Skip to content

ministryofjustice/modernisation-platform-terraform-ec2-autoscaling-group

BranchesTags

Repository files navigation

Modernisation Platform Terraform Module Template

Standards Icon Format Code Icon Scorecards IconSCA Icon Terraform SCA Icon

Usage

module "template" {

  source = "github.com/ministryofjustice/modernisation-platform-terraform-module-template"

  tags             = local.tags
  application_name = local.application_name

}

Looking for issues?

If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.

Requirements

Name Version
terraform >= 1.1.7
aws ~> 5.0
cloudinit ~> 2.3.5
random ~> 3.4
time > 0.9.0

Providers

Name Version
aws ~> 5.0
cloudinit ~> 2.3.5
random ~> 3.4

Modules

No modules.

Resources

Name Type
aws_autoscaling_group.this resource
aws_autoscaling_schedule.this resource
aws_cloudwatch_metric_alarm.this resource
aws_iam_instance_profile.this resource
aws_iam_role.this resource
aws_iam_role_policy.lifecycle_hooks resource
aws_iam_role_policy.ssm_params_and_secrets resource
aws_launch_template.this resource
aws_lb_target_group.this resource
aws_secretsmanager_secret.fixed resource
aws_secretsmanager_secret.placeholder resource
aws_secretsmanager_secret_version.fixed resource
aws_ssm_parameter.placeholder resource
aws_ssm_parameter.this resource
random_password.secrets resource
random_password.this resource
aws_ami.this data source
aws_caller_identity.current data source
aws_ec2_instance_type.this data source
aws_iam_policy_document.lifecycle_hooks data source
aws_iam_policy_document.ssm_params_and_secrets data source
cloudinit_config.this data source

