{"id":19508897,"url":"https://github.com/rhythmictech/terraform-aws-iqserver","last_synced_at":"2025-04-26T03:31:48.288Z","repository":{"id":44882686,"uuid":"269406212","full_name":"rhythmictech/terraform-aws-iqserver","owner":"rhythmictech","description":"Create a HA Sonatype IQ Server instance","archived":false,"fork":false,"pushed_at":"2024-12-05T18:21:23.000Z","size":42,"stargazers_count":2,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-04T07:11:24.853Z","etag":null,"topics":["aws","sonatype","sonatype-nexus","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/rhythmictech/iqserver/aws","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhythmictech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2020-06-04T16:11:33.000Z","updated_at":"2024-12-05T14:36:02.000Z","dependencies_parsed_at":"2022-08-23T11:30:37.858Z","dependency_job_id":null,"html_url":"https://github.com/rhythmictech/terraform-aws-iqserver","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-iqserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-iqserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-iqserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhythmictech%2Fterraform-aws-iqserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhythmictech","download_url":"https://codeload.github.com/rhythmictech/terraform-aws-iqserver/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250926818,"owners_count":21509043,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","sonatype","sonatype-nexus","terraform","terraform-module"],"created_at":"2024-11-10T23:10:19.185Z","updated_at":"2025-04-26T03:31:47.988Z","avatar_url":"https://github.com/rhythmictech.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-iqserver\n[![tflint](https://github.com/rhythmictech/terraform-aws-iqserver/workflows/tflint/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-iqserver/actions?query=workflow%3Atflint+event%3Apush+branch%3Amaster)\n[![tfsec](https://github.com/rhythmictech/terraform-aws-iqserver/workflows/tfsec/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-iqserver/actions?query=workflow%3Atfsec+event%3Apush+branch%3Amaster)\n[![yamllint](https://github.com/rhythmictech/terraform-aws-iqserver/workflows/yamllint/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-iqserver/actions?query=workflow%3Ayamllint+event%3Apush+branch%3Amaster)\n[![misspell](https://github.com/rhythmictech/terraform-aws-iqserver/workflows/misspell/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-iqserver/actions?query=workflow%3Amisspell+event%3Apush+branch%3Amaster)\n[![pre-commit-check](https://github.com/rhythmictech/terraform-aws-iqserver/workflows/pre-commit-check/badge.svg?branch=master\u0026event=push)](https://github.com/rhythmictech/terraform-aws-iqserver/actions?query=workflow%3Apre-commit-check+event%3Apush+branch%3Amaster)\n\nCreate a Sonatype IQ Server instance. This does some neat things:\n\n* `sonatype-work` directory is managed by EFS with optional backups using AWS Backup\n* everything runs in an ASG (though HA isn't supported.. yet..) so if something happens to the instance, it'll come back up automatically.\n* updates are done by upgrading your AMI and replacing the launch config\n* automatically manages licensing\n\n## Requirements\n\nThis expects an instance that has IQ Server pre-installed using the Rhythmic [ansible-role-iqserver](https://github.com/rhythmictech/ansible-role-iqserver) ansible module. The easiest way to get one is to use Packer.