Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/infraspecdev/terraform-aws-gitlab
AWS Terraform module to setup single instance Omnibus Gitlab
https://github.com/infraspecdev/terraform-aws-gitlab
Last synced: about 2 months ago
JSON representation
AWS Terraform module to setup single instance Omnibus Gitlab
- Host: GitHub
- URL: https://github.com/infraspecdev/terraform-aws-gitlab
- Owner: infraspecdev
- License: mit
- Created: 2023-01-18T10:33:38.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-05-14T08:12:30.000Z (5 months ago)
- Last Synced: 2024-06-12T11:26:47.548Z (4 months ago)
- Language: HCL
- Homepage:
- Size: 49.8 KB
- Stars: 2
- Watchers: 5
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Terraform module for Gitlab Omnibus on AWS
This terraform module create the entire infrastructure on AWS needed for setting up single instance Gitlab Omnibus. AWS hosted offerings for Postgres(RDS) and Redis(Elasticache) are used in this setup.
Along with that, the module takes care of setting up the following infrastructure components:
- Classic load balancer with HTTPS and SSH connection support
- Gitlab subdomain creation using Route53 and automatic certificate generation using ACM. _(Hosted zone is needed to be on Route53)._
- Backup upload to Amazon S3
- Support for Amazon SES as the SMTP service for Gitlab along with domain identity verification. _(Hosted zone should be on Route53)_
Ansible playbook is used for configuring the _gitlab.rb_ file. Any change in gitlab config is detected at the time of _terraform apply_
and config changes are applied. Any additional configuration can be added to **./gitlab_config/gitlab_additional.rb** file and
the same will be applied to _gitlab.rb_ on _terraform apply._
## Usage
```hcl
module "gitlab" {
source = "infraspecdev/gitlab/aws"
version = "1.0.0"
gitlab_domain = "gitlab"
gitlab_fqdn = "gitlab.example.com"
hosted_zone = "example.com"
private_subnet_id = "subnet-ghdhdge3hduiawu"
public_subnet_ids = ["subnet-dgweyud78323d2", "subnet-d32dgt678q23dd23", "subnet-dh3278d8723hd823"]
vpc_id = "vpc-678dg328gd867gd2"
gitlab_ssh_public_key = "ssh public_key"
gitlab_pg_password = "foobarbaz"
gitlab_pg_subnet_ids = ["subnet-fhdeu7i8whdf78we", "subnet-dgt367gd7362h78d"]
gitlab_pg_username = "gitlab"
gitlab_redis_create_parameter_group = true
gitlab_redis_parameter_group = {
name = "gitlab-redis"
family = "redis7"
}
gitlab_redis_subnet_ids = ["subnet-fhdeu7i8whdf78we", "subnet-dgt367gd7362h78d"]
enable_gitlab_backup_to_s3 = true
gitlab_backup_bucket_name = "example-gitlab-backup"
private_key = var.private_key
create_ses_identity = true
}
```
## Examples
[Example](examples/complete-gitlab-setup)
## Requirements
| Name | Version |
|---------------------------------------------------------------------------|-----------|
| [terraform](#requirement\_terraform) | ~> 1.3.0 |
| [aws](#requirement\_aws) | >= 4.49.0 |
| [local](#requirement\_local) | >= 2.3.0 |
| [null](#requirement\_null) | >= 3.2.1 |
| [template](#requirement\_template) | >= 2.2.0 |
## Providers
| Name | Version |
|------------------------------------------------------------------|----------|
| [aws](#provider\_aws) | 4.50.0 |
| [local](#provider\_local) | >= 2.3.0 |
| [null](#provider\_null) | >= 3.2.1 |
| [template](#provider\_template) | >= 2.2.0 |
## Modules
| Name | Source | Version |
|-------------------------------------------------------------------|----------------------------------------------------|----------|
| [acm](#module\_acm) | terraform-aws-modules/acm/aws | ~> 4.0 |
| [elb](#module\_elb) | terraform-aws-modules/elb/aws | ~> 2.0 |
| [gitlab\_pg](#module\_gitlab\_pg) | terraform-aws-modules/rds/aws | ~> 5.2.3 |
| [records](#module\_records) | terraform-aws-modules/route53/aws//modules/records | ~> 2.0 |
## Resources
| Name | Type |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
