Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cn-terraform/terraform-aws-nexus
Sonatype Nexus Terraform Module for AWS
https://github.com/cn-terraform/terraform-aws-nexus
amazon-web-services aws cloud nexus nexus-repository-manager terraform terraform-module
Last synced: 1 day ago
JSON representation
Sonatype Nexus Terraform Module for AWS
- Host: GitHub
- URL: https://github.com/cn-terraform/terraform-aws-nexus
- Owner: cn-terraform
- License: apache-2.0
- Created: 2019-02-04T17:26:52.000Z (almost 6 years ago)
- Default Branch: main
- Last Pushed: 2024-08-13T02:01:17.000Z (3 months ago)
- Last Synced: 2024-08-13T03:37:30.178Z (3 months ago)
- Topics: amazon-web-services, aws, cloud, nexus, nexus-repository-manager, terraform, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/cn-terraform/nexus
- Size: 92.8 KB
- Stars: 14
- Watchers: 4
- Forks: 11
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# Sonatype Nexus Terraform Module for AWS #
This Terraform module deploys a Sonatype Nexus OOS on AWS. Based on official Sonatype Nexus Docker image .
[](https://github.com/cn-terraform/terraform-aws-nexus/actions?query=workflow%3Aterraform)
[](https://github.com/cn-terraform/terraform-aws-nexus)
[](https://github.com/cn-terraform/terraform-aws-nexus)
[](https://github.com/cn-terraform/terraform-aws-nexus)
[](https://github.com/cn-terraform/terraform-aws-nexus)
[](https://github.com/cn-terraform/terraform-aws-nexus)
## Usage
Check valid versions on:
* Github Releases:
* Terraform Module Registry:
## Other modules that you may need to use this module
The Networking module:
* Github Releases:
* Terraform Module Registry:
## Install pre commit hooks.
Pleas run this command right after cloning the repository.
pre-commit install
For that you may need to install the folowwing tools:
* [Pre-commit](https://pre-commit.com/)
* [Terraform Docs](https://terraform-docs.io/)
In order to run all checks at any point run the following command:
pre-commit run --all-files
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13 |
| [aws](#requirement\_aws) | >= 4 |
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | 4.27.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [acm](#module\_acm) | terraform-aws-modules/acm/aws | 4.0.1 |
| [aws\_cw\_logs](#module\_aws\_cw\_logs) | cn-terraform/cloudwatch-logs/aws | 1.0.12 |
| [ecs\_fargate](#module\_ecs\_fargate) | cn-terraform/ecs-fargate/aws | 2.0.45 |
## Resources
| Name | Type |
|------|------|
| [aws_route53_record.record_dns](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [block\_s3\_bucket\_public\_access](#input\_block\_s3\_bucket\_public\_access) | (Optional) If true, public access to the S3 bucket will be blocked. | `bool` | `true` | no |
| [configure\_loadbalancer\_ssl](#input\_configure\_loadbalancer\_ssl) | Enable SSL, and configure the loadbalancer to use the certificate |
object({
enable_ssl = bool
dns_zone_id = string
https_record_name = string
https_record_domain_name = string
}) | {
"dns_zone_id": "",
"enable_ssl": false,
"https_record_domain_name": "",
"https_record_name": ""
} | no |
| [container\_cpu](#input\_container\_cpu) | (Optional) The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container\_cpu of all containers in a task will need to be lower than the task-level cpu value | `number` | `4096` | no |
| [container\_memory](#input\_container\_memory) | (Optional) The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container\_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container\_memory of all containers in a task will need to be lower than the task memory value | `number` | `8192` | no |
| [container\_memory\_reservation](#input\_container\_memory\_reservation) | (Optional) The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container\_memory hard limit | `number` | `4096` | no |
| [create\_kms\_key](#input\_create\_kms\_key) | If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable `log_group_kms_key_id` | `bool` | `false` | no |