Inputs

Name Description Type Default Required
account_ids_lookup A map of account names to account ids that can be used for AMI owner map(any) {} no
ami_name Name of AMI to be used to launch the ec2 instance string n/a yes
ami_owner Owner of AMI to be used to launch the ec2 instance string "core-shared-services-production" no
application_name The name of the application. This will be name of the environment in Modernisation Platform string n/a yes
autoscaling_group See aws_autoscaling_group documentation 
object({
    desired_capacity          = number
    max_size                  = number
    min_size                  = number
    health_check_grace_period = optional(number)
    health_check_type         = optional(string)
    force_delete              = optional(bool)
    termination_policies      = optional(list(string))
    target_group_arns         = optional(list(string))
    wait_for_capacity_timeout = optional(string)
    initial_lifecycle_hooks = optional(map(object({
      default_result       = string
      heartbeat_timeout    = number
      lifecycle_transition = string
    })))
    instance_refresh = optional(object({
      strategy               = string
      min_healthy_percentage = number
      instance_warmup        = number
    }))
    warm_pool = optional(object({
      pool_state                  = optional(string)
      min_size                    = optional(number)
      max_group_prepared_capacity = optional(number)
      reuse_on_scale_in           = bool
    }))
  })
 n/a yes
autoscaling_schedules See aws_autoscaling_schedule documentation. Key=name. Values are taken from equivalent autoscaling_group value if null 
map(object({
    min_size         = optional(number)
    max_size         = optional(number)
    desired_capacity = optional(number)
    recurrence       = string
  }))
 n/a yes
availability_zone Optionally associated the ASG with a single availability zone string null no
cloudwatch_metric_alarms Map of cloudwatch metric alarms. The alarm name is set to the autoscaling group name plus the map key. 
map(object({
    comparison_operator = string
    evaluation_periods  = number
    metric_name         = string
    namespace           = string
    period              = number
    statistic           = string
    threshold           = number
    alarm_actions       = list(string)
    ok_actions          = optional(list(string), [])
    actions_enabled     = optional(bool, false)
    alarm_description   = optional(string)
    datapoints_to_alarm = optional(number)
    treat_missing_data  = optional(string, "missing")
    dimensions          = optional(map(string), {})
  }))
 {} no
ebs_kms_key_id KMS Key to use for EBS volumes if not explicitly set in ebs_volumes variable. If null, uses the local account key or the corresponding AMI volume ebs key string null no
ebs_volume_config EC2 volume configurations, where key is a label, e.g. flash, which is assigned to the disk in ebs_volumes. All disks with same label have the same configuration. If not specified, use values from the AMI. If total_size specified, the volume size is this divided by the number of drives with the given label 
map(object({
    iops       = optional(number)
    throughput = optional(number)
    total_size = optional(number)
    type       = optional(string)
    kms_key_id = optional(string)
  }))
 n/a yes
ebs_volume_tags Additional tags to apply to ebs volumes map(string) {} no
ebs_volumes EC2 volumes, see aws_ebs_volume for documentation. key=volume name, value=ebs_volume_config key. label is used as part of the Name tag 
map(object({
    label       = optional(string)
    snapshot_id = optional(string)
    iops        = optional(number)
    throughput  = optional(number)
    size        = optional(number)
    type        = optional(string)
    kms_key_id  = optional(string)
    no_device   = optional(bool)
  }))
 n/a yes
ebs_volumes_copy_all_from_ami If true, ensure all volumes in AMI are also present in EC2. If false, only create volumes specified in ebs_volumes var bool true no
iam_resource_names_prefix Prefix IAM resources with this prefix, e.g. ec2-database string "ec2" no
instance EC2 launch template / instance settings, see aws_instance documentation 
object({
    disable_api_termination      = bool
    disable_api_stop             = optional(bool, false)
    instance_type                = string
    key_name                     = string
    monitoring                   = optional(bool, true)
    metadata_options_http_tokens = optional(string, "required")
    metadata_endpoint_enabled    = optional(string, "enabled")
    vpc_security_group_ids       = list(string)
    private_dns_name_options = optional(object({
      enable_resource_name_dns_aaaa_record = optional(bool)
      enable_resource_name_dns_a_record    = optional(bool)
      hostname_type                        = string
    }))
    tags = optional(map(string), {})
  })
 n/a yes
instance_profile_policies A list of managed IAM policy document ARNs to be attached to the instance profile list(string) n/a yes
lb_target_groups Map of load balancer target groups, where key is the name. vpc_id needs setting if this is used 
map(object({
    port                 = optional(number)
    protocol             = optional(string)
    deregistration_delay = optional(number)
    health_check = optional(object({
      enabled             = optional(bool)
      interval            = optional(number)
      healthy_threshold   = optional(number)
      matcher             = optional(string)
      path                = optional(string)
      port                = optional(number)
      protocol            = optional(string)
      timeout             = optional(number)
      unhealthy_threshold = optional(number)
    }))
    stickiness = optional(object({
      enabled         = optional(bool)
      type            = string
      cookie_duration = optional(number)
      cookie_name     = optional(string)
    }))
    attachments = optional(list(object({
      target_id         = string
      port              = optional(number)
      availability_zone = optional(string)
    })), [])
  }))
 {} no
name Provide a unique name for the auto scale group string n/a yes
region Destination AWS Region for the infrastructure string "eu-west-2" no
secretsmanager_secrets A map of secretsmanager secrets to create. Set a specific value or a randomly generated value. If neither random or value are set, a placeholder value is created which can be updated outside of terraform 
map(object({
    description             = optional(string)
    kms_key_id              = optional(string)
    recovery_window_in_days = optional(number)
    random = optional(object({
      length  = number
      special = optional(bool)
    }))
    value = optional(string)
    tags  = optional(map(string), {})
  }))
 null no
secretsmanager_secrets_prefix Optionally prefix secretsmanager secrets with this prefix. Add a trailing / string "" no
ssm_parameters A map of SSM parameters to create. Set a specific value or a randomly generated value. If neither random or value are set, a placeholder value is created which can be updated outside of terraform 
map(object({
    description = optional(string)
    type        = optional(string, "SecureString")
    kms_key_id  = optional(string)
    random = optional(object({
      length  = number
      special = optional(bool)
    }))
    value = optional(string)
  }))
 null no
ssm_parameters_prefix Optionally prefix ssm parameters with this prefix. Add a trailing / string "" no
subnet_ids List of subnet ids given to the ASG to set the associated AZs (and therefore redundancy of the ASG instances) list(string) n/a yes
tags Default tags to be applied to resources. Additional tags can be added to EBS volumes or EC2s, see instance.tags and ebs_volume_tags variables. map(any) n/a yes
user_data_cloud_init Use this instead of user_data_raw to run multiple scripts using cloud_init 
object({
    args    = optional(map(string))
    scripts = optional(list(string))
    write_files = optional(map(object({
      path        = string
      owner       = string
      permissions = string
    })), {})
  })
 null no
user_data_raw Base64 encoded user data, script or cloud formation template string null no
vpc_id vpc id which only needs populating if lb_target_groups is set string null no

Outputs

Name Description
autoscaling_group map of aws_autoscaling_group details
lb_target_groups map of aws_lb_target_group resources

About

Module for ec2 autoscaling • This repository is defined and managed in Terraform

Topics

aws ec2 iam terraform-module civil-service modernisation-platform moj-security

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

115 watching

Forks

0 forks
Report repository

Releases 19

V2.6.1 Latest
Sep 13, 2024
+ 18 releases

Packages

No packages published

Contributors 20
+ 6 contributors

Languages