\n\n## License File\nTo use auto licensing, you need to save your license file in AWS Secrets Manager. Something like this would work:\n\n```\naws --region us-east-1 secretsmanager create-secret --secret-id iqserver-license --secret-binary=file:///tmp/license.lic\n```\n\n_Tip: when you renew your license, update the secret and kill the instance. It will automatically be updated._\n\n## Example\nHere's what using the module will look like\n```\nmodule \"example\" {\n  source = \"git::https://github.com/rhythmictech/terraform-aws-iqserver.git\"\n\n  name                           = \"nexus\"\n  ami_id                         = \"ami-12345678912\"\n  asg_subnets                    = [\"subnet-123456789012\", \"subnet-123456789013\"]\n  efs_subnets                    = [\"subnet-123456789012\", \"subnet-123456789013\"]\n  elb_certificate                = \"arn:aws:acm:us-east-1:12345678912:certificate/090c1a21-f053-4aac-8b92-2c963c3c0660\"\n  elb_subnets                    = [\"subnet-123456789012\", \"subnet-123456789013\"]\n  vpc_id                         = \"vpc-123456789012\"\n}\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 0.12.19 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | n/a |\n| \u003ca name=\"provider_template\"\u003e\u003c/a\u003e [template](#provider\\_template) | n/a |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_autoscaling_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |\n| [aws_backup_plan.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_plan) | resource |\n| [aws_backup_selection.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection) | resource |\n| [aws_backup_vault.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault) | resource |\n| [aws_efs_file_system.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system) | resource |\n| [aws_efs_mount_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_mount_target) | resource |\n| [aws_iam_instance_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |\n| [aws_iam_role.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_launch_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource |\n| [aws_lb.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |\n| [aws_lb_listener.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |\n| [aws_lb_target_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |\n| [aws_security_group.efs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group.elb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group_rule.allow_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.allow_inbound_http_from_lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.elb_egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.elb_ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_iam_policy_document.assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.assume_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [template_cloudinit_config.this](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/cloudinit_config) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_ami_id\"\u003e\u003c/a\u003e [ami\\_id](#input\\_ami\\_id) | AMI to build on (must have `ansible-role-iqserver` module installed) | `string` | n/a | yes |\n| \u003ca name=\"input_asg_additional_iam_policies\"\u003e\u003c/a\u003e [asg\\_additional\\_iam\\_policies](#input\\_asg\\_additional\\_iam\\_policies) | Additional IAM policies to attach to the ASG instance profile | `list(string)` | `[]` | no |\n| \u003ca name=\"input_asg_additional_security_groups\"\u003e\u003c/a\u003e [asg\\_additional\\_security\\_groups](#input\\_asg\\_additional\\_security\\_groups) | Additional security group IDs to attach to ASG instances | `list(string)` | `[]` | no |\n| \u003ca name=\"input_asg_desired_capacity\"\u003e\u003c/a\u003e [asg\\_desired\\_capacity](#input\\_asg\\_desired\\_capacity) | The number of Amazon EC2 instances that should be running in the group. | `number` | `1` | no |\n| \u003ca name=\"input_asg_instance_type\"\u003e\u003c/a\u003e [asg\\_instance\\_type](#input\\_asg\\_instance\\_type) | Instance type for scim app | `string` | `\"t3a.micro\"` | no |\n| \u003ca name=\"input_asg_key_name\"\u003e\u003c/a\u003e [asg\\_key\\_name](#input\\_asg\\_key\\_name) | Optional keypair to associate with instances | `string` | `null` | no |\n| \u003ca name=\"input_asg_max_size\"\u003e\u003c/a\u003e [asg\\_max\\_size](#input\\_asg\\_max\\_size) | Maximum number of instances in the autoscaling group | `number` | `2` | no |\n| \u003ca name=\"input_asg_min_size\"\u003e\u003c/a\u003e [asg\\_min\\_size](#input\\_asg\\_min\\_size) | Minimum number of instances in the autoscaling