Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/giampy5/terraform-aws-directus
This repository allows you to deploy Directus in AWS using Terraform following AWS Best Practises.
https://github.com/giampy5/terraform-aws-directus
aws directus directus-aws terraform-aws terraform-module
Last synced: about 1 month ago
JSON representation
This repository allows you to deploy Directus in AWS using Terraform following AWS Best Practises.
- Host: GitHub
- URL: https://github.com/giampy5/terraform-aws-directus
- Owner: GiamPy5
- License: mit
- Created: 2024-06-17T12:37:58.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-09-13T18:32:57.000Z (2 months ago)
- Last Synced: 2024-10-10T07:01:48.234Z (about 1 month ago)
- Topics: aws, directus, directus-aws, terraform-aws, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/GiamPy5/directus/aws/latest
- Size: 79.1 KB
- Stars: 13
- Watchers: 1
- Forks: 1
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform AWS Directus Module 🚀
This Terraform module simplifies the deployment of [Directus](https://directus.io/) on an AWS Fargate ECS cluster.
## 🌟 Features
- **Seamless Deployment** of Directus on AWS Fargate ECS
- **Automatic Scaling** and Load Balancing
- **High Availability** and Fault Tolerance
- **Customizable Configuration** Options
- **S3 Integration** for Static Assets## 🚀 Quick Start
Deploy Directus quickly and easily by including this module in your Terraform configuration:
```hcl
module "directus" {
source = "GiamPy5/directus/aws"application_name = local.name # Change this to your application name
admin_email = "[email protected]" # Change this to your email address
vpc_id = module.vpc.vpc_id # Change this to your VPC ID
subnet_ids = module.vpc.public_subnets # Change this to your subnet IDscreate_cloudwatch_logs_group = true
cloudwatch_logs_stream_prefix = "directus"cpu = 1024
memory = 2048ecs_service_enable_execute_command = true # Allows you to connect via CLI to the ECS Task Container (just like `docker exec`). It's disabled by default.
enable_ses_emails_sending = true
force_new_ecs_deployment_on_apply = true# Add additional custom configuration here (https://docs.directus.io/self-hosted/config-options.html#configuration-options)
additional_configuration = {
"LOG_LEVEL" = "debug"
}rds_database_name = "database_name"
rds_database_host = "database_host"
rds_database_port = "database_port"
rds_database_engine = "database_engine"
rds_database_username = "database_username"
rds_database_password_secrets_manager_arn = "database_user_password_secrets_manager_arn"redis_host = module.elasticache.cluster_cache_nodes[0].address
redis_port = module.elasticache.cluster_cache_nodes[0].portcreate_s3_bucket = true # If you do not create an S3 bucket, you will need to provide an existing S3 bucket name
s3_bucket_name = "terraform-aws-directus-${local.region}"healthcheck_path = "/server/health"
image_tag = "10.12"autoscaling = {
enable = true
cpu_threshold = 60
memory_threshold = 80
min_capacity = 1
max_capacity = 2
}tags = {
Application = "Directus"
Environment = "Test"
} # Change these tags to your preferred tags
}
```For a complete example, including all dependencies like database inputs, check out the [examples](https://github.com/GiamPy5/terraform-aws-directus/tree/main/examples) section.
