• Stars
    star
    206
  • Rank 190,504 (Top 4 %)
  • Language HCL
  • License
    Apache License 2.0
  • Created over 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Terraform module that implements a web app on ECS and supports autoscaling, CI/CD, monitoring, ALB integration, and much more.

terraform-aws-ecs-web-app Codefresh Build Status Latest Release Slack Community

README Header

Cloud Posse

A Terraform module which implements a web app on ECS and supporting AWS resources.


This project is part of our comprehensive "SweetOps" approach towards DevOps.

Terraform Open Source Modules

It's 100% Open Source and licensed under the APACHE2.

We literally have hundreds of terraform modules that are Open Source and well-maintained. Check them out!

Security & Compliance

Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance.

Benchmark Description
Infrastructure Security Infrastructure Security Compliance
CIS KUBERNETES Center for Internet Security, KUBERNETES Compliance
CIS AWS Center for Internet Security, AWS Compliance
CIS AZURE Center for Internet Security, AZURE Compliance
PCI-DSS Payment Card Industry Data Security Standards Compliance
NIST-800-53 National Institute of Standards and Technology Compliance
ISO27001 Information Security Management System, ISO/IEC 27001 Compliance
SOC2 Service Organization Control 2 Compliance
CIS GCP Center for Internet Security, GCP Compliance
HIPAA Health Insurance Portability and Accountability Compliance

Usage

IMPORTANT: We do not pin modules to versions in our examples because of the difficulty of keeping the versions in the documentation in sync with the latest released versions. We highly recommend that in your code you pin the version to the exact version you are using so that your infrastructure remains stable, and update versions in a systematic way so that they do not catch you by surprise.

Also, because of a bug in the Terraform registry (hashicorp/terraform#21417), the registry shows many of our inputs as required when in fact they are optional. The table below correctly indicates which inputs are required.

For a complete example, see examples/complete.

For automated tests of the complete example using bats and Terratest (which test and deploy the example on AWS), see test.

Other examples:

module "default_backend_web_app" {
  source = "cloudposse/ecs-web-app/aws"
  # Cloud Posse recommends pinning every module to a specific version
  # version     = "x.x.x"
  namespace                                       = "eg"
  stage                                           = "testing"
  name                                            = "appname"
  vpc_id                                          = module.vpc.vpc_id
  alb_ingress_unauthenticated_listener_arns       = module.alb.listener_arns
  alb_ingress_unauthenticated_listener_arns_count = 1
  aws_logs_region                                 = "us-east-2"
  ecs_cluster_arn                                 = aws_ecs_cluster.default.arn
  ecs_cluster_name                                = aws_ecs_cluster.default.name
  ecs_security_group_ids                          = [module.vpc.vpc_default_security_group_id]
  ecs_private_subnet_ids                          = module.subnets.private_subnet_ids
  alb_ingress_healthcheck_path                    = "/healthz"
  alb_ingress_unauthenticated_paths               = ["/*"]
  codepipeline_enabled                            = false

  container_environment = [
    {
      name = "COOKIE"
      value = "cookiemonster"
    },
    {
      name = "PORT"
      value = "80"
    }
  ]
}

Makefile Targets

Available targets:

  help                                Help screen
  help/all                            Display help for all targets
  help/short                          This help short screen
  lint                                Lint terraform code

Requirements

Name Version
terraform >= 0.13.0
aws >= 3.34

Providers

Name Version
aws >= 3.34

Modules

Name Source Version
alb_ingress cloudposse/alb-ingress/aws 0.25.1
alb_target_group_cloudwatch_sns_alarms cloudposse/alb-target-group-cloudwatch-sns-alarms/aws 0.17.0
container_definition cloudposse/ecs-container-definition/aws 0.58.1
ecr cloudposse/ecr/aws 0.34.0
ecs_alb_service_task cloudposse/ecs-alb-service-task/aws 0.64.1
ecs_cloudwatch_autoscaling cloudposse/ecs-cloudwatch-autoscaling/aws 0.7.3
ecs_cloudwatch_sns_alarms cloudposse/ecs-cloudwatch-sns-alarms/aws 0.12.2
ecs_codepipeline cloudposse/ecs-codepipeline/aws 0.30.0
this cloudposse/label/null 0.25.0

