{"id":42923563,"url":"https://github.com/in4it/terraform-modules","last_synced_at":"2026-01-30T18:04:50.980Z","repository":{"id":38314638,"uuid":"119580097","full_name":"in4it/terraform-modules","owner":"in4it","description":"repository of useful terraform modules","archived":false,"fork":false,"pushed_at":"2025-06-16T14:43:11.000Z","size":505,"stargazers_count":99,"open_issues_count":2,"forks_count":177,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-06-16T14:44:17.589Z","etag":null,"topics":["aws","ecs","terraform"],"latest_commit_sha":null,"homepage":"http://www.in4it.io","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/in4it.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-01-30T18:56:42.000Z","updated_at":"2025-05-30T14:18:37.000Z","dependencies_parsed_at":"2023-11-15T17:41:41.885Z","dependency_job_id":"2293dad7-c6a2-45df-a9c0-961a37794a42","html_url":"https://github.com/in4it/terraform-modules","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/in4it/terraform-modules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in4it%2Fterraform-modules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in4it%2Fterraform-modules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in4it%2Fterraform-modules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in4it%2Fterraform-modules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/in4it","download_url":"https://codeload.github.com/in4it/terraform-modules/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/in4it%2Fterraform-modules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28917033,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T16:37:38.804Z","status":"ssl_error","status_checked_at":"2026-01-30T16:37:37.878Z","response_time":66,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","ecs","terraform"],"created_at":"2026-01-30T18:04:11.486Z","updated_at":"2026-01-30T18:04:50.973Z","avatar_url":"https://github.com/in4it.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-modules\nrepository of useful terraform modules\n\n# Usage\n\n\n## ECS Cluster (EC2)\n```terraform\nmodule \"my-ecs\" {\n source = \"github.com/in4it/terraform-modules//modules/ecs-cluster\"\n vpc_id = \"vpc-id\"\n cluster_name = \"my-ecs\"\n instance_type = \"t2.small\"\n ssh_key_name = \"mykeypairName\"\n vpc_subnets = \"subnetId-1,subnetId-2\"\n enable_ssh = true\n ssh_sg = \"my-ssh-sg\"\n log_group = \"my-log-group\"\n aws_account_id = \"1234567890\"\n aws_region = \"us-east-1\"\n}\n```\n\n## ECS Cluster (Fargate)\n```terraform\nmodule \"my-ecs\" {\n source = \"github.com/in4it/terraform-modules//modules/fargate-cluster\"\n cluster_name = \"my-ecs\"\n log_group = \"my-log-group\"\n}\n```\n\n## ECS Service\n```terraform\nmodule \"my-service\" {\n source = \"github.com/in4it/terraform-modules//modules/ecs-service\"\n vpc_id = \"vpc-id\"\n application_name = \"my-service\"\n application_port = \"8080\"\n application_version = \"latest\"\n cluster_arn = \"${module.my-ecs.cluster_arn}\"\n service_role_arn = \"${module.my-ecs.service_role_arn}\"\n aws_region = \"us-east-1\"\n healthcheck_matcher = \"200\"\n cpu_reservation = \"1024\"\n memory_reservation = \"1024\"\n log_group = \"my-log-group\"\n desired_count = 2\n alb_arn = \"${module.my-alb.alb_arn}\"\n launch_type = \"FARGATE\"\n security_groups = [\"\"]\n subnets = [\"\"]\n}\n```\n\n## ALB\n```terraform\nmodule \"my-alb\" {\n source = \"github.com/in4it/terraform-modules/modules/alb\"\n vpc_id = \"vpc-id\"\n lb_name = \"my-alb\"\n vpc_subnets = \"subnetId-1,subnetId-2\"\n default_target_arn = \"${module.my-service.target_group_arn}\"\n domain = \"*.my-ecs.com\"\n internal = false\n ecs_sg = \"${module.my-ecs.cluster_sg}\"\n}\n```\n\n## ALB Rule\n```terraform\nmodule \"my-alb-rule\" {\n source = \"github.com/in4it/terraform-modules/modules/alb-rule\"\n listener_arn = \"${module.my-alb.http_listener_arn}\"\n priority = 100\n target_group_arn = \"${module.my-service.target_group_arn}\"\n condition_field = \"host-header\"\n condition_values = [\"subdomain.my-ecs.com\"]\n}\n```\n\n## Kinesis\n\n### Example with mandatory parameters\n```terraform\nmodule \"my-kinesis\" {\n name = \"my-name\"\n}\n```\n\n### Example with advance parameters\n```terraform\nmodule \"my-kinesis\" {\n name = \"my-name\"\n kms_description = \"My description\"\n environment = \"my-env\"\n kinesis_stream_encryption = true\n kinesis_shard_count = 1\n kinesis_retention_period = 24\n kms_deletion_window_in_days = 30\n kms_enable_key_rotation = true\n enable_kinesis_firehose = true\n firehose_s3_compression_format = \"GZIP\"\n kinesis_firehose_destination = \"s3\"\n s3_bucket_sse = true\n vpcs_restriction_list = [my-vpcs]\n s3_deletion_protection = true\n s3_vpc_restriction_exception_roles = [my-exception-roles]\n}\n\n```\n## Dynamodb\n```terraform\nmodule \"dynamodb_table\" {\n source = \"my-dynamodb\"\n table_name = \"example-table\"\n hash_key = \"id\"\n range_key = \"idr\"\n autoscaling_enabled = \"false\"\n read_capacity = 1\n write_capacity = 1\n stream_enabled = \"false\"\n billing_mode = \"PROVISIONED\"\n point_in_time_recovery = \"false\"\n ttl_enabled = \"false\"\n ttl_attribute_name = \"ttl\"\n server_side_encryption = \"false\"\n server_side_encryption_kms_key_arn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"\n \n global_secondary_indexes = [\n {\n name = \"index_name\"\n hash_key = \"S\"\n range_key = \"S\"\n projection_type = \"ALL\"\n read_capacity = \"1\"\n write_capacity = \"1\"\n }\n ]\n \n local_secondary_indexes = [\n {\n name = \"index_name\"\n hash_key = \"S\"\n range_key = \"S\"\n projection_type = \"ALL\"\n read_capacity = \"1\"\n write_capacity = \"1\"\n }\n]\n\n replica_regions {\n region_name = \"us-east-1\"\n }\n\n attributes = [\n {\n name = \"id\"\n type = \"N\"\n },\n {\n name = \"idr\"\n type = \"N\"\n }\n ]\n \n\n timeouts {\n create = \"10m\"\n update = \"10m\"\n delete = \"10m\"\n }\n\n # Only enable with autoscaling_enabled = \"true\"\n\n autoscaling_indexes = {\n index_name = {\n read_min_capacity = 1\n read_max_capacity = 20\n write_min_capacity = 1\n write_max_capacity = 20\n read_index_scale_in_cooldown = 200\n read_index_scale_out_cooldown = 20 \n write_index_target = 70\n write_index_scale_in_cooldown = 200\n write_index_scale_out_cooldown = 20\n }\n }\n\n as_read_min_capacity = \"1\"\n as_write_min_capacity = \"1\"\n as_read_max_capacity = \"50\"\n as_write_max_capacity = \"50\"\n as_read_target_value = \"80\"\n as_read_scale_in_cooldown = \"300\"\n as_read_scale_out_cooldown = \"30\"\n as_write_target_value = \"80\"\n as_write_scale_in_cooldown = \"300\"\n as_write_scale_out_cooldown = \"30\"\n}\n```\n\n## AWS SFTP Transfer\n\n```terraform\nmodule \"transfer\" {\n transfer_server_name = \"transfer-server\"\n transfer_server_user_names = [\"sftp-user-name-01\", \"sftp-user-name-02\"]\n transfer_server_ssh_keys = [file(\"../../data/ssh/example-key-sftp-01-${var.env}.pub\"),file(\"../../data/ssh/example-key-sftp-02-${var.env}.pub\")]\n bucket_name = aws_s3_bucket.transfer-bucket.id\n bucket_arn = aws_s3_bucket.transfer-bucket.arn\n}\n```\n\n## OpenVPN\n\n```terraform\nmodule \"vpc\" {\n source = \"terraform-aws-modules/vpc/aws\"\n\n name = \"myclient-dev\"\n cidr = \"10.1.0.0/16\"\n\n azs = [\"eu-west-1a\",\"eu-west-1b\"]\n private_subnets = [\"10.1.4.0/24\", \"10.1.5.0/24\"]\n public_subnets = [\"10.1.1.0/24\", \"10.1.2.0/24\"]\n database_subnets = [\"10.1.7.0/24\", \"10.1.8.0/24\"]\n\n enable_dns_hostnames = true\n enable_dns_support = true\n enable_dhcp_options = true\n\n enable_nat_gateway = true\n one_nat_gateway_per_az = false\n single_nat_gateway = true\n}\n\nmodule \"alb\" {\n source = \"git@github.com:in4it/terraform-modules.git//modules/alb\"\n vpc_id = module.vpc.vpc_id\n lb_name = \"myclient-dev\"\n vpc_subnets = module.vpc.public_subnets\n domain = \"example.com\"\n internal = false\n\n tls = true\n\n tls_policy = \"ELBSecurityPolicy-TLS-1-2-Ext-2018-06\"\n access_logs = {\n enabled = \"true\"\n }\n}\n\nmodule \"vpn\" {\n source = \"git@github.com:in4it/terraform-modules.git//modules/openvpn\"\n env = \"dev\"\n domain = \"example.com\"\n project_name = \"my_client\"\n\n vpc_id = module.vpc.vpc_id\n public_subnets = module.vpc.public_subnets\n private_subnets = module.vpc.private_subnets\n\n