https://github.com/jameswoolfenden/terraform-aws-artifactory-ecs
A basic module to provision artifactory
https://github.com/jameswoolfenden/terraform-aws-artifactory-ecs
artifactory aws ecs jfrog module terraform
Last synced: 3 months ago
JSON representation
A basic module to provision artifactory
- Host: GitHub
- URL: https://github.com/jameswoolfenden/terraform-aws-artifactory-ecs
- Owner: JamesWoolfenden
- License: apache-2.0
- Created: 2020-11-18T14:01:54.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-07-29T20:01:02.000Z (almost 2 years ago)
- Last Synced: 2025-01-25T19:28:04.415Z (5 months ago)
- Topics: artifactory, aws, ecs, jfrog, module, terraform
- Language: HCL
- Homepage:
- Size: 85.9 KB
- Stars: 0
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# terraform-aws-artifactory-ecs
[](https://github.com/JamesWoolfenden/terraform-aws-artifactory-ecs)
[](https://github.com/JamesWoolfenden/terraform-aws-artifactory-ecs/releases/latest)
[](https://github.com/JamesWoolfenden/terraform-aws-artifactory/releases/latest)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=JamesWoolfenden%2Fterraform-aws-artifactory&benchmark=CIS+AWS+V1.2)
[](https://github.com/pre-commit/pre-commit)
[](https://www.checkov.io/)
[](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=JamesWoolfenden%2Fterraform-aws-artifactory&benchmark=INFRASTRUCTURE+SECURITY)
One of three Artifactory modules, this one supports deploying Artifactory pro into an Existing ECS cluster.
## TODO
The template works as is, but if you use it in production you will need to (apart from getting a licence for JFrog...):
- update the configuration of the container to support RDS and S3/EFS. I have included the disabled Terraform (.txt extension) to support this.
- add the licence at launch time
## masterkey
You need to specify your own master key for your container:
```shell
# Create a key
export MASTER_KEY=$(openssl rand -hex 32)
echo ${MASTER_KEY}
```
Important **Ensure Cluster instance role give cloudwatch logs access**
## Usage
Follow examplea as your guide or add _module.artifactory.tf_ to your own Terraform code:
```terraform
module "artifactory" {
source = "JamesWoolfenden/artifactory-ecs/aws"
version = "0.0.2"
common_tags = var.common_tags
subnet_ids = var.subnet_ids
vpc_id = var.vpc_id
cluster_arn = data.aws_ecs_cluster.ecs-artifactory.arn
ssl_certificate_id = var.ssl_certificate_id
allowed_cidr = var.allowed_cidr
master_key = var.master_key
region = var.region
instances = var.instances
instance_SG = var.instance_SG
record = var.record
zone_id = var.zone_id
}
```
The Latest version supports Terraform v0.14.
## Costs
```text
Monthly cost estimate
Project: .
Name Monthly Qty Unit Monthly Cost
module.artifactory.aws_cloudwatch_log_group.artifactory
├─ Data ingested Cost depends on usage: $0.60 per GB
├─ Archival Storage Cost depends on usage: $0.03 per GB
└─ Insights queries data scanned Cost depends on usage: $0.0059 per GB
module.artifactory.aws_elb.artifactory
├─ Classic load balancer 730 hours $21.46
└─ Data processed Cost depends on usage: $0.0084 per GB
PROJECT TOTAL $21.46
```
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.artifactory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_ecs_service.artifactory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_service) | resource |
| [aws_ecs_task_definition.artifactory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition) | resource |
| [aws_elb.artifactory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elb) | resource |
| [aws_iam_role.ecs_artifactory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy.ecs_artifactory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy_attachment.artifactory](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_route53_record.www](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_security_group.elb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_security_group_rule.cidr](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_security_group_rule.fromelb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