Resources

Name Type
aws_cloudwatch_log_group.app resource
aws_region.current data source

Inputs

Name Description Type Default Required
additional_tag_map Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration.
map(string) {} no
alb_arn_suffix ARN suffix of the ALB for the Target Group string "" no
alb_container_name The name of the container to associate with the ALB. If not provided, the generated container will be used string null no
alb_ingress_authenticated_hosts Authenticated hosts to match in Hosts header list(string) [] no
alb_ingress_authenticated_listener_arns A list of authenticated ALB listener ARNs to attach ALB listener rules to list(string) [] no
alb_ingress_authenticated_listener_arns_count The number of authenticated ARNs in alb_ingress_authenticated_listener_arns. This is necessary to work around a limitation in Terraform where counts cannot be computed number 0 no
alb_ingress_authenticated_paths Authenticated path pattern to match (a maximum of 1 can be defined) list(string) [] no
alb_ingress_enable_default_target_group If true, create a default target group for the ALB ingress bool true no
alb_ingress_health_check_healthy_threshold The number of consecutive health checks successes required before healthy number 2 no
alb_ingress_health_check_interval The duration in seconds in between health checks number 15 no
alb_ingress_health_check_matcher The HTTP response codes to indicate a healthy check string "200-399" no
alb_ingress_health_check_timeout The amount of time to wait in seconds before failing a health check request number 10 no
alb_ingress_health_check_unhealthy_threshold The number of consecutive health check failures required before unhealthy number 2 no
alb_ingress_healthcheck_path The path of the healthcheck which the ALB checks string "/" no
alb_ingress_healthcheck_protocol The protocol to use to connect with the target. Defaults to HTTP. Not applicable when target_type is lambda string "HTTP" no
alb_ingress_listener_authenticated_priority The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from alb_ingress_listener_unauthenticated_priority since a listener can't have multiple rules with the same priority number 300 no
alb_ingress_listener_unauthenticated_priority The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from alb_ingress_listener_authenticated_priority since a listener can't have multiple rules with the same priority number 1000 no
alb_ingress_protocol The protocol for the created ALB target group (if target_group_arn is not set). One of HTTP, HTTPS. Defaults to HTTP. string "HTTP" no
alb_ingress_protocol_version The protocol version. One of HTTP1, HTTP2, GRPC. Only applicable when protocol is HTTP or HTTPS. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1 string "HTTP1" no
alb_ingress_target_group_arn Existing ALB target group ARN. If provided, set alb_ingress_enable_default_target_group to false to disable creation of the default target group string "" no
alb_ingress_unauthenticated_hosts Unauthenticated hosts to match in Hosts header list(string) [] no
alb_ingress_unauthenticated_listener_arns A list of unauthenticated ALB listener ARNs to attach ALB listener rules to list(string) [] no
alb_ingress_unauthenticated_listener_arns_count The number of unauthenticated ARNs in alb_ingress_unauthenticated_listener_arns. This is necessary to work around a limitation in Terraform where counts cannot be computed number 0 no
alb_ingress_unauthenticated_paths Unauthenticated path pattern to match (a maximum of 1 can be defined) list(string) [] no
alb_security_group Security group of the ALB string n/a yes
alb_stickiness_cookie_duration The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds) number 86400 no
alb_stickiness_enabled Boolean to enable / disable stickiness. Default is true bool true no
alb_stickiness_type The type of sticky sessions. The only current possible value is lb_cookie string "lb_cookie" no
alb_target_group_alarms_3xx_threshold The maximum number of 3XX HTTPCodes in a given period for ECS Service number 25 no
alb_target_group_alarms_4xx_threshold The maximum number of 4XX HTTPCodes in a given period for ECS Service number 25 no
alb_target_group_alarms_5xx_threshold The maximum number of 5XX HTTPCodes in a given period for ECS Service number 25 no
alb_target_group_alarms_alarm_actions A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state list(string) [] no
alb_target_group_alarms_enabled A boolean to enable/disable CloudWatch Alarms for ALB Target metrics bool false no
alb_target_group_alarms_evaluation_periods The number of periods to analyze for ALB CloudWatch Alarms number 1 no
alb_target_group_alarms_insufficient_data_actions A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT_DATA state from any other state list(string) [] no
alb_target_group_alarms_ok_actions A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state list(string) [] no
alb_target_group_alarms_period The period (in seconds) to analyze for ALB CloudWatch Alarms number 300 no
alb_target_group_alarms_response_time_threshold The maximum ALB Target Group response time number 0.5 no
assign_public_ip Assign a public IP address to the ENI (Fargate launch type only). Valid values are true or false. Default false bool false no
attributes ID element. Additional attributes (e.g. workers or cluster) to add to id,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the delimiter
and treated as a single ID element.
list(string) [] no
authentication_cognito_scope Cognito scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) string null no
authentication_cognito_user_pool_arn Cognito User Pool ARN string "" no
authentication_cognito_user_pool_client_id Cognito User Pool Client ID string "" no
authentication_cognito_user_pool_domain Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (xxx) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) string "" no
authentication_oidc_authorization_endpoint OIDC Authorization Endpoint string "" no
authentication_oidc_client_id OIDC Client ID string "" no
authentication_oidc_client_secret OIDC Client Secret string "" no
authentication_oidc_issuer OIDC Issuer string "" no
authentication_oidc_scope OIDC scope, which should be a space separated string of requested scopes (see https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims, and https://developers.google.com/identity/protocols/oauth2/openid-connect#scope-param for an example set of scopes when using Google as the IdP) string null no
authentication_oidc_token_endpoint OIDC Token Endpoint string "" no
authentication_oidc_user_info_endpoint OIDC User Info Endpoint string "" no
authentication_type Authentication type. Supported values are COGNITO and OIDC string "" no
autoscaling_dimension Dimension to autoscale on (valid options: cpu, memory) string "memory" no
autoscaling_enabled A boolean to enable/disable Autoscaling policy for ECS Service bool false no
autoscaling_max_capacity Maximum number of running instances of a Service number 2 no
autoscaling_min_capacity Minimum number of running instances of a Service number 1 no
autoscaling_scale_down_adjustment Scaling adjustment to make during scale down event number -1 no
autoscaling_scale_down_cooldown Period (in seconds) to wait between scale down events number 300 no
autoscaling_scale_up_adjustment Scaling adjustment to make during scale up event number 1 no
autoscaling_scale_up_cooldown Period (in seconds) to wait between scale up events number 60 no
aws_logs_prefix Custom AWS Logs prefix. If empty name from label module will be used string "" no
aws_logs_region The region for the AWS Cloudwatch Logs group string null no
badge_enabled Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled bool false no
branch Branch of the GitHub repository, e.g. master string "" no
build_environment_variables A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER_STORE', or 'SECRETS_MANAGER'
list(object(
{
name = string
value = string
type = string
}))
[] no
build_image Docker image for build environment, e.g. aws/codebuild/docker:docker:17.09.0 string "aws/codebuild/docker:17.09.0" no
build_timeout How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed number 60 no
buildspec Declaration to use for building the project. For more info string "" no
capacity_provider_strategies The capacity provider strategies to use for the service. See capacity_provider_strategy configuration block: https://www.terraform.io/docs/providers/aws/r/ecs_service.html#capacity_provider_strategy
list(object({
capacity_provider = string
weight = number
base = number
}))
[] no
circuit_breaker_deployment_enabled If true, enable the deployment circuit breaker logic for the service bool false no
circuit_breaker_rollback_enabled If true, Amazon ECS will roll back the service if a service deployment fails bool false no
cloudwatch_log_group_enabled A boolean to disable cloudwatch log group creation bool true no