| [aws_elasticache_cluster.gitlab_redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster) | resource |
| [aws_elasticache_parameter_group.gitlab_redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_parameter_group) | resource |
| [aws_elasticache_subnet_group.gitlab_redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_subnet_group) | resource |
| [aws_iam_access_key.gitlab_smtp_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
| [aws_iam_instance_profile.gitlab](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
| [aws_iam_policy.gitlab_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_policy.gitlab_ses_sender](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.gitlab_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_user.gitlab_smtp_user](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
| [aws_iam_user_policy_attachment.gitlab_ses_sender](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_policy_attachment) | resource |
| [aws_instance.gitlab](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_key_pair.gitlab_ssh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
| [aws_route53_record.email_domain_amazonses_verification_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_s3_bucket.gitlab_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
| [aws_s3_bucket_acl.gitlab_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |
| [aws_security_group.gitlab](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.gitlab_lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.gitlab_rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group.gitlab_redis](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_ses_domain_identity.email_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity) | resource |
| [aws_ses_domain_identity_verification.email_domain_verification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity_verification) | resource |
| [local_sensitive_file.gitlab_config_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [local_sensitive_file.rendered_gitlab_config_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
| [null_resource.gitlab_reconfigure](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_iam_policy_document.gitlab_s3_backup](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.gitlab_ses_sender](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_route53_zone.email_domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
| [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
| [local_sensitive_file.gitlab_additional_config](https://registry.terraform.io/providers/hashicorp/local/latest/docs/data-sources/sensitive_file) | data source |
| [template_file.gitlab_config_template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------|----------------------------------------------------------|:--------:|
| [acm\_certificate\_arn](#input\_acm\_certificate\_arn) | ARN for ACM certificate to use for Gitlab domain. | `string` | `null` | no |
| [additional\_tags](#input\_additional\_tags) | A map of additional tags to attach to the resources. | `map(string)` | `{}` | no |
| [ami\_id](#input\_ami\_id) | Gitlab published AMI id. Default is GitLab CE 14.9.3 ap-south-1 region AMI. | `string` | `"ami-00c7d9a63c83ba329"` | no |
| [aws\_region](#input\_aws\_region) | AWS region code. Eg: ap-south-1 | `string` | `"ap-south-1"` | no |
| [create\_acm\_certificate](#input\_create\_acm\_certificate) | Whether to create SSL certificate for the Gitlab domain. If false, yo need to provide a valid AMC certificate arn in acm\_certificate\_arn variable. | `bool` | `true` | no |
| [create\_gitlab\_route53\_record](#input\_create\_gitlab\_route53\_record) | Whether to create a domain in Route53 for your Gitlab. | `bool` | `true` | no |
