https://github.com/turnerlabs/terraform-https-alb-lambda
A Terraform template that provisions HTTPS applications using ALB and Lambda
https://github.com/turnerlabs/terraform-https-alb-lambda
alb aws faas lambda serverless terraform
Last synced: 23 days ago
JSON representation
A Terraform template that provisions HTTPS applications using ALB and Lambda
- Host: GitHub
- URL: https://github.com/turnerlabs/terraform-https-alb-lambda
- Owner: turnerlabs
- License: apache-2.0
- Created: 2019-06-19T15:44:37.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2020-09-14T13:14:05.000Z (over 5 years ago)
- Last Synced: 2025-04-09T19:00:18.440Z (12 months ago)
- Topics: alb, aws, faas, lambda, serverless, terraform
- Language: HCL
- Size: 158 KB
- Stars: 24
- Watchers: 4
- Forks: 15
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# terraform-https-alb-lambda
A Terraform template that provisions HTTPS applications using ALB and Lambda.
This will give you a running endpoint in the following format:
```bash
https://${environment}.${app}.${domain}
```
Note that after `terraform apply`, you will have a "hello world" function behind an HTTPS endpoint. The template stops after provisioning the cloud infrastructure and assumes that you will use a different tool to do ongoing code deployments.
## Components
### base
These components are shared by all environments.
| Name | Description | Optional |
|------|-------------|:---:|
| [main.tf](./base/main.tf) | AWS provider, output | |
| [state.tf](./base/state.tf) | S3 bucket backend for storing Terraform remote state | |
### env/dev
These components are for a specific environment. There should be a corresponding directory for each environment
that is needed.
| Name | Description | Optional |
|------|-------------|:----:|
| [main.tf](./env/dev/main.tf) | AWS provider | |
| [lambda.tf](./env/dev/lambda.tf) | Lambda function | |
| [lb.tf](./env/dev/lb.tf) | ALB, Target Group, S3 bucket for access logs | |
| [lb-http.tf](./env/dev/lb-http.tf) | HTTP listener, NSG rule | Yes |
| [lb-https.tf](./env/dev/lb-https.tf) | HTTPS listener, NSG rule | |
| [dns-cert.tf](./env/dev/dns-cert.tf) | Route53 entry and ACM Certificate | |
| [nsg.tf](./env/dev/nsg.tf) | NSG for ALB and function | |
| [role.tf](./env/dev/role.tf) | Application Role for function | |
| [cicd.tf](./env/dev/cicd.tf) | IAM user that can be used by CI/CD systems to deploy code | Yes |
| [secretsmanager.tf](./env/dev/secretsmanager.tf) | Secret in Secrets Manager | Yes |
| [dashboard.tf](./env/dev/dashboard.tf) | CloudWatch dashboard: CPU, memory, and HTTP-related metrics | Yes |
## Usage
Typically, the base Terraform will only need to be run once, and then should only
need changes very infrequently. After the base is built, each environment can be built.
```
# Move into the base directory
$ cd base
# Sets up Terraform to run
$ terraform init
# Executes the Terraform run
$ terraform apply
# Now, move into the dev environment
$ cd ../env/dev
# Sets up Terraform to run
$ terraform init
# Executes the Terraform run
$ terraform apply
```
##### Important (after initial `terraform apply`)
The generated base `.tfstate` is not stored in the remote state S3 bucket. Ensure the base `.tfstate` is checked into your infrastructure repo. The default Terraform `.gitignore` [generated by GitHub](https://github.com/github/gitignore/blob/master/Terraform.gitignore) will ignore all `.tfstate` files; you'll need to modify this
## Additional Information
+ [Base README](./base/README.md)
+ [Environment `dev` README](./env/dev/README.md)
## Updating readme docs
```bash
terraform-docs md .
```