hosted_zone_id = data.terraform_remote_state.dns.outputs.primary-hosted-zone\n\n create_r53_records = true\n alb_arn = module.alb.lb_arn\n alb_dns_name = module.alb.dns_name\n alb_dns_zone_id = module.alb.zone_id\n alb_https_listener_arn = module.alb.https_listener_arn\n alb_security_group_id = module.alb.security-group-id\n\n cert_req_city = \"London\"\n cert_req_country = \"EN\"\n cert_req_email = \"admin@my_client.com\"\n cert_req_province = \"London\"\n certificate_organization_name = \"my_client\"\n organization_name = \"my_client\"\n\n csrf_key_parameter_arn = \"arn:aws:ssm:eu-west-1:0123456789:parameter/my_client-dev/vpn/CSRF_KEY\"\n onelogin_client_domain = \"my_client\"\n onelogin_client_id = var.onelogin_client_id\n onelogin_client_secret = var.onelogin_client_secret\n open_vpn_client_file_base64 = base64encode(data.template_file.openvpn-client.rendered)\n ouath2_client_id_parameter_arn = \"arn:aws:ssm:eu-west-1:0123456789:parameter/my_client-dev/vpn/OAUTH2_CLIENT_ID\"\n ouath2_client_secret_parameter_arn = \"arn:aws:ssm:eu-west-1:0123456789:parameter/my_client-dev/vpn/OAUTH2_CLIENT_SECRET\"\n oauth2_url = \"https://my_client.onelogin.com/oidc/2\"\n}\n```\n\n## Security (AWS CIS v1.5.0)\n\n```terraform\nmodule \"cis-security\" {\n source = \"./modules/cis\"\n\n company_name = \"acmecorp\"\n env = \"dev\"\n\n alarm_namespace = \"LogMetrics\"\n aws_account_id = \"123343534564\"\n organization_id = \"id-123343534564\"\n sns_arn = \"arn:aws:sns:us-east-2:123343534564:MyTopic\"\n}\n```\n\n## Wireguard VPN\nOnce applied, the [firezone](https://github.com/firezone/firezone) web UI is available at https://vpn.mydomain.com (external_url). State is stored in efs and RDS.\n```terraform\nmodule \"wireguard\" {\n source = \"github.com/in4it/terraform-modules/modules/wireguard\"\n env = \"prod\"\n external_url = \"https://vpn.mydomain.com\"\n admin_email = \"your@email.inv\"\n vpc_id = \"vpc-123456\"\n\n instance_subnet_id = \"subnet-123456\" # public subnet\n efs_subnet_ids = [\"subnet-123456\", \"subnet-789abc\"] # private subnet\n db_subnet_ids = [\"subnet-123456\", \"subnet-789abc\"] # private subnet\n}\n```\n\n## RDS Module\n```terraform\nmodule \"mysql\" {\n source = \"git@github.com:in4it/terraform-modules.git//modules/rds\"\n name = \"my_client-mysql-${var.env}\"\n vpc_id = data.terraform_remote_state.network.outputs.vpc_id\n subnet_ids = data.terraform_remote_state.network.outputs.database_subnets\n subnet_group = data.terraform_remote_state.network.outputs.database_subnet_group\n instance_type = true\n multi_az = true\n deletion_protection = true\n\n ingress_security_groups = [\n data.terraform_remote_state.vpn.outputs.vpn-sg,\n data.terraform_remote_state.app.outputs.example-service-1,\n data.terraform_remote_state.app.outputs.example-service-2,\n ]\n\n engine = \"mysql\"\n engine_version = \"5.7.38\"\n storage = 100\n max_allocated_storage = 1000\n storage_type = \"gp3\"\n username = \"my_client\"\n database_name = \"my_client\"\n\n iam_database_authentication_enabled = false\n at_rest_encryption = true\n\n parameters = []\n}\n```\n\n## Wireguard site-to-site\n```\nmodule \"site2site\" {\n source = \"github.com/in4it/terraform-modules/modules/wireguard-site2site\"\n env = \"prod\"\n identifier = \"site2site\"\n vpc_id = \"vpc-123456\"\n instance_subnet_id = \"subnet-123456\"\n\n instance_type = \"t3.medium\"\n\n vpn_destination_pubkey = \"wireguard public key destination\"\n vpn_internal_cidr = \"10.0.0.0/16\" # siteA internal ip range (this side)\n vpn_destination_allowed_ips = \"10.1.0.0/16\" # siteB ip range\n vpn_destination_public_ip = \"1.2.3.4\" # siteB public IP\n\n listeners = [\n {\n port = \"51820\"\n protocol = \"udp\"\n cidr_blocks = [\"1.2.3.4/32\"] # site B public IP\n },\n {\n port = \"0\"\n protocol = \"-1\"\n cidr_blocks = [\"10.0.0.0/16\"] # siteA internal IP range\n },\n ]\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fin4it%2Fterraform-modules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fin4it%2Fterraform-modules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fin4it%2Fterraform-modules/lists"}