Terraform module which creates AWS resources for Tyk MDCB.
This module includes the following components:
- Security group for instances
- Network Load Balancer for MDCB instances, with target group, listeners and health checks
- Launch configuration for MDCB instances based on latest Amazon Linux 2 AMI and official tyk-sink package
- Auto-scaling group that utilises the launch configuration and LB target groups for fault-tolerance and zero-downtime deployments
- Optional scaling policies based on group's CPU utilisation
module "tyk_mdcb" {
source = "modules/tyk-mdcb/aws"
vpc_id = "vpc-a123f4da"
instance_subnets = ["subnet-012345c34d32a4ca9", "subnet-5432108982f9ca6c3"]
lb_subnets = ["subnet-1cfbde23", "subnet-326ab10e"]
ssh_sg_id = "sg-0f12c3fb044629789"
key_name = "ssh-key-name"
redis_host = "some.redis"
redis_port = "6379"
redis_password = "secret"
mongo_url = "mongodb://user:password@cluster0-shard-00-00.mongo:27017,cluster0-shard-00-01.mongo:27017,cluster0-shard-00-02.mongo:27017/tyk?replicaSet=Cluster0-shard-0"
mongo_use_ssl = "true"
license_key = "tyk MDCB license here"
instance_type = "c5.large"
port = "9090"
min_size = 2
max_size = 4
create_scaling_policies = true
mdcb_version = "1.7.4"
forward_to_pump = "true"
}This example will create a launch configuration with tyk-sink-1.7.4 running on c5.large instances in VPC subnets "subnet-012345c34d32a4ca9" and "subnet-5432108982f9ca6c3" accessible on port 9090, connected to Redis and MongoDB via specified configurations and forwarding analytics to Tyk Pump.
The auto-scaling group will have between 2 and 4 instances with default scaling policies created too.
The network load balancer will be provisioned in VPC subnets "subnet-012345c34d32a4ca9" and "subnet-5432108982f9ca6c3" along with a TCP listener and HTTP health check.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| certificate_arn | ARN of the TLS certificate resource in ACM (required if enable_tls is true) | string | `` | no |
| create_scaling_policies | Create scaling policies and alarm for autoscaling group | string | false |
no |
| enable_cloudwatch_policy | Enable CloudWatch agent IAM policy for the instance profile | string | false |
no |
| enable_ssm | Enable AWS Systems Manager | string | false |
no |
| enable_tls | Enable TLS listener on the NLB | string | false |
no |
| forward_to_pump | Forward analytics to Tyk pump | string | `` | no |
| ingress_cidr | CIDR of ingress source | string | 0.0.0.0/0 |
no |
| instance_subnets | List of subnets to use for instances | list | - | yes |
| instance_type | EC2 instance type | string | c5.large |
no |
| key_name | EC2 key pair name | string | - | yes |
| lb_subnets | List of subnets to use for load balancing | list | - | yes |
| license_key | Tyk MDCB license | string | `` | no |
| max_size | Maximum number of instance in autoscaling group | string | 2 |
no |
| mdcb_config | Full MDCB config file contents (replaces the default config file if set) | string | `` | no |
| mdcb_token | Repository token for MDCB packages | string | - | yes |
| mdcb_version | Version of Tyk MDCB to deploy | string | - | yes |
| metrics_cloudconfig | Rendered cloud-init config for metrics and logs collection setup | string | `` | no |
| min_size | Minimum number of instances in autoscaling group | string | 1 |
no |
| mongo_url | MongoDB connection string | string | `` | no |
| mongo_use_ssl | Should MongoDB connection use SSL/TLS? | string | `` | no |
| package_repository | Repository name for the PackageCloud package | string | tyk-mdcb |
no |
| port | Ingress port of the MDCB | string | 9090 |
no |
| redis_enable_cluster | Is Redis clustering enabled? | string | `` | no |
| redis_host | Redis host | string | `` | no |
| redis_hosts | Redis cluster connection parameters | string | `` | no |
| redis_password | Redis password | string | `` | no |
| redis_port | Redis port | string | `` | no |
| ssh_sg_id | Security group for SSH access | string | `` | no |
| statsd_conn_str | Connection string for statsd instrumentation | string | `` | no |
| statsd_prefix | Prefix for statsd metrics | string | tykMDCB |
no |
| tls_policy | The name of the TLS policy for the listener (defaults to TLSv1.2 with modern cipher suite, modify for your needs) | string | ELBSecurityPolicy-TLS-1-2-2017-01 |
no |
| tls_port | TLS listener port | string | 443 |
no |
| vpc_id | VPC to use for Tyk MDCB | string | - | yes |
| Name | Description |
|---|---|
| asg_arn | ARN of the auto-scaling group |
| asg_name | Name of the auto-scaling group |
| dns_name | Domain name of the load balancer |
| instance_profile_name | Name of the IAM instance profile |
| instance_role_name | Name of the IAM instance role |
| lb_id | ID of the load balancer |
| sg_id | ID of the instances security group |
| zone_id | ID of the load balancer domain zone |