| [create\_ses\_identity](#input\_create\_ses\_identity) | Create a Amazon SES domain identity for Gitlab SMTP service. The domain should be hosted on Route53. | `bool` | `false` | no |
| [enable\_gitlab\_backup\_to\_s3](#input\_enable\_gitlab\_backup\_to\_s3) | Enable Gitlab backup on S3 bucket | `bool` | `false` | no |
| [environment](#input\_environment) | Development environment. Eg: staging, production, etc. | `string` | `"production"` | no |
| [gitlab\_backup\_bucket\_name](#input\_gitlab\_backup\_bucket\_name) | Name of S3 bucket to be used for Gitlab backup | `string` | `null` | no |
| [gitlab\_domain](#input\_gitlab\_domain) | Domain name for the hosted Gitlab instance. Eg: gitlab in gitlab.example.com | `string` | n/a | yes |
| [gitlab\_fqdn](#input\_gitlab\_fqdn) | Fully qualified domain name for the hosted Gitlab instance. Eg: gitlab.example.com | `string` | n/a | yes |
| [gitlab\_pg\_allocated\_storage](#input\_gitlab\_pg\_allocated\_storage) | Gitlab RDS Postgres allocated storage | `number` | `100` | no |
| [gitlab\_pg\_create\_db\_parameter\_group](#input\_gitlab\_pg\_create\_db\_parameter\_group) | Create parameter group for Gitlab RDS | `bool` | `false` | no |
| [gitlab\_pg\_db\_instance\_class](#input\_gitlab\_pg\_db\_instance\_class) | Postgres RDS instance class | `string` | `"db.m5.large"` | no |
| [gitlab\_pg\_db\_name](#input\_gitlab\_pg\_db\_name) | Postgres DB name for Gitlab | `string` | `"gitlabhq-production"` | no |
| [gitlab\_pg\_engine\_version](#input\_gitlab\_pg\_engine\_version) | Postgres engine version | `string` | `"12.11"` | no |
| [gitlab\_pg\_parameter\_group\_name](#input\_gitlab\_pg\_parameter\_group\_name) | Parameter Group name for Gitlab RDS Postgres | `string` | `null` | no |
| [gitlab\_pg\_parameters](#input\_gitlab\_pg\_parameters) | Parameter list for Gitlab RDS | `list(map(string))` | `[]` | no |
| [gitlab\_pg\_password](#input\_gitlab\_pg\_password) | Password for Gitlab Postgres DB | `string` | n/a | yes |
| [gitlab\_pg\_port](#input\_gitlab\_pg\_port) | The port on which the DB accepts connections | `number` | `5432` | no |
| [gitlab\_pg\_publicly\_accessible](#input\_gitlab\_pg\_publicly\_accessible) | Allow Gitlab RDS publicly accessible | `bool` | `false` | no |
| [gitlab\_pg\_storage\_type](#input\_gitlab\_pg\_storage\_type) | Storage type for Gitlab RDS Postgres | `string` | `"gp3"` | no |
| [gitlab\_pg\_subnet\_ids](#input\_gitlab\_pg\_subnet\_ids) | List of subnet-ids for Gitlab RDS | `list(string)` | n/a | yes |
| [gitlab\_pg\_username](#input\_gitlab\_pg\_username) | Username for Gitlab Postgres DB | `string` | n/a | yes |
| [gitlab\_redis\_create\_parameter\_group](#input\_gitlab\_redis\_create\_parameter\_group) | Create parameter group for Gitlab Redis | `bool` | `false` | no |
| [gitlab\_redis\_create\_subnet\_group](#input\_gitlab\_redis\_create\_subnet\_group) | Create subnet group for Gitlab Redis | `bool` | `true` | no |
| [gitlab\_redis\_engine\_version](#input\_gitlab\_redis\_engine\_version) | Redis engine version for Gitlab Redis | `string` | `"7.0"` | no |
| [gitlab\_redis\_node\_type](#input\_gitlab\_redis\_node\_type) | Instance class for Gitlab Redis | `string` | `"cache.t3.medium"` | no |
| [gitlab\_redis\_num\_cache\_nodes](#input\_gitlab\_redis\_num\_cache\_nodes) | Number of cache node in Gitlab Redis | `number` | `1` | no |
| [gitlab\_redis\_parameter\_group](#input\_gitlab\_redis\_parameter\_group) | Gitlab Redis Parameter group config |
object({
name = string
family = string
}) | {
"family": null,
"name": null
} | no |
| [gitlab\_redis\_parameter\_group\_name](#input\_gitlab\_redis\_parameter\_group\_name) | Parameter group name for Gitlab Redis | `string` | `null` | no |
| [gitlab\_redis\_port](#input\_gitlab\_redis\_port) | Redis port for Gitlab Redis | `number` | `6379` | no |
| [gitlab\_redis\_subnet\_group\_name](#input\_gitlab\_redis\_subnet\_group\_name) | Subnet group name for Gitlab Redis | `string` | `null` | no |