## 📋 Prerequisites
Before using this module, ensure you have the following:
- An **AWS account** 🛠️
- **Terraform installed** on your machine 🌐
- Basic knowledge of **AWS services** and **Terraform** 📚## 📚 Module Documentation
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.5 |
| [aws](#requirement\_aws) | >= 5.30 |
| [random](#requirement\_random) | >= 3.0 |## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 5.30 |
| [random](#provider\_random) | >= 3.0 |## Modules
| Name | Source | Version |
|------|--------|---------|
| [ecs](#module\_ecs) | terraform-aws-modules/ecs/aws | 5.11.2 |
| [s3\_bucket\_for\_logs](#module\_s3\_bucket\_for\_logs) | terraform-aws-modules/s3-bucket/aws | 4.1.2 |## Resources
| Name | Type |
|------|------|
| [aws_appautoscaling_policy.autoscaling_policy_cpu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
| [aws_appautoscaling_policy.autoscaling_policy_memory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_policy) | resource |
| [aws_appautoscaling_target.autoscaling_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target) | resource |
| [aws_ecs_service.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
| [aws_ecs_task_definition.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
| [aws_iam_access_key.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_group.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
| [aws_iam_group_membership.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_membership) | resource |
| [aws_iam_group_policy.s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy) | resource |
| [aws_iam_policy.cloudwatch_logs_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.ecs_ebs_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.ecs_service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role.ecs_task_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.ecs_ebs_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_role_policy_attachment.ecs_service_role_ecs_task_execution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_iam_user.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_user_policy.kms_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy) | resource |
| [aws_lb.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource |
| [aws_lb_listener.directus_lb_listener](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener) | resource |
| [aws_lb_target_group.directus_lb_target_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group) | resource |
| [aws_s3_bucket.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_server_side_encryption_configuration.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |
| [aws_s3_bucket_versioning.directus_bucket_versioning](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |
| [aws_secretsmanager_secret.cognito_client_secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret.directus_admin_password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret.directus_secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret.directus_serviceuser_secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_version.cognito_client_secret_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_secretsmanager_secret_version.directus_admin_password_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_secretsmanager_secret_version.directus_secret_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_secretsmanager_secret_version.directus_serviceuser_secret_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_security_group.ecs_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.lb_sg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [random_password.directus_admin_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [random_password.directus_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_cognito_user_pool_client.client](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cognito_user_pool_client) | data source |
| [aws_iam_policy_document.cloudwatch_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.kms_access_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.kms_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.s3_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
| [aws_s3_bucket.directus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source |## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [additional\_configuration](#input\_additional\_configuration) | Additional configuration to apply to the Directus container | `map(string)` | `{}` | no |
| [admin\_email](#input\_admin\_email) | The email address of the admin user | `string` | n/a | yes |
| [admin\_password](#input\_admin\_password) | The password of the admin user (if empty, it will be generated automatically) | `string` | `""` | no |
| [application\_name](#input\_application\_name) | The name of the application | `string` | n/a | yes |
| [autoscaling](#input\_autoscaling) | Autoscaling Configuration |object({|
enable = bool
memory_threshold = number
cpu_threshold = number
min_capacity = number
max_capacity = number
}){| no |
"cpu_threshold": 60,
"enable": false,
"max_capacity": 3,
"memory_threshold": 80,
"min_capacity": 1
}
| [cloudwatch\_logs\_stream\_prefix](#input\_cloudwatch\_logs\_stream\_prefix) | The prefix of the CloudWatch Logs stream | `string` | `"directus"` | no |
| [cognito\_allow\_public\_registration](#input\_cognito\_allow\_public\_registration) | Whether to allow public registration in Directus through Cognito External Users | `bool` | `false` | no |
| [cognito\_identifier\_key](#input\_cognito\_identifier\_key) | The key of the Cognito identifier | `string` | `"email"` | no |
