Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/infraspecdev/terraform-aws-grafana

Terraform module to deploy Grafana on ECS.
https://github.com/infraspecdev/terraform-aws-grafana

aws-ecs aws-grafana grafana rds-postgres terraform-aws terraform-aws-module

Last synced: 2 months ago
JSON representation

Terraform module to deploy Grafana on ECS.

Awesome Lists containing this project

README

        

# terraform-aws-grafana

Terraform module to deploy Grafana on ECS.

## Architecture Diagram

![Grafana Architecture Diagram](https://github.com/infraspecdev/terraform-aws-grafana/raw/main/diagrams/grafana-architecture.png)

## Requirements

| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.8.4 |
| [aws](#requirement\_aws) | ~> 5.0 |

## Providers

| Name | Version |
|------|---------|
| [aws](#provider\_aws) | ~> 5.0 |

## Modules

| Name | Source | Version |
|------|--------|---------|
| [ecs\_service\_security\_group](#module\_ecs\_service\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.1.2 |
| [grafana\_alb\_security\_group](#module\_grafana\_alb\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.1.2 |
| [grafana\_backend\_rds](#module\_grafana\_backend\_rds) | ./modules/rds | n/a |
| [grafana\_backend\_rds\_security\_group](#module\_grafana\_backend\_rds\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.1.2 |
| [grafana\_dns\_record](#module\_grafana\_dns\_record) | ./modules/route-53-record | n/a |
| [grafana\_ecs\_deployment](#module\_grafana\_ecs\_deployment) | infraspecdev/ecs-deployment/aws | 4.3.4 |
| [grafana\_execution\_iam\_role](#module\_grafana\_execution\_iam\_role) | ./modules/iam-role | n/a |
| [grafana\_task\_iam\_role](#module\_grafana\_task\_iam\_role) | ./modules/iam-role | n/a |

## Resources

| Name | Type |
|------|------|
| [aws_vpc.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [acm\_certificate\_tags](#input\_acm\_certificate\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [acm\_grafana\_domain\_name](#input\_acm\_grafana\_domain\_name) | (Required) Grafana domain name for which the certificate should be issued. | `string` | n/a | yes |
| [acm\_record\_zone\_id](#input\_acm\_record\_zone\_id) | (Required) Canonical hosted zone ID of the Load Balancer. | `string` | n/a | yes |
| [alb\_listener\_tags](#input\_alb\_listener\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [alb\_name](#input\_alb\_name) | (Optional, Default:"grafana-alb") Name of the LB. | `string` | `"grafana-alb"` | no |
| [alb\_subnet\_ids](#input\_alb\_subnet\_ids) | (Required) List of public VPC subnet IDs where the Application Load Balancer will be configured. | `list(string)` | n/a | yes |
| [alb\_tags](#input\_alb\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [alb\_target\_group\_name](#input\_alb\_target\_group\_name) | (Optional, Default:"grafana-services", Forces new resource) Name of the target group. | `string` | `"grafana-services"` | no |
| [alb\_target\_group\_tags](#input\_alb\_target\_group\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [cluster\_name](#input\_cluster\_name) | (Required) Name of the cluster. | `string` | n/a | yes |
| [grafana\_execution\_role\_description](#input\_grafana\_execution\_role\_description) | (Optional, Default:"Managed By Terraform") Description of the IAM role for Grafana task execution. | `string` | `"Managed By Terraform"` | no |
| [grafana\_execution\_role\_name](#input\_grafana\_execution\_role\_name) | (Optional, Default:"grafana-task-execution-iam-role", Forces new resource) Friendly name of the IAM role for Grafana task execution. | `string` | `"grafana-task-execution-iam-role"` | no |
| [grafana\_execution\_role\_policies](#input\_grafana\_execution\_role\_policies) | (Optional, Default:secrets-manager) Map of IAM policies to create and attach to the Grafana Execution IAM Role. |

