Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.
Awesome Lists | Featured Topics | Projects
https://github.com/wso2/iac-aws-wso2-products

This repository stores generic terraform scripts for provisioning infrastructure to install WSO2 products
https://github.com/wso2/iac-aws-wso2-products
apim iam mi terraform
Last synced: 10 days ago
JSON representation
This repository stores generic terraform scripts for provisioning infrastructure to install WSO2 products
Host: GitHub
URL: https://github.com/wso2/iac-aws-wso2-products
Owner: wso2
License: apache-2.0
Created: 2023-10-06T06:35:41.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-02-27T03:59:17.000Z (11 months ago)
Last Synced: 2024-11-08T14:45:59.981Z (2 months ago)
Topics: apim, iam, mi, terraform
Language: HCL
Homepage:
Size: 52.7 KB
Stars: 1
Watchers: 117
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project

README

        # Terraform Configuration for WSO2 Products

This repository contains the Terraform scripts to provision AWS resources for WSO2 products.

## Prerequisites

Before you begin, ensure you have the following installed:

- Terraform >= 1.3.8

- AWS Provider ~> 5.0

- AWS CLI

- Proper AWS credentials configured

## Configuration

To configure the AWS resources, you need to perform the following steps:

1. Navigate to the `sample` directory.

2. Copy the `input.auto.tfvars` and `secrets.auto.tfvars` files from the `sample` directory to the root of the project.

```sh

   cp sample/input.tfvars

   cp sample/secrets.tfvars

   ```

3. Review and update the input.tfvars and secrets.tfvars files with the appropriate values for your environment.

## Deployment

To deploy the AWS resources:

1. Initialize Terraform to download and configure the providers.

```sh

   terraform init

   ```

2. Review the Terraform execution plan to ensure the configurations are as expected.

```sh

   terraform plan

   ```

3. Apply the configuration to provision the AWS resources.

```sh

   terraform apply

   ```

Please ensure the secrets.tfvars file is kept secure and is not committed to your version control system.

## Modules

| Name | Source | Version |

|------|--------|---------|

|  [alert\_group](#module\_alert\_group) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/SNS-Topic | n/a |

|  [aurora\_mysql\_rds\_cluster](#module\_aurora\_mysql\_rds\_cluster) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/RDS-Aurora | n/a |

|  [bastion](#module\_bastion) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EC2-Instance | n/a |

|  [bastion\_security\_group](#module\_bastion\_security\_group) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group | n/a |

|  [db\_az1\_subnet](#module\_db\_az1\_subnet) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet | n/a |

|  [db\_az2\_subnet](#module\_db\_az2\_subnet) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet | n/a |

|  [db\_security\_group](#module\_db\_security\_group) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group | n/a |

|  [db\_subnet\_group](#module\_db\_subnet\_group) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/RDS-Subnet-Group | n/a |

|  [ec2\_messages\_vpc\_endpoint](#module\_ec2\_messages\_vpc\_endpoint) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Interface-VPC-Endpoint | n/a |

|  [efs](#module\_efs) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EFS | n/a |

|  [efs\_access\_point](#module\_efs\_access\_point) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EFS-Access-Point | n/a |

|  [eks\_cluster](#module\_eks\_cluster) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/eks_cluster | n/a |

|  [eks\_cluster\_bastion\_access\_sg\_rule](#module\_eks\_cluster\_bastion\_access\_sg\_rule) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group-Rule | n/a |

|  [eks\_cluster\_container\_cpu\_utilization\_warning\_alert](#module\_eks\_cluster\_container\_cpu\_utilization\_warning\_alert) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm | n/a |

|  [eks\_cluster\_container\_memory\_utilization\_warning\_alert](#module\_eks\_cluster\_container\_memory\_utilization\_warning\_alert) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm | n/a |

|  [eks\_cluster\_container\_restarts\_warning\_alert](#module\_eks\_cluster\_container\_restarts\_warning\_alert) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm | n/a |

|  [eks\_cluster\_efs\_access\_group](#module\_eks\_cluster\_efs\_access\_group) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group | n/a |

|  [eks\_cluster\_node\_cpu\_utilization\_warning\_alert](#module\_eks\_cluster\_node\_cpu\_utilization\_warning\_alert) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm | n/a |

|  [eks\_cluster\_node\_group](#module\_eks\_cluster\_node\_group) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EKS-Node-Group | n/a |

|  [eks\_cluster\_node\_memory\_utilization\_warning\_alert](#module\_eks\_cluster\_node\_memory\_utilization\_warning\_alert) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm | n/a |

|  [endpoint\_security\_group](#module\_endpoint\_security\_group) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group | n/a |

|  [internet\_gateway](#module\_internet\_gateway) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Gateway | n/a |

|  [internet\_gateway\_subnet](#module\_internet\_gateway\_subnet) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet | n/a |

|  [internet\_gateway\_subnet\_routes](#module\_internet\_gateway\_subnet\_routes) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet-Routes | n/a |

|  [management\_az\_subnet](#module\_management\_az\_subnet) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet | n/a |

|  [nat\_gateway](#module\_nat\_gateway) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/nat_gateway | n/a |

|  [secret](#module\_secret) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Secret-Manager-Secret | n/a |

|  [ssm\_messages\_vpc\_endpoint](#module\_ssm\_messages\_vpc\_endpoint) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Interface-VPC-Endpoint | n/a |

|  [ssm\_vpc\_endpoint](#module\_ssm\_vpc\_endpoint) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Interface-VPC-Endpoint | n/a |

|  [vpc](#module\_vpc) | git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC | n/a |

