk-gateway-2.9.4 running on c5.large instances in VPC subnets "subnet-012345c34d32a4ca9" and "subnet-5432108982f9ca6c3" accessible on port 80, connected to Redis and Tyk Dashboard via specified configurations.
The auto-scaling group will have between 2 and 4 instances with default scaling policies created too.
The load balancer will be provisioned in VPC subnets "subnet-012345c34d32a4ca9" and "subnet-5432108982f9ca6c3".
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| certificate_arn | ARN of the TLS certificate resource in ACM (required if enable_https is true) | string | `` | no |
| create_scaling_policies | Create scaling policies and alarm for autoscaling group | string | false |
no |
| dashboard_url | Tyk dashboard URL (leave empty if not used) | string | `` | no |
| enable_cloudwatch_policy | Enable CloudWatch agent IAM policy for the instance profile | string | false |
no |
| enable_detailed_analytics | Enable detailed (request/response) analytics | string | `` | no |
| enable_https | Enable HTTPS listener on the ALB | string | false |
no |
| enable_ssm | Enable AWS Systems Manager | string | false |
no |
| gateway_config | Full gateway config file contents (replaces the default config file if set) | string | `` | no |
| gateway_secret | Tyk gateway secret | string | `` | no |
| gateway_version | Version of Tyk gateway to deploy | string | - | yes |
| https_port | HTTPS listener port | string | 443 |
no |
| ingress_cidr | CIDR of ingress source | string | 0.0.0.0/0 |
no |
| instance_subnets | List of subnets to use for instances | list | - | yes |
| instance_type | EC2 instance type | string | c5.large |
no |
| key_name | EC2 key pair name | string | - | yes |
| lb_subnets | List of subnets to use for load balancing | list | - | yes |
| max_size | Maximum number of instance in autoscaling group | string | 2 |
no |
| metrics_cloudconfig | Rendered cloud-init config for metrics and logs collection setup | string | `` | no |
| min_size | Minimum number of instances in autoscaling group | string | 1 |
no |
| package_repository | Repository name for the PackageCloud package | string | tyk-gateway |
no |
| port | HTTP port of the gateway | string | 80 |
no |
| redis_enable_cluster | Is Redis clustering enabled? | string | `` | no |
| redis_host | Redis host | string | `` | no |
| redis_hosts | Redis cluster connection parameters | string | `` | no |
| redis_password | Redis password | string | `` | no |
| redis_port | Redis port | string | `` | no |
| shared_node_secret | Shared gateway-dashboard secret for API definitions (leave empty if not used) | string | `` | no |
| ssh_sg_id | Security group for SSH access | string | `` | no |
| statsd_conn_str | Connection string for statsd instrumentation | string | `` | no |
| statsd_prefix | Prefix for statsd metrics | string | tykGW |
no |
| tls_policy | The name of the TLS policy for the listener (defaults to TLSv1.2 with modern cipher suite, modify for your needs) | string | ELBSecurityPolicy-TLS-1-2-2017-01 |
no |
| vpc_id | VPC to use for Tyk gateway | string | - | yes |
| Name | Description |
|---|---|
| asg_arn | ARN of the auto-scaling group |
| asg_name | Name of the auto-scaling group |
| dns_name | Domain name of the load balancer |
| instance_profile_name | Name of the IAM instance profile |
| instance_role_name | Name of the IAM instance role |
| lb_id | ID of the load balancer |
| lb_sg_id | ID of the load balancer security group |
| sg_id | ID of the instances security group |
| zone_id | ID of the load balancer domain zone |