| [aws_iam_role.ecs_service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [allowed\_cidr](#input\_allowed\_cidr) | The allowed IP ranges | `list(any)` | n/a | yes |
| [cluster](#input\_cluster) | The existing ECS Cluster | `any` | n/a | yes |
| [common\_tags](#input\_common\_tags) | n/a | `map(any)` | `{}` | no |
| [db\_allocated\_storage](#input\_db\_allocated\_storage) | The size of the database (Gb) | `string` | `"5"` | no |
| [db\_instance\_class](#input\_db\_instance\_class) | The database instance type | `string` | `"db.t2.small"` | no |
| [db\_name](#input\_db\_name) | MySQL database name | `string` | `"artdb"` | no |
| [db\_password](#input\_db\_password) | Database password | `string` | n/a | yes |
| [db\_user](#input\_db\_user) | Database user name | `string` | `"artifactory"` | no |
| [instance\_SG](#input\_instance\_SG) | n/a | `string` | n/a | yes |
| [instances](#input\_instances) | n/a | `list(any)` | n/a | yes |
| [kms\_key\_id](#input\_kms\_key\_id) | n/a | `string` | n/a | yes |
| [master\_key](#input\_master\_key) | n/a | `string` | n/a | yes |
| [outbound](#input\_outbound) | n/a | `list(any)` |
[
"0.0.0.0/0"
]
| no |
| [record](#input\_record) | n/a | `string` | n/a | yes |
| [region](#input\_region) | n/a | `string` | n/a | yes |
| [retention\_in\_days](#input\_retention\_in\_days) | n/a | `string` | `180` | no |
| [ssl\_certificate\_id](#input\_ssl\_certificate\_id) | n/a | `string` | n/a | yes |
| [subnet\_ids](#input\_subnet\_ids) | n/a | `list(any)` | n/a | yes |
| [targetgroup\_http\_name](#input\_targetgroup\_http\_name) | n/a | `string` | `"artifactoryhttp"` | no |
| [targetgroup\_ssl\_name](#input\_targetgroup\_ssl\_name) | n/a | `string` | `"artifactoryssl"` | no |
| [vpc\_id](#input\_vpc\_id) | The VPC id | `string` | n/a | yes |
| [zone\_id](#input\_zone\_id) | n/a | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| [cluster](#output\_cluster) | n/a |
## Policy
The Terraform resource required is:
```golang
resource "aws_iam_policy" "terraform_pike" {
name_prefix = "terraform_pike"
path = "/"
description = "Pike Autogenerated policy from IAC"
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteSecurityGroup",
"ec2:DeleteTags",
"ec2:DescribeAccountAttributes",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"ecs:CreateService",
"ecs:DeleteService",
"ecs:DeregisterTaskDefinition",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:RegisterTaskDefinition",
"ecs:TagResource",
"ecs:UntagResource",
"ecs:UpdateService"
],
"Resource": "*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:RemoveTags"
],
"Resource": "*"
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfilesForRole",
"iam:ListRolePolicies",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:TagRole"
],
"Resource": "*"
},
{
"Sid": "VisualEditor4",
"Effect": "Allow",
"Action": [
"logs:AssociateKmsKey",
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:DeleteRetentionPolicy",
"logs:DescribeLogGroups",
"logs:DisassociateKmsKey",
"logs:ListTagsLogGroup",
"logs:PutRetentionPolicy",
"logs:TagLogGroup",
"logs:UntagLogGroup"
],
"Resource": "*"
},
{
"Sid": "VisualEditor5",
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:GetChange",
"route53:GetHostedZone",
"route53:ListResourceRecordSets"
],
"Resource": "*"
}
]
})
}
```
## Related Projects
Check out these related projects.
- [terraform-aws-s3](https://github.com/jameswoolfenden/terraform-aws-s3) - S3 buckets
## Help
**Got a question?**
File a GitHub [issue](https://github.com/JamesWoolfenden/terraform-aws-artifactory/issues).
## Contributing
### Bug Reports & Feature Requests
Please use the [issue tracker](https://github.com/JamesWoolfenden/terraform-aws-artifactory/issues) to report any bugs or file feature requests.
## Copyrights
Copyright © 2019-2022 James Woolfenden
## License
[](https://opensource.org/licenses/Apache-2.0)
See [LICENSE](LICENSE) for full details.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
### Contributors
[![James Woolfenden][jameswoolfenden_avatar]][jameswoolfenden_homepage]
[James Woolfenden][jameswoolfenden_homepage]
[jameswoolfenden_homepage]: https://github.com/jameswoolfenden
[jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150