map(
object({
name = string
description = optional(string, null)
policy = object({
Version = optional(string, "2012-10-17")
Statement = list(
object({
Sid = optional(string)
Effect = string
Resource = string
Action = optional(list(string), [])
})
)
})
tags = optional(map(string), {})
})
)
|
{
"secrets-manager": {
"description": "Allow access to Secrets Manager",
"name": "grafana-execution-role-secrets-manager",
"policy": {
"Statement": [
{
"Action": [
"secretsmanager:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowSecretsManagerFullAccess"
}
]
}
}
}
| no |
| [grafana\_execution\_role\_tags](#input\_grafana\_execution\_role\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [grafana\_task\_role\_description](#input\_grafana\_task\_role\_description) | (Optional, Default:"Managed By Terraform") Description of the IAM role for Grafana tasks. | `string` | `"Managed By Terraform"` | no |
| [grafana\_task\_role\_name](#input\_grafana\_task\_role\_name) | (Optional, Default:"grafana-task-iam-role", Forces new resource) Friendly name of the IAM role for Grafana tasks. | `string` | `"grafana-task-iam-role"` | no |
| [grafana\_task\_role\_policies](#input\_grafana\_task\_role\_policies) | (Optional, Default:rds,athena) Map of IAM policies to create and attach to the Grafana IAM Role. |
map(
object({
name = string
description = optional(string, null)
policy = object({
Version = optional(string, "2012-10-17")
Statement = list(
object({
Sid = optional(string)
Effect = string
Resource = string
Action = optional(list(string), [])
})
)
})
tags = optional(map(string), {})
})
)
|
{
"athena": {
"description": "Allow access to Athena",
"name": "grafana-task-iam-role-athena",
"policy": {
"Statement": [
{
"Action": [
"athena:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowAthenaFullAccess"
},
{
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition",
"glue:StartColumnStatisticsTaskRun",
"glue:GetColumnStatisticsTaskRun",
"glue:GetColumnStatisticsTaskRuns",
"glue:GetCatalogImportStatus"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowGlueFullAccess"
}
]
}
},
"rds": {
"description": "Allow access to RDS",
"name": "grafana-task-iam-role-rds",
"policy": {
"Statement": [
{
"Action": [
"rds:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowRDSFullAccess"
}
]
}
}
}
| no |
| [grafana\_task\_role\_tags](#input\_grafana\_task\_role\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [rds\_allocated\_storage](#input\_rds\_allocated\_storage) | (Optional, Default:10) The allocated storage in gibibytes. | `number` | `10` | no |
| [rds\_db\_parameter\_group\_description](#input\_rds\_db\_parameter\_group\_description) | (Optional, Default:"Managed By Terraform", Forces new resource) The description of the DB parameter group. | `string` | `"Managed By Terraform"` | no |
| [rds\_db\_parameter\_group\_family](#input\_rds\_db\_parameter\_group\_family) | (Optional, Default:"postgres16", Forces new resource) The description of the DB parameter group. | `string` | `"postgres16"` | no |
| [rds\_db\_parameter\_group\_name](#input\_rds\_db\_parameter\_group\_name) | (Optional, Default:"grafana-rds-parameter-group", Forces new resource) The name of the DB parameter group. | `string` | `"grafana-rds-parameter-group"` | no |