## Resources

| Name | Type |

|------|------|

| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |

| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [alert\_subscribers](#input\_alert\_subscribers) | List of emails to be notified when a warning alert is triggered | `any` | n/a | yes |

|  [az1\_dmz\_subnet\_cidr\_block](#input\_az1\_dmz\_subnet\_cidr\_block) | CIDR range for subnet that holds Firewalls and Public Load Balancers in AZ | `string` | n/a | yes |

|  [bastion\_access\_security\_group\_rules](#input\_bastion\_access\_security\_group\_rules) | List of rules to allow/deny access to the Bastion | `any` | n/a | yes |

|  [bastion\_ami](#input\_bastion\_ami) | AMI to be used for Bastion | `string` | n/a | yes |

|  [bastion\_instance\_type](#input\_bastion\_instance\_type) | Instance type to be used for Bastion | `string` | n/a | yes |

|  [bastion\_ip\_address](#input\_bastion\_ip\_address) | IP address of the Bastion | `string` | n/a | yes |

|  [client\_name](#input\_client\_name) | Name of the Client. Used to separate client deployments | `string` | n/a | yes |

|  [db\_access\_security\_group\_rules](#input\_db\_access\_security\_group\_rules) | List of rules to allow/deny access to the Database | `any` | n/a | yes |

|  [db\_az1\_subnet\_cidr\_block](#input\_db\_az1\_subnet\_cidr\_block) | CIDR range for subnet that holds the Database in AZ1 | `string` | n/a | yes |

|  [db\_az2\_subnet\_cidr\_block](#input\_db\_az2\_subnet\_cidr\_block) | CIDR range for subnet that holds the Database in AZ2 | `string` | n/a | yes |

|  [db\_engine](#input\_db\_engine) | Database engine to be used | `string` | n/a | yes |

|  [db\_engine\_mode](#input\_db\_engine\_mode) | Database engine mode to be used | `string` | n/a | yes |

|  [db\_engine\_version](#input\_db\_engine\_version) | Database engine version to be used | `string` | n/a | yes |

|  [db\_instance\_size](#input\_db\_instance\_size) | Database instance size to be used | `string` | n/a | yes |

|  [db\_master\_username](#input\_db\_master\_username) | Master username to be used in MySQL DB | `string` | n/a | yes |

|  [db\_password](#input\_db\_password) | Password for the Database | `string` | n/a | yes |

|  [db\_primary\_db\_name](#input\_db\_primary\_db\_name) | Primary Database name to be used in MySQL DB | `string` | n/a | yes |

|  [default\_tags](#input\_default\_tags) | Default tags to be applied to all resources | `map(string)` | n/a | yes |

|  [ec2\_subnet\_vpc\_cidr\_block](#input\_ec2\_subnet\_vpc\_cidr\_block) | CIDR of the subnet which should contain the VM | `string` | `null` | no |

|  [efs\_creation\_token](#input\_efs\_creation\_token) | Token used for setting up the EFS | `string` | n/a | yes |

|  [efs\_owner\_gid](#input\_efs\_owner\_gid) | The group ID for the root directory owner. | `number` | `802` | no |

|  [efs\_owner\_uid](#input\_efs\_owner\_uid) | The user ID for the root directory owner. | `number` | `802` | no |

|  [efs\_permissions](#input\_efs\_permissions) | The permissions for the root directory. | `string` | `"0755"` | no |

|  [efs\_posix\_user\_gid](#input\_efs\_posix\_user\_gid) | The group ID for the POSIX-compatible user. | `number` | `802` | no |

|  [efs\_posix\_user\_uid](#input\_efs\_posix\_user\_uid) | The user ID for the POSIX-compatible user. | `number` | `802` | no |

|  [efs\_root\_directory\_path](#input\_efs\_root\_directory\_path) | The permissions for the root directory. | `string` | n/a | yes |

|  [eks\_availability\_zone\_1\_subnet\_cidr\_block](#input\_eks\_availability\_zone\_1\_subnet\_cidr\_block) | CIDR range for subnet that holds the First EKS cluster in AZ1 | `string` | n/a | yes |

|  [eks\_availability\_zone\_2\_subnet\_cidr\_block](#input\_eks\_availability\_zone\_2\_subnet\_cidr\_block) | CIDR range for subnet that holds the First EKS cluster in AZ2 | `string` | n/a | yes |

