terraform-aws-concourse-web

Terraform module to deploy the web frontend of Concourse on ECS.

---

Usage

TODO

Makefile Targets

Available targets:

  help                                Help screen
  help/all                            Display help for all targets
  help/short                          This help short screen

Requirements

Name	Version
terraform	~> 0.14.0
aws	~> 3.32
external	~> 2.1
http	~> 2.0
local	~> 2.0
template	~> 2.2
utils	~> 0.3

Providers

Name	Version
aws	~> 3.32
random	n/a

Modules

Name	Source	Version
alb	cloudposse/alb/aws	0.33.0
create_db_container_definition	cloudposse/ecs-container-definition/aws	0.56.0
download_keys_container_definition	cloudposse/ecs-container-definition/aws	0.56.0
nlb	cloudposse/nlb/aws	0.8.0
this	cloudposse/label/null	0.24.1
web	cloudposse/ecs-web-app/aws	0.61.0

Resources

Name	Type
aws_ecs_cluster.default	resource
aws_iam_policy.default	resource
aws_iam_role_policy_attachment.default	resource
aws_security_group_rule.tsa_http_health_check_in	resource
aws_sns_topic.sns_topic	resource
random_password.default	resource
aws_iam_policy_document.default	data source
aws_vpc.default	data source

Inputs

Name	Description	Type	Default	Required
additional_tag_map	Additional tags for appending to tags_as_list_of_maps. Not added to tags.	map(string)	{}	no
attributes	Additional attributes (e.g. 1)	list(string)	[]	no
autoscaling_dimension	Dimension to autoscale on (valid options: cpu, memory)	string	"cpu"	no
autoscaling_enabled	A boolean to enable/disable Autoscaling policy for ECS Service	bool	false	no
certificate_arn	ARN of the ALB (HTTPS) certificate	string	n/a	yes
chamber_kms_key_arn	ARN of the chamber KMS key	string	""	no
concourse_db_name	Concourse PostgreSQL database name	string	"concourse"	no
concourse_db_password	Password for the Concourse database user	string	""	no
concourse_db_username	Username for the Concourse database	string	"concourse"	no
concourse_docker_image	Concourse docker image	string	"concourse/concourse"	no
concourse_github_auth_client_id	Github client id	string	null	no
concourse_github_auth_client_secret	Github client secret	string	null	no
concourse_main_team_github_org	Github team that can login	string	null	no
concourse_main_team_github_team	Github team that can login	string	null	no
concourse_version	Concourse version to use	string	"5.8.0"	no
container_cpu	The vCPU setting to control cpu limits of container	number	256	no
container_memory	The amount of RAM to allow container to use in MB	number	512	no
container_memory_reservation	The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than container_memory if set	number	128	no
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	object({ enabled = bool namespace = string environment = string stage = string name = string delimiter = string attributes = list(string) tags = map(string) additional_tag_map = map(string) regex_replace_chars = string label_order = list(string) id_length_limit = number })	{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }	no
db_admin_password	Admin password of the PostgreSQL database server	string	n/a	yes
db_admin_username	Admin user of the PostgreSQL database server	string	n/a	yes
db_hostname	PostgreSQL server hostname or IP	string	n/a	yes
db_name	Default PostgreSQL database	string	"postgres"	no
db_port	Port of the PostgreSQL server	string	"5432"	no
db_security_group_id	Database security group ID	string	n/a	yes
db_version	PostgreSQL engine version used in the Concourse database server	string	n/a	yes
delimiter	Delimiter to be used between namespace, environment, stage, name and attributes. Defaults to - (hyphen). Set to "" to use no delimiter at all.	string	null	no
enabled	Set to false to prevent the module from creating any resources	bool	null	no
environment	Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'	string	null	no
external_url_https	Concourse external URL (fully qualified, e.g. https://concourse.prod.acme.co)	string	n/a	yes
id_length_limit	Limit id to this many characters. Set to 0 for unlimited length. Set to null for default, which is 0. Does not affect id_full.	number	null	no
ingress_cidr_blocks_https	List of CIDR blocks allowed to access Concourse over HTTPS	list(string)	[ "0.0.0.0/0" ]	no
keys_bucket_arn	ARN of the bucket holding the keys	string	n/a	yes
keys_bucket_id	ID of the bucket holding the keys	string	n/a	yes
label_order	The naming order of the id output and Name tag. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 5 elements, but at least one must be present.	list(string)	null	no
name	Solution name, e.g. 'app' or 'jenkins'	string	null	no
namespace	Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'	string	null	no
private_subnet_ids	List of private VPC subnet IDs	list(string)	n/a	yes
public_subnet_ids	List of public VPC subnet IDs	list(string)	n/a	yes
regex_replace_chars	Regex to replace chars with empty string in namespace, environment, stage and name. If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.	string	null	no
region	AWS Region for deployment	string	n/a	yes
stage	Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'	string	null	no
tags	Additional tags (e.g. map('BusinessUnit','XYZ')	map(string)	{}	no
task_cpu	The number of CPU units used by the task	number	null	no
task_memory	The amount of memory (in MiB) used by the task	number	null	no
tsa_certificate_arn	ARN of the NLB certificate	string	n/a	yes
vpc_id	VPC ID for deployment	string	n/a	yes

Outputs

Name	Description
alb_dns_name	ALB DNS name
ecs_service_security_group_id	Security Group ID of the ECS task
ecs_task_role_name	Name of the ECS task role
nlb_dns_name	NLB DNS name

Related Projects

Check out these related projects.

• terraform-aws-concourse-ec2-worker - Terraform module for deploying a Concourse EC2 worker ASG
• terraform-aws-concourse-keys-s3 - Terraform module for deploying Concourse TLS / SSH keys to S3
• terraform-aws-concourse-sidecred-lambda - Terraform module to create a sidecred lambda for injecting and rotating credentials into SSM
• terraform-root-modules - Terraform root modules to provision top level account

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

1. Fork the repo on GitHub
2. Clone the project to your own machine
3. Commit changes to your own branch
4. Push your work back up to your fork
5. Submit a Pull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

Copyrights

Copyright © 2017-2021 Cloud Posse, LLC

Copyright © 2020-2021 Carnegie Robotics, LLC

Trademarks

All other trademarks referenced herein are the property of their respective owners.

About

This project is maintained and funded by Carnegie Robotics, LLC.