codebuild_cache_type The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO_CACHE, LOCAL, and S3. Defaults to NO_CACHE. If cache_type is S3, it will create an S3 bucket for storing codebuild cache inside string "S3" no
codepipeline_build_cache_bucket_suffix_enabled The codebuild cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache_type is 'S3' bool true no
codepipeline_build_compute_type CodeBuild instance size. Possible values are: BUILD_GENERAL1_SMALL BUILD_GENERAL1_MEDIUM BUILD_GENERAL1_LARGE string "BUILD_GENERAL1_SMALL" no
codepipeline_cdn_bucket_buildspec_identifier Identifier for buildspec section controlling the optional CDN asset deployment. string null no
codepipeline_cdn_bucket_encryption_enabled If set to true, enable encryption on the optional CDN asset deployment bucket bool false no
codepipeline_cdn_bucket_id Optional bucket for static asset deployment. If specified, the buildspec must include a secondary artifacts section which controls the files deployed to the bucket For more info string null no
codepipeline_enabled A boolean to enable/disable AWS Codepipeline. If false, use ecr_enabled to control if AWS ECR stays enabled. bool true no
codepipeline_s3_bucket_force_destroy A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error bool false no
command The command that is passed to the container list(string) null no
container_cpu The vCPU setting to control cpu limits of container. (If FARGATE launch type is used below, this must be a supported vCPU size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) number 256 no
container_definition Override the main container_definition string "" no
container_environment The environment variables to pass to the container. This is a list of maps
list(object({
name = string
value = string
}))
null no
container_image The default container image to use in container definition string "cloudposse/default-backend" no
container_memory The amount of RAM to allow container to use in MB. (If FARGATE launch type is used below, this must be a supported Memory size from the table here: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html) number 512 no
container_memory_reservation The amount of RAM (Soft Limit) to allow container to use in MB. This value must be less than container_memory if set number 128 no
container_port The port number on the container bound to assigned host_port number 80 no
container_repo_credentials Container repository credentials; required when using a private repo. This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials map(string) null no
container_start_timeout Time duration (in seconds) to wait before giving up on resolving dependencies for a container number 30 no
container_stop_timeout Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own number 30 no
context Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
any
{
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
}
no
delimiter Delimiter to be used between ID elements.
Defaults to - (hyphen). Set to "" to use no delimiter at all.
string null no
deployment_controller_type Type of deployment controller. Valid values are CODE_DEPLOY and ECS string "ECS" no
deployment_maximum_percent The upper limit of the number of tasks (as a percentage of desired_count) that can be running in a service during a deployment number 200 no
deployment_minimum_healthy_percent The lower limit (as a percentage of desired_count) of the number of tasks that must remain running and healthy in a service during a deployment number 100 no
descriptor_formats Describe additional descriptors to be output in the descriptors output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
{<br> format = string<br> labels = list(string)<br>}
(Type is any so the map values can later be enhanced to provide additional options.)
format is a Terraform format string to be passed to the format() function.
labels is a list of labels, in order, to pass to format() function.
Label values will be normalized before being passed to format() so they will be
identical to how they appear in id.
Default is {} (descriptors output will be empty).
any {} no
desired_count The desired number of tasks to start with. Set this to 0 if using DAEMON Service type. (FARGATE does not suppoert DAEMON Service type) number 1 no
ecr_enabled A boolean to enable/disable AWS ECR bool true no
ecr_image_tag_mutability The tag mutability setting for the ecr repository. Must be one of: MUTABLE or IMMUTABLE string "IMMUTABLE" no
ecr_scan_images_on_push Indicates whether images are scanned after being pushed to the repository (true) or not (false) bool false no
ecs_alarms_cpu_utilization_high_alarm_actions A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action list(string) [] no
ecs_alarms_cpu_utilization_high_evaluation_periods Number of periods to evaluate for the alarm number 1 no
ecs_alarms_cpu_utilization_high_ok_actions A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action list(string) [] no
ecs_alarms_cpu_utilization_high_period Duration in seconds to evaluate for the alarm number 300 no
ecs_alarms_cpu_utilization_high_threshold The maximum percentage of CPU utilization average number 80 no
ecs_alarms_cpu_utilization_low_alarm_actions A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action list(string) [] no
ecs_alarms_cpu_utilization_low_evaluation_periods Number of periods to evaluate for the alarm number 1 no
ecs_alarms_cpu_utilization_low_ok_actions A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action list(string) [] no
ecs_alarms_cpu_utilization_low_period Duration in seconds to evaluate for the alarm number 300 no
ecs_alarms_cpu_utilization_low_threshold The minimum percentage of CPU utilization average number 20 no
ecs_alarms_enabled A boolean to enable/disable CloudWatch Alarms for ECS Service metrics bool false no
ecs_alarms_memory_utilization_high_alarm_actions A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action list(string) [] no
ecs_alarms_memory_utilization_high_evaluation_periods Number of periods to evaluate for the alarm number 1 no
ecs_alarms_memory_utilization_high_ok_actions A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action list(string) [] no
ecs_alarms_memory_utilization_high_period Duration in seconds to evaluate for the alarm number 300 no
ecs_alarms_memory_utilization_high_threshold The maximum percentage of Memory utilization average number 80 no
ecs_alarms_memory_utilization_low_alarm_actions A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action list(string) [] no
ecs_alarms_memory_utilization_low_evaluation_periods Number of periods to evaluate for the alarm number 1 no
ecs_alarms_memory_utilization_low_ok_actions A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action list(string) [] no
ecs_alarms_memory_utilization_low_period Duration in seconds to evaluate for the alarm number 300 no
ecs_alarms_memory_utilization_low_threshold The minimum percentage of Memory utilization average number 20 no
ecs_cluster_arn The ECS Cluster ARN where ECS Service will be provisioned string n/a yes
ecs_cluster_name The ECS Cluster Name to use in ECS Code Pipeline Deployment step string null no
ecs_private_subnet_ids List of Private Subnet IDs to provision ECS Service onto if var.network_mode = "awsvpc" list(string) n/a yes
ecs_security_group_enabled Whether to create a security group for the service. bool true no
ecs_security_group_ids Additional Security Group IDs to allow into ECS Service if var.network_mode = "awsvpc" list(string) [] no
enable_all_egress_rule A flag to enable/disable adding the all ports egress rule to the ECS security group bool true no
enable_ecs_managed_tags Specifies whether to enable Amazon ECS managed tags for the tasks within the service bool false no
enabled Set to false to prevent the module from creating any resources bool null no
entrypoint The entry point that is passed to the container list(string) null no
environment ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' string null no
exec_enabled Specifies whether to enable Amazon ECS Exec for the tasks within the service bool false no
force_new_deployment Enable to force a new task deployment of the service. bool false no
github_oauth_token GitHub Oauth Token with permissions to access private repositories string "" no
github_webhook_events A list of events which should trigger the webhook. See a list of available events list(string)
[
"push"
]
no
github_webhooks_token GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the GITHUB_TOKEN environment variable string "" no
health_check_grace_period_seconds Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 7200. Only valid for services configured to use load balancers number 0 no
healthcheck A map containing command (string), timeout, interval (duration in seconds), retries (1-10, number of times to retry before marking container unhealthy), and startPeriod (0-300, optional grace period to wait, in seconds, before failed healthchecks count toward retries)
