Skip to content

Latest commit

 

History

History
76 lines (60 loc) · 3.35 KB

README.md

File metadata and controls

76 lines (60 loc) · 3.35 KB
Raw

Environment Dev Terraform

Creates the dev environment's infrastructure. These templates are designed to be customized. The optional components can be removed by simply deleting the .tf file.

Components

Name Description Optional
main.tf Terrform remote state, AWS provider, output
ecs.tf ECS Cluster, Task Definition, ecsTaskExecutionRole, CloudWatch Log Group
nsg.tf NSG for Task
[secretsmanager.tf][edsm] Add a Secrets Manager secret with a CMK KMS key. Also gives app role and ECS task definition role access to read secrets from Secrets Manager Yes
[ssm-parameters.tf][ssm] Add a CMK KMS key for use with SSM Parameter Store. Also gives ECS task definition role access to read secrets from parameter store. Yes
role.tf Application Role for container Yes
cicd.tf IAM user that can be used by CI/CD systems Yes
logs-logzio.tf Ship container logs to logz.io Yes

Usage

# Sets up Terraform to run
$ terraform init

# Executes the Terraform run
$ terraform apply

Inputs

Name Description Type Default Required
app The application's name string - yes
aws_profile The AWS Profile to use string - yes
container_name name of the container in the task definition string app no
environment The environment that is being built string - yes
logz_token The auth token to use for sending logs to Logz.io string - yes
logz_url The endpoint to use for sending logs to Logz.io string https://listener.logz.io:8071 no
private_subnets The private subnets, minimum of 2, that are a part of the VPC(s) string - yes
public_subnets The public subnets, minimum of 2, that are a part of the VPC(s) string - yes
region The AWS region to use for the dev environment's infrastructure Currently, Fargate is only available in us-east-1. string us-east-1 no
saml_role The SAML role to use for adding users to the ECR policy string - yes
schedule_expression The shedule on which to run the fargate task. Follows the CloudWatch Event Schedule Expression format: https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html string - yes
secrets_saml_users The users (email addresses) from the saml role to give access list - yes
tags Tags for the infrastructure map - yes
vpc The VPC to use for the Fargate cluster string - yes

Outputs

Name Description
aws_profile Command to set the AWS_PROFILE
cicd_keys The AWS keys for the CICD user to use in a build system
docker_registry The URL for the docker image repo in ECR
register Command to register a new task definition for the task
status Command to view the status of the Fargate service