| [rds\_db\_parameter\_group\_parameters](#input\_rds\_db\_parameter\_group\_parameters) | (Optional) The DB parameters to apply. |
list(
object({
name = string
value = string
apply_method = optional(string)
})
)
|
[
{
"apply_method": "immediate",
"name": "rds.force_ssl",
"value": "0"
}
]
| no |
| [rds\_db\_parameter\_group\_tags](#input\_rds\_db\_parameter\_group\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [rds\_db\_subnet\_group\_description](#input\_rds\_db\_subnet\_group\_description) | (Optional, Default:"Managed By Terraform", Forces new resource) The description of the DB subnet group. | `string` | `"Managed By Terraform"` | no |
| [rds\_db\_subnet\_group\_name](#input\_rds\_db\_subnet\_group\_name) | (Optional, Default:"grafana-rds-subnet-group", Forces new resource) The name of the DB subnet group. | `string` | `"grafana-rds-subnet-group"` | no |
| [rds\_db\_subnet\_group\_subnet\_ids](#input\_rds\_db\_subnet\_group\_subnet\_ids) | (Required) A list of VPC subnet IDs. | `list(string)` | n/a | yes |
| [rds\_db\_subnet\_group\_tags](#input\_rds\_db\_subnet\_group\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [rds\_identifier](#input\_rds\_identifier) | (Optional, Default:"grafana-backend") The name of the Postgres RDS instance. | `string` | `"grafana-backend"` | no |
| [rds\_instance\_class](#input\_rds\_instance\_class) | (Optional, Default:"db.t3.micro") The instance type of the Postgres RDS instance. | `string` | `"db.t3.micro"` | no |
| [rds\_postgres\_engine\_version](#input\_rds\_postgres\_engine\_version) | (Optional, Default:"16.3") The Postgres engine version to use. | `string` | `"16.3"` | no |
| [rds\_tags](#input\_rds\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [rds\_username](#input\_rds\_username) | (Optional, Default:"grafana\_admin") Username for the master DB user. | `string` | `"grafana_admin"` | no |
| [s3\_bucket\_name](#input\_s3\_bucket\_name) | (Optional, Default:"grafana-services-alb-logs", Forces new resource) Name of the bucket where the Grafana ALB logs will be stored. | `string` | `"grafana-services-alb-logs"` | no |
| [s3\_bucket\_tags](#input\_s3\_bucket\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [service\_desired\_count](#input\_service\_desired\_count) | (Optional, Default:3) Desired number of tasks to run in the ECS Service. | `number` | `3` | no |
| [service\_name](#input\_service\_name) | (Optional, Default:grafana) Name of the ECS Service. | `string` | `"grafana"` | no |
| [service\_subnet\_ids](#input\_service\_subnet\_ids) | (Required) List of VPC subnet IDs where the infrastructure will be configured. | `list(string)` | n/a | yes |
| [service\_tags](#input\_service\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [task\_definition\_family](#input\_task\_definition\_family) | (Optional, Default:"grafana") A unique name for your task definition. | `string` | `"grafana"` | no |
| [task\_definition\_grafana\_image\_version](#input\_task\_definition\_grafana\_image\_version) | (Optional, Default:11.1.2) Version tag to use with the Grafana docker image. | `string` | `"11.1.2"` | no |
| [task\_definition\_tags](#input\_task\_definition\_tags) | (Optional, Default:{}) Map of Resources Tags to attach to the resource. | `map(string)` | `{}` | no |
| [vpc\_id](#input\_vpc\_id) | (Required) The ID of the VPC. | `string` | n/a | yes |