object({
command = list(string)
retries = number
timeout = number
interval = number
startPeriod = number
})
null no
id_length_limit Limit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for keep the existing setting, which defaults to 0.
Does not affect id_full.
number null no
ignore_changes_desired_count Whether to ignore changes for desired count in the ECS service bool false no
ignore_changes_task_definition Ignore changes (like environment variables) to the ECS task definition bool true no
init_containers A list of additional init containers to start. The map contains the container_definition (JSON) and the main container's dependency condition (string) on the init container. The latter can be one of START, COMPLETE, SUCCESS or HEALTHY.
list(object({
container_definition = any
condition = string
}))
[] no
label_key_case Controls the letter case of the tags keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the tags input.
Possible values: lower, title, upper.
Default value: title.
string null no
label_order The order in which the labels (ID elements) appear in the id.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.
list(string) null no
label_value_case Controls the letter case of ID elements (labels) as included in id,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the tags input.
Possible values: lower, title, upper and none (no transformation).
Set this to title and set delimiter to "" to yield Pascal Case IDs.
Default value: lower.
string null no
labels_as_tags Set of labels (ID elements) to include as tags in the tags output.
Default is to include all labels.
Tags with empty values will not be included in the tags output.
Set to [] to suppress all generated tags.
Notes:
The value of the name tag, if included, will be the id, not the name.
Unlike other null-label inputs, the initial setting of labels_as_tags cannot be
changed in later chained modules. Attempts to change it will be silently ignored.
set(string)
[
"default"
]
no
launch_type The ECS launch type (valid options: FARGATE or EC2) string "FARGATE" no
log_driver The log driver to use for the container. If using Fargate launch type, only supported value is awslogs string "awslogs" no
log_retention_in_days The number of days to retain logs for the log group number 90 no
map_container_environment The environment variables to pass to the container. This is a map of string: {key: value}. environment overrides map_environment map(string) null no
mount_points Container mount points. This is a list of maps, where each map should contain a containerPath and sourceVolume
list(object({
containerPath = string
sourceVolume = string
readOnly = bool
}))
[] no
name ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a tag.
The "name" tag is set to the full id string. There is no tag with the value of the name input.
string null no
namespace ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique string null no
network_mode The network mode to use for the task. This is required to be awsvpc for FARGATE launch_type or null for EC2 launch_type string "awsvpc" no
nlb_cidr_blocks A list of CIDR blocks to add to the ingress rule for the NLB container port list(string) [] no
nlb_container_name The name of the container to associate with the NLB. If not provided, the generated container will be used string null no
nlb_container_port The port number on the container bound to assigned NLB host_port number 80 no
nlb_ingress_target_group_arn Target group ARN of the NLB ingress string "" no
permissions_boundary A permissions boundary ARN to apply to the 3 roles that are created. string "" no
platform_version The platform version on which to run your service. Only applicable for launch_type set to FARGATE. More information about Fargate platform versions can be found in the AWS ECS User Guide. string "LATEST" no
poll_source_changes Periodically check the location of your source content and run the pipeline if changes are detected bool false no
port_mappings The port mappings to configure for the container. This is a list of maps. Each map should contain "containerPort", "hostPort", and "protocol", where "protocol" is one of "tcp" or "udp". If using containers in a task with the awsvpc or host network mode, the hostPort can either be left blank or set to the same value as the containerPort
list(object({
containerPort = number
hostPort = number
protocol = string
}))
[
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
]
no
privileged When this variable is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter is not supported for Windows containers or tasks using the Fargate launch type. Due to how Terraform type casts booleans in json it is required to double quote this value string null no
propagate_tags Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are SERVICE and TASK_DEFINITION string null no
regex_replace_chars Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.
string null no
region AWS Region for S3 bucket string null no
repo_name GitHub repository name of the application to be built and deployed to ECS string "" no
repo_owner GitHub Organization or Username string "" no
runtime_platform Zero or one runtime platform configurations that containers in your task may use.
Map of strings with optional keys operating_system_family and cpu_architecture.
See runtime_platform docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform
list(map(string)) [] no
secrets The secrets to pass to the container. This is a list of maps
list(object({
name = string
valueFrom = string
}))
null no
service_registries The service discovery registries for the service. The maximum number of service_registries blocks is 1. The currently supported service registry is Amazon Route 53 Auto Naming Service - aws_service_discovery_service; see service_registries docs https://www.terraform.io/docs/providers/aws/r/ecs_service.html#service_registries-1
list(object({
registry_arn = string
port = number
container_name = string
container_port = number
}))
[] no
stage ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' string null no
system_controls A list of namespaced kernel parameters to set in the container, mapping to the --sysctl option to docker run. This is a list of maps: { namespace = "", value = ""} list(map(string)) null no
tags Additional tags (e.g. {'BusinessUnit': 'XYZ'}).
Neither the tag keys nor the tag values will be modified by this module.
map(string) {} no
task_cpu The number of CPU units used by the task. If unspecified, it will default to container_cpu. If using FARGATE launch type task_cpu must match supported memory values (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) number null no
task_memory The amount of memory (in MiB) used by the task. If unspecified, it will default to container_memory. If using Fargate launch type task_memory must match supported cpu value (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) number null no
task_policy_arns A list of IAM Policy ARNs to attach to the generated task role. list(string) [] no
task_role_arn The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services string "" no
tenant ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for string null no
ulimits The ulimits to configure for the container. This is a list of maps. Each map should contain "name", "softLimit" and "hardLimit"
list(object({
name = string
softLimit = number
hardLimit = number
}))
[] no
use_alb_security_group A boolean to enable adding an ALB security group rule for the service task bool false no
use_ecr_image If true, use ECR repo URL for image, otherwise use value in container_image bool false no
use_nlb_cidr_blocks A flag to enable/disable adding the NLB ingress rule to the security group bool false no
volumes Task volume definitions as list of configuration objects
list(object({
host_path = string
name = string
docker_volume_configuration = list(object({
autoprovision = bool
driver = string
driver_opts = map(string)
labels = map(string)
scope = string
}))
efs_volume_configuration = list(object({
file_system_id = string
root_directory = string
transit_encryption = string
transit_encryption_port = string
authorization_config = list(object({
access_point_id = string
iam = string
}))
}))
}))
[] no
vpc_id The VPC ID where resources are created string n/a yes
webhook_authentication The type of authentication to use. One of IP, GITHUB_HMAC, or UNAUTHENTICATED string "GITHUB_HMAC" no
webhook_enabled Set to false to prevent the module from creating any webhook resources bool true no
webhook_filter_json_path The JSON path to filter on string "$.ref" no
webhook_filter_match_equals The value to match on (e.g. refs/heads/{Branch}) string "refs/heads/{Branch}" no
webhook_target_action The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline string "Source" no