| [gitlab\_redis\_subnet\_ids](#input\_gitlab\_redis\_subnet\_ids) | List of subnet-ids for Gitlab Redis | `list(string)` | `[]` | no |
| [gitlab\_ssh\_public\_key](#input\_gitlab\_ssh\_public\_key) | Public key to the key pair to access Gitlab over SSH | `string` | `null` | no |
| [healthcheck\_healthy\_threshold](#input\_healthcheck\_healthy\_threshold) | Number of consecutive health checks successes required before considering an unhealthy target healthy. | `number` | `3` | no |
| [healthcheck\_interval](#input\_healthcheck\_interval) | Approximate amount of time, in seconds, between health checks of an individual target. | `number` | `30` | no |
| [healthcheck\_path](#input\_healthcheck\_path) | Destination for the health check request. | `string` | `"/-/readiness"` | no |
| [healthcheck\_port](#input\_healthcheck\_port) | Port to use to connect with the target. | `string` | `"80"` | no |
| [healthcheck\_protocol](#input\_healthcheck\_protocol) | Protocol to use to connect with the target. | `string` | `"HTTP"` | no |
| [healthcheck\_timeout](#input\_healthcheck\_timeout) | Amount of time, in seconds, during which no response means a failed health check. | `number` | `5` | no |
| [healthcheck\_unhealthy\_threshold](#input\_healthcheck\_unhealthy\_threshold) | Number of consecutive health check failures required before considering the target unhealthy. | `number` | `3` | no |
| [hosted\_zone](#input\_hosted\_zone) | Route53 hosted zone where gitlab domain will be created. Eg: example.com | `string` | n/a | yes |
| [instance\_type](#input\_instance\_type) | Gitlab EC2 instance type. Default is c5.xlarge. | `string` | `"c5.xlarge"` | no |
| [private\_key](#input\_private\_key) | Private key to execute ansible playbook on Gitlab instance. | `string` | n/a | yes |
| [private\_subnet\_id](#input\_private\_subnet\_id) | Id of a private subnet for the VPC where Gitlab instance is located. | `string` | n/a | yes |
| [public\_subnet\_ids](#input\_public\_subnet\_ids) | List of public subnet Ids for Gitlab load balancer. | `list(string)` | n/a | yes |
| [ses\_domain](#input\_ses\_domain) | Route53 hosted domain name for Amazon SES. If no value provided, value of Gitlab hosted zone will be assumed as default. | `string` | `null` | no |
| [ses\_username](#input\_ses\_username) | Username for Gitlab SMTP user | `string` | `"gitlab-smtp-user"` | no |
| [volume\_iops](#input\_volume\_iops) | IOPS for the Gitlab EBS volume | `number` | `3000` | no |
| [volume\_size](#input\_volume\_size) | Size of root EBS volume for Gitlab instance. | `number` | `100` | no |
| [volume\_type](#input\_volume\_type) | Root EBS volume type for Gitlab instance. | `string` | `"gp3"` | no |
| [vpc\_id](#input\_vpc\_id) | Id for VPC where Gitlab instance is located. | `string` | n/a | yes |
## Outputs
| Name | Description |
|------------------------------------------------------------------------------------------------------------|--------------------------------------------|
| [acm\_certificate\_arn](#output\_acm\_certificate\_arn) | The ARN of the certificate. |
| [acm\_certificate\_status](#output\_acm\_certificate\_status) | Status of the certificate. |
| [gitlab\_complete\_url](#output\_gitlab\_complete\_url) | n/a |
| [gitlab\_instance\_id](#output\_gitlab\_instance\_id) | Instance Id of the Gitlab EC2 instance. |
| [gitlab\_lb\_arn](#output\_gitlab\_lb\_arn) | The ARN for Gitlab load balancer. |
| [gitlab\_lb\_sg\_id](#output\_gitlab\_lb\_sg\_id) | Id of Gitlab load balancer security group. |
| [gitlab\_pg\_address](#output\_gitlab\_pg\_address) | Gitlab RDS DB instance address |
| [gitlab\_redis\_address](#output\_gitlab\_redis\_address) | Gitlab Redis cluster address |
| [gitlab\_sg\_id](#output\_gitlab\_sg\_id) | Id of Gitlab instance security group. |