| [enable\_s3\_bucket\_server\_side\_encryption](#input\_enable\_s3\_bucket\_server\_side\_encryption) | (Optional) If true, server side encryption will be applied. | `bool` | `true` | no |
| [enable\_s3\_logs](#input\_enable\_s3\_logs) | (Optional) If true, all resources to send LB logs to S3 will be created | `bool` | `true` | no |
| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | The number of GBs to provision for ephemeral storage on Fargate tasks. Must be greater than or equal to 21 and less than or equal to 200 | `number` | `0` | no |
| [lb\_enable\_cross\_zone\_load\_balancing](#input\_lb\_enable\_cross\_zone\_load\_balancing) | Enable cross zone support for LB | `string` | `"true"` | no |
| [lb\_http\_ports](#input\_lb\_http\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | `{}` | no |
| [lb\_https\_ports](#input\_lb\_https\_ports) | Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener\_port and the target\_group\_port. For `redirect` type, include listener port, host, path, port, protocol, query and status\_code. For `fixed-response`, include listener\_port, content\_type, message\_body and status\_code | `map(any)` | {
"default": {
"listener_port": 443,
"target_group_port": 8081,
"target_group_protocol": "HTTP"
}
} | no |
| [lb\_waf\_web\_acl\_arn](#input\_lb\_waf\_web\_acl\_arn) | ARN of a WAFV2 to associate with the ALB | `string` | `""` | no |
| [log\_group\_kms\_key\_id](#input\_log\_group\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | `string` | `null` | no |
| [log\_group\_retention\_in\_days](#input\_log\_group\_retention\_in\_days) | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days. | `number` | `30` | no |
| [mount\_points](#input\_mount\_points) | Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`. The `readOnly` key is optional. | `list(any)` | `[]` | no |
| [name\_prefix](#input\_name\_prefix) | Name prefix for resources on AWS | `any` | n/a | yes |
| [nexus\_image](#input\_nexus\_image) | Nexus image | `string` | `"sonatype/nexus3"` | no |
| [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of Private Subnets IDs | `list(any)` | n/a | yes |
| [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of Public Subnets IDs | `list(any)` | n/a | yes |
| [region](#input\_region) | AWS Region the infrastructure is hosted in | `any` | n/a | yes |
| [s3\_bucket\_server\_side\_encryption\_key](#input\_s3\_bucket\_server\_side\_encryption\_key) | (Optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse\_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse\_algorithm is aws:kms. | `string` | `null` | no |
| [s3\_bucket\_server\_side\_encryption\_sse\_algorithm](#input\_s3\_bucket\_server\_side\_encryption\_sse\_algorithm) | (Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | `string` | `"AES256"` | no |
| [tags](#input\_tags) | Resource tags | `map(string)` | `{}` | no |
| [volumes](#input\_volumes) | (Optional) A set of volume blocks that containers in your task may use | list(object({
host_path = string
name = string
docker_volume_configuration = list(object({
autoprovision = bool
driver = string
driver_opts = map(string)
labels = map(string)
scope = string
}))
efs_volume_configuration = list(object({
file_system_id = string
root_directory = string
transit_encryption = string
transit_encryption_port = string
authorization_config = list(object({
access_point_id = string
iam = string
}))
}))
})) | `[]` | no |
| [vpc\_id](#input\_vpc\_id) | ID of the VPC | `any` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [nexus\_lb\_arn](#output\_nexus\_lb\_arn) | Sonatype Nexus Load Balancer ARN |
| [nexus\_lb\_arn\_suffix](#output\_nexus\_lb\_arn\_suffix) | Sonatype Nexus Load Balancer ARN Suffix |
| [nexus\_lb\_dns\_name](#output\_nexus\_lb\_dns\_name) | Sonatype Nexus Load Balancer DNS Name |
| [nexus\_lb\_id](#output\_nexus\_lb\_id) | Sonatype Nexus Load Balancer ID |
| [nexus\_lb\_zone\_id](#output\_nexus\_lb\_zone\_id) | Sonatype Nexus Load Balancer Zone ID |