Outputs

Name Description
alb_ingress All outputs from module.alb_ingress
alb_ingress_target_group_arn ALB Target Group ARN
alb_ingress_target_group_arn_suffix ALB Target Group ARN suffix
alb_ingress_target_group_name ALB Target Group name
alb_target_group_cloudwatch_sns_alarms All outputs from module.alb_target_group_cloudwatch_sns_alarms
cloudwatch_log_group All outputs from aws_cloudwatch_log_group.app
cloudwatch_log_group_arn Cloudwatch log group ARN
cloudwatch_log_group_name Cloudwatch log group name
codebuild All outputs from module.ecs_codepipeline
codebuild_badge_url The URL of the build badge when badge_enabled is enabled
codebuild_cache_bucket_arn CodeBuild cache S3 bucket ARN
codebuild_cache_bucket_name CodeBuild cache S3 bucket name
codebuild_project_id CodeBuild project ID
codebuild_project_name CodeBuild project name
codebuild_role_arn CodeBuild IAM Role ARN
codebuild_role_id CodeBuild IAM Role ID
codepipeline_arn CodePipeline ARN
codepipeline_id CodePipeline ID
codepipeline_webhook_id The CodePipeline webhook's ID
codepipeline_webhook_url The CodePipeline webhook's URL. POST events to this endpoint to trigger the target
container_definition All outputs from module.container_definition
container_definition_json JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition
container_definition_json_map JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition
ecr All outputs from module.ecr
ecr_registry_id Registry ID
ecr_registry_url Repository URL
ecr_repository_arn ARN of ECR repository
ecr_repository_name Registry name
ecr_repository_url Repository URL
ecs_alarms All outputs from module.ecs_cloudwatch_sns_alarms
ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_arn ECS CPU utilization high CloudWatch metric alarm ARN
ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id ECS CPU utilization high CloudWatch metric alarm ID
ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_arn ECS CPU utilization low CloudWatch metric alarm ARN
ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id ECS CPU utilization low CloudWatch metric alarm ID
ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_arn ECS Memory utilization high CloudWatch metric alarm ARN
ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id ECS Memory utilization high CloudWatch metric alarm ID
ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_arn ECS Memory utilization low CloudWatch metric alarm ARN
ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id ECS Memory utilization low CloudWatch metric alarm ID
ecs_alb_service_task All outputs from module.ecs_alb_service_task
ecs_cloudwatch_autoscaling All outputs from module.ecs_cloudwatch_autoscaling
ecs_cloudwatch_autoscaling_scale_down_policy_arn ARN of the scale down policy
ecs_cloudwatch_autoscaling_scale_up_policy_arn ARN of the scale up policy
ecs_exec_role_policy_id The ECS service role policy ID, in the form of role_name:role_policy_name
ecs_exec_role_policy_name ECS service role name
ecs_service_arn ECS Service ARN
ecs_service_name ECS Service name
ecs_service_role_arn ECS Service role ARN
ecs_service_security_group_id Security Group ID of the ECS task
ecs_task_definition_family ECS task definition family
ecs_task_definition_revision ECS task definition revision
ecs_task_exec_role_arn ECS Task exec role ARN
ecs_task_exec_role_name ECS Task role name
ecs_task_role_arn ECS Task role ARN
ecs_task_role_id ECS Task role id
ecs_task_role_name ECS Task role name
httpcode_elb_5xx_count_cloudwatch_metric_alarm_arn ALB 5xx count CloudWatch metric alarm ARN
httpcode_elb_5xx_count_cloudwatch_metric_alarm_id ALB 5xx count CloudWatch metric alarm ID
httpcode_target_3xx_count_cloudwatch_metric_alarm_arn ALB Target Group 3xx count CloudWatch metric alarm ARN
httpcode_target_3xx_count_cloudwatch_metric_alarm_id ALB Target Group 3xx count CloudWatch metric alarm ID
httpcode_target_4xx_count_cloudwatch_metric_alarm_arn ALB Target Group 4xx count CloudWatch metric alarm ARN
httpcode_target_4xx_count_cloudwatch_metric_alarm_id ALB Target Group 4xx count CloudWatch metric alarm ID
httpcode_target_5xx_count_cloudwatch_metric_alarm_arn ALB Target Group 5xx count CloudWatch metric alarm ARN
httpcode_target_5xx_count_cloudwatch_metric_alarm_id ALB Target Group 5xx count CloudWatch metric alarm ID
target_response_time_average_cloudwatch_metric_alarm_arn ALB Target Group response time average CloudWatch metric alarm ARN
target_response_time_average_cloudwatch_metric_alarm_id ALB Target Group response time average CloudWatch metric alarm ID