| [cognito\_scopes](#input\_cognito\_scopes) | The Cognito scopes | `list(string)` |[| no |
"email",
"openid",
"profile"
]
| [cognito\_user\_pool\_client\_id](#input\_cognito\_user\_pool\_client\_id) | The ID of the Cognito user pool client | `string` | `""` | no |
| [cognito\_user\_pool\_id](#input\_cognito\_user\_pool\_id) | The ID of the Cognito user pool | `string` | `""` | no |
| [cpu](#input\_cpu) | The number of CPU units to reserve for the Directus service | `number` | `2048` | no |
| [create\_cloudwatch\_logs\_group](#input\_create\_cloudwatch\_logs\_group) | Whether to create a CloudWatch Logs group | `bool` | `false` | no |
| [create\_s3\_bucket](#input\_create\_s3\_bucket) | Whether to create an S3 bucket | `bool` | `false` | no |
| [ecs\_service\_enable\_execute\_command](#input\_ecs\_service\_enable\_execute\_command) | Whether to enable ECS service execute command | `bool` | `false` | no |
| [enable\_alb\_access\_logs](#input\_enable\_alb\_access\_logs) | Whether to enable access logs of the Load Balancer | `bool` | `false` | no |
| [enable\_cognito\_authentication](#input\_enable\_cognito\_authentication) | Whether to enable Cognito authentication | `bool` | `false` | no |
| [enable\_ecs\_volume](#input\_enable\_ecs\_volume) | Whether to enable ECS volume | `bool` | `false` | no |
| [enable\_kms\_encryption](#input\_enable\_kms\_encryption) | Whether to enable KMS encryption | `bool` | `false` | no |
| [enable\_s3\_bucket\_versioning](#input\_enable\_s3\_bucket\_versioning) | Whether to enable S3 bucket versioning | `bool` | `true` | no |
| [enable\_ses\_emails\_sending](#input\_enable\_ses\_emails\_sending) | Whether to enable sending emails using SES | `bool` | `false` | no |
| [force\_new\_ecs\_deployment\_on\_apply](#input\_force\_new\_ecs\_deployment\_on\_apply) | Whether to force a new deployment of the ECS service on apply | `bool` | `false` | no |
| [image\_tag](#input\_image\_tag) | The tag of the Docker image | `string` | `"latest"` | no |
| [kms\_key\_id](#input\_kms\_key\_id) | The ID of the KMS key | `string` | `""` | no |
| [load\_balancer\_allowed\_cidr\_blocks](#input\_load\_balancer\_allowed\_cidr\_blocks) | The CIDR blocks allowed to access the Load Balancer | `list(string)` |[| no |
"0.0.0.0/0"
]
| [load\_balancer\_prefix\_list\_ids](#input\_load\_balancer\_prefix\_list\_ids) | The prefix list IDs allowed to access the Load Balancer | `list(string)` | `[]` | no |
| [memory](#input\_memory) | The amount of memory to reserve for the Directus service | `number` | `4096` | no |
| [private\_subnet\_ids](#input\_private\_subnet\_ids) | The IDs of the private subnets used by the ECS service to run tasks | `list(string)` | n/a | yes |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | The IDs of the public subnets used by the Load Balancer to serve traffic | `list(string)` | n/a | yes |
| [public\_url](#input\_public\_url) | The public URL of the Directus service | `string` | `""` | no |
| [rds\_database\_engine](#input\_rds\_database\_engine) | The engine of the RDS database | `string` | n/a | yes |
| [rds\_database\_host](#input\_rds\_database\_host) | The host of the RDS database | `string` | n/a | yes |
| [rds\_database\_name](#input\_rds\_database\_name) | The Name of the RDS database | `string` | n/a | yes |
| [rds\_database\_password\_secrets\_manager\_arn](#input\_rds\_database\_password\_secrets\_manager\_arn) | The ARN of the Secrets Manager secret containing the RDS database password | `string` | n/a | yes |
| [rds\_database\_port](#input\_rds\_database\_port) | The port of the RDS database | `number` | n/a | yes |
| [rds\_database\_username](#input\_rds\_database\_username) | The username of the RDS database user | `string` | n/a | yes |
| [redis\_host](#input\_redis\_host) | The host of the Redis server | `string` | `""` | no |
| [redis\_port](#input\_redis\_port) | The port of the Redis server | `number` | `6379` | no |
| [redis\_username](#input\_redis\_username) | The username of the Redis server | `string` | `"default"` | no |
| [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name of the S3 bucket | `string` | `""` | no |
| [s3\_bucket\_versioning\_configuration](#input\_s3\_bucket\_versioning\_configuration) | S3 bucket versioning configuration |object({|
mfa_delete = string
}){| no |
"mfa_delete": "Disabled"
}
| [ssl\_certificate\_arn](#input\_ssl\_certificate\_arn) | The ARN of the SSL certificate | `string` | `""` | no |
| [tags](#input\_tags) | The tags to apply to the resources | `map(string)` | `{}` | no |
| [vpc\_id](#input\_vpc\_id) | The ID of the VPC | `string` | n/a | yes |## Outputs
| Name | Description |
|------|-------------|
| [load\_balancer\_dns\_name](#output\_load\_balancer\_dns\_name) | The DNS name of the load balancer |
| [load\_balancer\_listener\_arn](#output\_load\_balancer\_listener\_arn) | The ARN of the load balancer listener |
| [load\_balancer\_target\_group\_arn](#output\_load\_balancer\_target\_group\_arn) | The ARN of the load balancer target group |
| [public\_url](#output\_public\_url) | The public URL of the Directus service |
| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | The ARN of the S3 bucket |
| [s3\_bucket\_name](#output\_s3\_bucket\_name) | The name of the S3 bucket |## 🤝 Contributing
Contributions are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on the [GitHub repository](https://github.com/GiamPy5/terraform-aws-directus).
## 📄 License
This module is open source and available under the [MIT License](https://opensource.org/licenses/MIT).