## Outputs

| Name | Description |
|------|-------------|
| [acm\_certificate\_arn](#output\_acm\_certificate\_arn) | ARN of the ACM certificate for Grafana endpoint. |
| [acm\_certificate\_id](#output\_acm\_certificate\_id) | Identifier of the ACM certificate for Grafana endpoint. |
| [acm\_certificate\_validation\_id](#output\_acm\_certificate\_validation\_id) | Identifier of the Grafana endpoint ACM certificate validation resource. |
| [acm\_route53\_record\_id](#output\_acm\_route53\_record\_id) | Identifier of the Route53 Record for validation of the Grafana endpoint ACM certificate. |
| [alb\_arn](#output\_alb\_arn) | ARN of the Grafana load balancer. |
| [alb\_dns\_name](#output\_alb\_dns\_name) | DNS name of the Grafana load balancer. |
| [alb\_listener\_arn](#output\_alb\_listener\_arn) | ARN of the Listener for Grafana services. |
| [alb\_listener\_id](#output\_alb\_listener\_id) | Identifier of the Listener for Grafana services. |
| [alb\_target\_group\_arn](#output\_alb\_target\_group\_arn) | ARN of the Target Group of Grafana services. |
| [alb\_target\_group\_id](#output\_alb\_target\_group\_id) | Identifier of the Target Group of Grafana services. |
| [alb\_zone\_id](#output\_alb\_zone\_id) | Canonical hosted zone ID of the Grafana Load Balancer. |
| [ecs\_service\_security\_group\_arn](#output\_ecs\_service\_security\_group\_arn) | ARN of the Grafana ECS Service Security Group. |
| [ecs\_service\_security\_group\_id](#output\_ecs\_service\_security\_group\_id) | Identifier of the Grafana ECS Service Security Group. |
| [grafana\_alb\_security\_group\_arn](#output\_grafana\_alb\_security\_group\_arn) | ARN of the Grafana ALB Security Group. |
| [grafana\_alb\_security\_group\_id](#output\_grafana\_alb\_security\_group\_id) | Identifier of the Grafana ALB Security Group. |
| [grafana\_backend\_rds\_security\_group\_arn](#output\_grafana\_backend\_rds\_security\_group\_arn) | ARN of the Grafana Backend RDS Security Group. |
| [grafana\_backend\_rds\_security\_group\_id](#output\_grafana\_backend\_rds\_security\_group\_id) | Identifier of the Grafana Backend RDS Security Group. |
| [grafana\_ecs\_service\_arn](#output\_grafana\_ecs\_service\_arn) | ARN that identifies the Grafana ECS service. |
| [grafana\_ecs\_task\_definition\_arn](#output\_grafana\_ecs\_task\_definition\_arn) | Full ARN of the Grafana ECS Task Definition. |
| [grafana\_execution\_iam\_role\_arn](#output\_grafana\_execution\_iam\_role\_arn) | Amazon Resource Name (ARN) specifying the Grafana Execution IAM role. |
| [grafana\_execution\_iam\_role\_id](#output\_grafana\_execution\_iam\_role\_id) | Name of the Grafana Execution IAM role. |
| [grafana\_execution\_iam\_role\_policies\_arns](#output\_grafana\_execution\_iam\_role\_policies\_arns) | Map of IAM Policies ARNs created and attached with the Grafana Execution IAM role. |
| [grafana\_execution\_iam\_role\_policies\_ids](#output\_grafana\_execution\_iam\_role\_policies\_ids) | Map of IAM Policies Identifiers created and attached with the Grafana Execution IAM role. |
| [grafana\_task\_iam\_role\_arn](#output\_grafana\_task\_iam\_role\_arn) | Amazon Resource Name (ARN) specifying the Grafana Task IAM role. |
| [grafana\_task\_iam\_role\_id](#output\_grafana\_task\_iam\_role\_id) | Name of the Grafana Task IAM role. |
| [grafana\_task\_iam\_role\_policies\_arns](#output\_grafana\_task\_iam\_role\_policies\_arns) | Map of IAM Policies ARNs created and attached with the Grafana Task IAM role. |
| [grafana\_task\_iam\_role\_policies\_ids](#output\_grafana\_task\_iam\_role\_policies\_ids) | Map of IAM Policies Identifiers created and attached with the Grafana Task IAM role. |
| [rds\_arn](#output\_rds\_arn) | The ARN of the Grafana RDS instance. |
| [rds\_db\_parameter\_group\_arn](#output\_rds\_db\_parameter\_group\_arn) | The ARN of the db parameter group attached with Grafana RDS. |
| [rds\_db\_parameter\_group\_id](#output\_rds\_db\_parameter\_group\_id) | The db parameter group name to use with the Grafana RDS. |
| [rds\_db\_subnet\_group\_arn](#output\_rds\_db\_subnet\_group\_arn) | The ARN of the db subnet group attached with Grafana RDS. |
| [rds\_db\_subnet\_group\_id](#output\_rds\_db\_subnet\_group\_id) | The db subnet group name to use with the Grafana RDS. |
| [rds\_endpoint](#output\_rds\_endpoint) | The Grafana RDS connection endpoint in `address:port` format. |
| [rds\_id](#output\_rds\_id) | Grafana RDS DBI resource ID. |
| [rds\_master\_user\_secret](#output\_rds\_master\_user\_secret) | Details of the secret containing the database master password for Grafana RDS. |
| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | ARN of the bucket where the Grafana ALB logs will be stored. |
| [s3\_bucket\_id](#output\_s3\_bucket\_id) | Name of the bucket where the Grafana ALB logs will be stored. |