Share the Love

Like this project? Please give it a ★ on our GitHub! (it helps us a lot)

Are you using this project or any of our other projects? Consider leaving a testimonial. =)

Related Projects

Check out these related projects.

Help

Got a question? We got answers.

File a GitHub issue, send us an email or join our Slack Community.

README Commercial Support

DevOps Accelerator for Startups

We are a DevOps Accelerator. We'll help you build your cloud infrastructure from the ground up so you can own it. Then we'll show you how to operate it and stick around for as long as you need us.

Learn More

Work directly with our team of DevOps experts via email, slack, and video conferencing.

We deliver 10x the value for a fraction of the cost of a full-time engineer. Our track record is not even funny. If you want things done right and you need it done FAST, then we're your best bet.

  • Reference Architecture. You'll get everything you need from the ground up built using 100% infrastructure as code.
  • Release Engineering. You'll have end-to-end CI/CD with unlimited staging environments.
  • Site Reliability Engineering. You'll have total visibility into your apps and microservices.
  • Security Baseline. You'll have built-in governance with accountability and audit logs for all changes.
  • GitOps. You'll be able to operate your infrastructure via Pull Requests.
  • Training. You'll receive hands-on training so your team can operate what we build.
  • Questions. You'll have a direct line of communication between our teams via a Shared Slack channel.
  • Troubleshooting. You'll get help to triage when things aren't working.
  • Code Reviews. You'll receive constructive feedback on Pull Requests.
  • Bug Fixes. We'll rapidly work with you to fix any bugs in our projects.

Slack Community

Join our Open Source Community on Slack. It's FREE for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally sweet infrastructure.

Discourse Forums

Participate in our Discourse Forums. Here you'll find answers to commonly asked questions. Most questions will be related to the enormous number of projects we support on our GitHub. Come here to collaborate on answers, find solutions, and get ideas about the products and services we value. It only takes a minute to get started! Just sign in with SSO using your GitHub account.

Newsletter

Sign up for our newsletter that covers everything on our technology radar. Receive updates on what we're up to on GitHub as well as awesome new projects we discover.

Office Hours

Join us every Wednesday via Zoom for our weekly "Lunch & Learn" sessions. It's FREE for everyone!

zoom

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

If you are interested in being a contributor and want to get involved in developing this project or help out with our other projects, we would love to hear from you! Shoot us an email.

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

  1. Fork the repo on GitHub
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

Copyright

Copyright © 2017-2023 Cloud Posse, LLC

License

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

  https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.

Trademarks

All other trademarks referenced herein are the property of their respective owners.

About

This project is maintained and funded by Cloud Posse, LLC. Like it? Please let us know by leaving a testimonial!

Cloud Posse

We're a DevOps Professional Services company based in Los Angeles, CA. We ❤️ Open Source Software.

We offer paid support on all of our projects.

Check out our other projects, follow us on twitter, apply for a job, or hire us to help with your cloud strategy and implementation.

Contributors

Erik Osterman
Erik Osterman
Igor Rodionov
Igor Rodionov
Andriy Knysh
Andriy Knysh
Sarkis Varozian
Sarkis Varozian

README Footer Beacon

More Repositories

1

geodesic

🚀 Geodesic is a DevOps Linux Toolbox in Docker
Shell
952
star
2

atmos

👽 Terraform Orchestration Tool for DevOps. Keep environment configuration DRY with hierarchical imports of configurations, inheritance, and WAY more. Native support for Terraform and Helmfile.
MDX
705
star
3

bastion

🔒Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support
Shell
623
star
4

terraform-null-label

Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes])
HCL
516
star
5

terraform-aws-components

Opinionated, self-contained Terraform root modules that each solve one, specific problem
HCL
493
star
6

terraform-aws-eks-cluster

Terraform module for provisioning an EKS cluster
HCL
453
star
7

build-harness

Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more
Makefile
348
star
8

terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the `terraform.tfstate` file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption.
HCL
344
star
9

terraform-aws-ecs-container-definition

Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource
HCL
316
star
10

terraform-aws-elastic-beanstalk-environment

Terraform module to provision an AWS Elastic Beanstalk Environment
HCL
292
star
11