|  [eks\_cluster\_container\_cpu\_utilization\_warning\_threshold](#input\_eks\_cluster\_container\_cpu\_utilization\_warning\_threshold) | Warning threshold for container CPU utilization in percentage. | `number` | n/a | yes |

|  [eks\_cluster\_container\_memory\_utilization\_warning\_threshold](#input\_eks\_cluster\_container\_memory\_utilization\_warning\_threshold) | Warning threshold for container memory utilization in percentage. | `number` | n/a | yes |

|  [eks\_cluster\_container\_restart\_warning\_threshold](#input\_eks\_cluster\_container\_restart\_warning\_threshold) | Warning threshold for container restarts. | `number` | n/a | yes |

|  [eks\_cluster\_enable\_monitoring\_global\_flag](#input\_eks\_cluster\_enable\_monitoring\_global\_flag) | Flag to enable global monitoring for the EKS cluster. | `bool` | n/a | yes |

|  [eks\_cluster\_node\_cpu\_utilization\_warning\_threshold](#input\_eks\_cluster\_node\_cpu\_utilization\_warning\_threshold) | Warning threshold for node CPU utilization in percentage. | `number` | n/a | yes |

|  [eks\_cluster\_node\_memory\_utilization\_warning\_threshold](#input\_eks\_cluster\_node\_memory\_utilization\_warning\_threshold) | Warning threshold for node memory utilization in percentage. | `number` | n/a | yes |

|  [eks\_default\_nodepool\_desired\_size](#input\_eks\_default\_nodepool\_desired\_size) | Desired number of nodes in the default node pool for the First EKS Cluster | `number` | n/a | yes |

|  [eks\_default\_nodepool\_max\_size](#input\_eks\_default\_nodepool\_max\_size) | Maximum number of nodes in the default node pool for the First EKS Cluster | `number` | n/a | yes |

|  [eks\_default\_nodepool\_max\_unavailable](#input\_eks\_default\_nodepool\_max\_unavailable) | Maximum number of nodes that can be unavailable in the default node pool for the First EKS Cluster | `number` | n/a | yes |

|  [eks\_default\_nodepool\_min\_size](#input\_eks\_default\_nodepool\_min\_size) | Minimum number of nodes in the default node pool for the First EKS Cluster | `number` | n/a | yes |

|  [eks\_external\_lb\_az1\_subnet\_cidr](#input\_eks\_external\_lb\_az1\_subnet\_cidr) | CIDR range for subnet that holds the Internal Load Balancers in AZ1 | `string` | n/a | yes |

|  [eks\_external\_lb\_az2\_subnet\_cidr](#input\_eks\_external\_lb\_az2\_subnet\_cidr) | CIDR range for subnet that holds the Internal Load Balancers in AZ2 | `string` | n/a | yes |

|  [eks\_instance\_types](#input\_eks\_instance\_types) | n/a | `any` | n/a | yes |

|  [eks\_service\_ipv4\_cidr](#input\_eks\_service\_ipv4\_cidr) | CIDR range for EKS K8S services | `string` | n/a | yes |

|  [enable\_database](#input\_enable\_database) | Set true to enable the creation of a MySQL database. | `bool` | `true` | no |

|  [enable\_efs\_access\_point](#input\_enable\_efs\_access\_point) | Deploy a EFS access point for persistent storage | `bool` | `true` | no |

|  [enable\_secret](#input\_enable\_secret) | Enable secrets to store passwords | `bool` | `true` | no |

|  [environment\_name](#input\_environment\_name) | Name used to identify Resources of the development resources | `string` | n/a | yes |

|  [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version to be used in EKS clusters | `string` | n/a | yes |

|  [management\_subnet\_az\_cidr](#input\_management\_subnet\_az\_cidr) | CIDR range for subnet that holds the Transit Gateway attachment in AZ1 | `string` | n/a | yes |

|  [project](#input\_project) | Name of the project. Used for naming | `string` | n/a | yes |

|  [region](#input\_region) | Deployment region | `string` | n/a | yes |

|  [secret\_name](#input\_secret\_name) | Secret name for string | `string` | n/a | yes |

|  [secret\_recovery\_window\_in\_days](#input\_secret\_recovery\_window\_in\_days) | Recovery window of the secret | `number` | n/a | yes |

|  [secret\_string](#input\_secret\_string) | String value for string | `string` | n/a | yes |

|  [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | CIDR range for VPC | `string` | n/a | yes |

## Outputs

| Name | Description |

|------|-------------|

|  [bastion\_instance](#output\_bastion\_instance) | ID of the bastion instance. |

|  [database\_writer\_endpoint](#output\_database\_writer\_endpoint) | Writer endpoint of the database instance. |

|  [efs\_efs\_access\_point](#output\_efs\_efs\_access\_point) | ID of the EFS Access Point |

|  [efs\_id](#output\_efs\_id) | ID of the Elastic File Storage |

|  [filestore\_location](#output\_filestore\_location) | Location of the filestore. |