group | `number` | `1` | no |\n| \u003ca name=\"input_asg_subnets\"\u003e\u003c/a\u003e [asg\\_subnets](#input\\_asg\\_subnets) | Subnets to associate ASG instances with (specify 1 or more) | `list(string)` | n/a | yes |\n| \u003ca name=\"input_efs_additional_allowed_security_groups\"\u003e\u003c/a\u003e [efs\\_additional\\_allowed\\_security\\_groups](#input\\_efs\\_additional\\_allowed\\_security\\_groups) | Additional security group IDs to attach to the EFS export | `list(string)` | `[]` | no |\n| \u003ca name=\"input_efs_backup_retain_days\"\u003e\u003c/a\u003e [efs\\_backup\\_retain\\_days](#input\\_efs\\_backup\\_retain\\_days) | Days to retain EFS backups for (only used if `enable_efs_backups=true`) | `number` | `30` | no |\n| \u003ca name=\"input_efs_backup_schedule\"\u003e\u003c/a\u003e [efs\\_backup\\_schedule](#input\\_efs\\_backup\\_schedule) | AWS Backup cron schedule (only used if `enable_efs_backups=true`) | `string` | `\"cron(0 5 ? * * *)\"` | no |\n| \u003ca name=\"input_efs_backup_vault_name\"\u003e\u003c/a\u003e [efs\\_backup\\_vault\\_name](#input\\_efs\\_backup\\_vault\\_name) | AWS Backup vault name (only used if `enable_efs_backups=true`) | `string` | `\"iqserver-efs-vault\"` | no |\n| \u003ca name=\"input_efs_subnets\"\u003e\u003c/a\u003e [efs\\_subnets](#input\\_efs\\_subnets) | Subnets to create EFS mountpoints in | `list(string)` | n/a | yes |\n| \u003ca name=\"input_elb_additional_sg_tags\"\u003e\u003c/a\u003e [elb\\_additional\\_sg\\_tags](#input\\_elb\\_additional\\_sg\\_tags) | Additional tags to apply to the ELB security group. Useful if you use an external process to manage ingress rules. | `map(string)` | `{}` | no |\n| \u003ca name=\"input_elb_allowed_cidr_blocks\"\u003e\u003c/a\u003e [elb\\_allowed\\_cidr\\_blocks](#input\\_elb\\_allowed\\_cidr\\_blocks) | List of allowed CIDR blocks. If `[]` is specified, no inbound ingress rules will be created | `list(string)` | \u003cpre\u003e[\u003cbr\u003e  \"0.0.0.0/0\"\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_elb_certificate\"\u003e\u003c/a\u003e [elb\\_certificate](#input\\_elb\\_certificate) | ARN of certificate to associate with ELB | `string` | n/a | yes |\n| \u003ca name=\"input_elb_internal\"\u003e\u003c/a\u003e [elb\\_internal](#input\\_elb\\_internal) | Create as an internal or internet-facing ELB | `bool` | `true` | no |\n| \u003ca name=\"input_elb_subnets\"\u003e\u003c/a\u003e [elb\\_subnets](#input\\_elb\\_subnets) | Subnets to associate ELB to | `list(string)` | n/a | yes |\n| \u003ca name=\"input_enable_efs_backups\"\u003e\u003c/a\u003e [enable\\_efs\\_backups](#input\\_enable\\_efs\\_backups) | Enable EFS backups using AWS Backup (recommended if you aren't going to back up EFS some other way) | `bool` | `false` | no |\n| \u003ca name=\"input_license_secret\"\u003e\u003c/a\u003e [license\\_secret](#input\\_license\\_secret) | S3 key including any prefix that has the Sonatype IQ Server license | `string` | `\"\"` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Moniker to apply to all resources in the module | `string` | n/a | yes |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | User-Defined tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | VPC to create associated resources in | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_lb_arn\"\u003e\u003c/a\u003e [lb\\_arn](#output\\_lb\\_arn) | ARN of the ELB for Nexus access |\n| \u003ca name=\"output_lb_dns_name\"\u003e\u003c/a\u003e [lb\\_dns\\_name](#output\\_lb\\_dns\\_name) | DNS Name of the ELB for Nexus access |\n| \u003ca name=\"output_lb_zone_id\"\u003e\u003c/a\u003e [lb\\_zone\\_id](#output\\_lb\\_zone\\_id) | Route53 Zone ID of the ELB for Nexus access |\n| \u003ca name=\"output_role_arn\"\u003e\u003c/a\u003e [role\\_arn](#output\\_role\\_arn) | IAM Role ARN of Nexus instance |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-aws-iqserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhythmictech%2Fterraform-aws-iqserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhythmictech%2Fterraform-aws-iqserver/lists"}