terraform-aws-cloudfront-s3-cdn

Terraform module to easily provision CloudFront CDN backed by an S3 origin
HCL
274
star
12

helmfiles

Comprehensive Distribution of Helmfiles for Kubernetes
Makefile
254
star
13

terraform-aws-jenkins

Terraform module to build Docker image with Jenkins, save it to an ECR repo, and deploy to Elastic Beanstalk running Docker stack
HCL
250
star
14

terraform-aws-vpc

Terraform Module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways
HCL
226
star
15

terraform-aws-elasticsearch

Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash.
HCL
216
star
16

terraform-aws-cloudtrail-cloudwatch-alarms

Terraform module for creating alarms for tracking important changes and occurrences from cloudtrail.
HCL
193
star
17

tfmask

Terraform utility to mask select output from `terraform plan` and `terraform apply`
Go
191
star
18

terraform-aws-cicd

Terraform Module for CI/CD with AWS Code Pipeline and Code Build
HCL
185
star
19

terraform-aws-ecr

Terraform Module to manage Docker Container Registries on AWS ECR
HCL
184
star
20

copyright-header

© Copyright Header is a utility to manipulate software licenses on source code.
Ruby
177
star
21

terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC
HCL
165
star
22

prometheus-to-cloudwatch

Utility for scraping Prometheus metrics from a Prometheus client endpoint and publishing them to CloudWatch
Go
159
star
23

reference-architectures

[WIP] Get up and running quickly with one of our reference architecture using our fully automated cold-start process.
HCL
154
star
24

charts

The "Cloud Posse" Distribution of Kubernetes Applications
Mustache
149
star
25

terraform-aws-s3-bucket

Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems
HCL
147
star
26

terraform-null-ansible

Terraform Module to run ansible playbooks
HCL
146
star
27

terraform-aws-ec2-instance

Terraform module for provisioning a general purpose EC2 host
HCL
143
star
28

terraform-aws-rds-cluster

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres
HCL
142
star
29

terraform-aws-key-pair

Terraform Module to Automatically Generate SSH Key Pairs (Public/Private Keys)
HCL
141
star
30

github-authorized-keys

Use GitHub teams to manage system user accounts and authorized_keys
Go
140
star
31

terraform-aws-ecs-codepipeline

Terraform Module for CI/CD with AWS Code Pipeline and Code Build for ECS https://cloudposse.com/
HCL
139
star
32

terraform-example-module

Example Terraform Module Scaffolding
HCL
135
star
33

terraform-aws-rds

Terraform module to provision AWS RDS instances
HCL
134
star
34

terraform-aws-ecs-alb-service-task

Terraform module which implements an ECS service which exposes a web service via ALB.
HCL
129
star
35

terraform-aws-elasticache-redis

Terraform module to provision an ElastiCache Redis Cluster
HCL
129
star
36

packages

Cloud Posse DevOps distribution of linux packages for native apps, binaries, alpine packages, debian packages, and redhat packages.
Shell
125
star
37

terraform-aws-ec2-bastion-server

Terraform module to define a generic Bastion host with parameterized user_data and support for AWS SSM Session Manager for remote access with IAM authentication.
HCL
124
star
38

tfenv

Transform environment variables for use with Terraform (e.g. `HOSTNAME` ⇨ `TF_VAR_hostname`)
Go
123
star
39

terraform-terraform-label

Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes])
HCL
116
star
40

terraform-aws-s3-website

Terraform Module for Creating S3 backed Websites and Route53 DNS
HCL
114
star
41

terraform-aws-ec2-autoscale-group

Terraform module to provision Auto Scaling Group and Launch Template on AWS
HCL
113
star
42

terraform-aws-iam-role

A Terraform module that creates IAM role with provided JSON IAM polices documents.
HCL
109
star
43

terraform-aws-vpc-peering-multi-account

Terraform module to provision a VPC peering across multiple VPCs in different accounts by using multiple providers
HCL
108
star
44

terraform-aws-vpc-peering

Terraform module to create a peering connection between two VPCs in the same AWS account.
HCL
105
star
45

github-commenter

Command line utility for creating GitHub comments on Commits, Pull Request Reviews or Issues
Go
104
star
46

terraform-aws-s3-log-storage

This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail
HCL
103
star
47

terraform-aws-rds-cloudwatch-sns-alarms

Terraform module that configures important RDS alerts using CloudWatch and sends them to an SNS topic
HCL
103
star
48

github-status-updater

Command line utility for updating GitHub commit statuses and enabling required status checks for pull requests
Go
100
star
49

terraform-aws-codebuild

Terraform Module to easily leverage AWS CodeBuild for Continuous Integration
HCL
96
star
50

terraform-provider-utils

The Cloud Posse Terraform Provider for various utilities (e.g. deep merging, stack configuration management)
Go
96
star
51

terraform-aws-alb

Terraform module to provision a standard ALB for HTTP/HTTP traffic
HCL
94
star
52

terraform-aws-cloudfront-cdn

Terraform Module that implements a CloudFront Distribution (CDN) for a custom origin.
HCL
93
star
53

terraform-aws-ssm-parameter-store

Terraform module to populate AWS Systems Manager (SSM) Parameter Store with values from Terraform. Works great with Chamber.
HCL
93
star
54

terraform-aws-acm-request-certificate

Terraform module to request an ACM certificate for a domain name and create a CNAME record in the DNS zone to complete certificate validation
HCL
93
star
55

terraform-aws-multi-az-subnets

Terraform module for multi-AZ public and private subnets provisioning
HCL
90
star
56

terraform-aws-cloudtrail

Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs
HCL
90
star
57

sudosh

Shell wrapper to run a login shell with `sudo` as the current user for the purpose of audit logging
Go
88
star
58

terraform-aws-sso

Terraform module to configure AWS Single Sign-On (SSO)
HCL
87
star
59

terraform-aws-backup

Terraform module to provision AWS Backup, a fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services such as EBS volumes, RDS databases, DynamoDB tables, EFS file systems, and AWS Storage Gateway volumes.
HCL
87
star
60

terraform-aws-eks-workers

Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers
HCL
84
star
61

terraform-aws-eks-node-group

Terraform module to provision a fully managed AWS EKS Node Group
HCL
82
star
62

terraform-aws-efs

Terraform Module to define an EFS Filesystem (aka NFS)
HCL
79
star
63

terraform-datadog-platform

Terraform module to configure and provision Datadog monitors, custom RBAC roles with permissions, Datadog synthetic tests, Datadog child organizations, and other Datadog resources from a YAML configuration, complete with automated tests.
HCL
79
star
64

terraform-aws-iam-system-user

Terraform Module to Provision a Basic IAM System User Suitable for CI/CD Systems (E.g. TravisCI, CircleCI)
HCL
76
star
65

terraform-aws-dynamodb

Terraform module that implements AWS DynamoDB with support for AutoScaling
HCL
72
star
66

terraform-aws-emr-cluster

Terraform module to provision an Elastic MapReduce (EMR) cluster on AWS
HCL
70
star
67

terraform-aws-msk-apache-kafka-cluster

Terraform module to provision AWS MSK
HCL
68
star
68

terraform-yaml-config

Terraform module to convert local and remote YAML configuration templates into Terraform lists and maps
HCL
67
star
69

terraform-aws-iam-user

Terraform Module to provision a basic IAM user suitable for humans.
HCL
66
star
70

slack-notifier

Command line utility to send messages with attachments to Slack channels via Incoming Webhooks
Go
65
star
71

actions

Our Library of GitHub Actions
TypeScript
62
star
72

terraform-aws-cloudwatch-logs

Terraform Module to Provide a CloudWatch Logs Endpoint
HCL
61
star
73

terraform-aws-kms-key

Terraform module to provision a KMS key with alias
HCL
61
star
74

terraform-aws-iam-s3-user

Terraform module to provision a basic IAM user with permissions to access S3 resources, e.g. to give the user read/write/delete access to the objects in an S3 bucket
HCL
53
star
75

load-testing

A collection of best practices, workflows, scripts and scenarios that Cloud Posse uses for load and performance testing of websites and applications (in particular those deployed on Kubernetes clusters)
JavaScript
52
star
76

docs

📘 SweetOps documentation for the Cloud Posse way of doing Infrastructure as Code. https://docs.cloudposse.com
Python
51
star
77

terraform-aws-documentdb-cluster

Terraform module to provision a DocumentDB cluster on AWS
HCL
51
star
78

terraform-aws-iam-policy-document-aggregator

Terraform module to aggregate multiple IAM policy documents into single policy document.
HCL
50
star
79

terraform-yaml-stack-config

Terraform module that loads an opinionated 'stack' configuration from local or remote YAML sources. It supports deep-merged variables, settings, ENV variables, backend config, and remote state outputs for Terraform and helmfile components.
HCL
50
star
80

terraform-aws-vpn-connection

Terraform module to provision a site-to-site VPN connection between a VPC and an on-premises network
HCL
49
star
81

terraform-aws-route53-alias

Terraform Module to Define Vanity Host/Domain (e.g. `brand.com`) as an ALIAS record
HCL
48
star
82

terraform-aws-transit-gateway

Terraform module to provision AWS Transit Gateway, AWS Resource Access Manager (AWS RAM) Resource, and share the Transit Gateway with the Organization or another AWS Account.
HCL
48
star
83

terraform-aws-ecs-atlantis

Terraform module for deploying Atlantis as an ECS Task
HCL
47
star
84

terraform-aws-cloudtrail-s3-bucket

S3 bucket with built in IAM policy to allow CloudTrail logs
HCL
47
star
85

terraform-aws-route53-cluster-zone

Terraform module to easily define consistent cluster domains on Route53 (e.g. `prod.ourcompany.com`)
HCL
46
star
86

terraform-aws-named-subnets

Terraform module for named subnets provisioning.
HCL
45
star
87

terraform-aws-route53-cluster-hostname

Terraform module to define a consistent AWS Route53 hostname
HCL
45
star
88

terraform-aws-elastic-beanstalk-application

Terraform Module to define an ElasticBeanstalk Application
HCL
44
star
89

terraform-aws-sns-topic

Terraform Module to Provide an Amazon Simple Notification Service (SNS)
HCL
44
star
90

terraform-aws-eks-fargate-profile

Terraform module to provision an EKS Fargate Profile
HCL
44
star
91

terraform-aws-config

This module configures AWS Config, a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
HCL
44
star
92

terraform-aws-service-control-policies

Terraform module to provision Service Control Policies (SCP) for AWS Organizations, Organizational Units, and AWS accounts
HCL
42
star
93

terraform-aws-efs-backup

Terraform module designed to easily backup EFS filesystems to S3 using DataPipeline
HCL
41
star
94

terraform-provider-awsutils

Terraform provider to help with various AWS automation tasks (mostly all that stuff we cannot accomplish with the official AWS terraform provider)
Go
41
star
95

terraform-aws-ec2-client-vpn

HCL
39
star
96

terraform-aws-cloudformation-stack

Terraform module to provision CloudFormation Stack
HCL
38
star
97

terraform-aws-utils

Utility functions for use with Terraform in the AWS environment
HCL
36
star
98

terraform-aws-ecs-cloudwatch-sns-alarms

Terraform module to create CloudWatch Alarms on ECS Service level metrics.
HCL
36
star
99

terraform-aws-waf

HCL
35
star
100

terraform-aws-ses

Terraform module to provision Simple Email Service on AWS
HCL
35
star