Skip to content

Terraform module which setup a very generic concourse CI server.

License

Notifications You must be signed in to change notification settings

zoitech/terraform-aws-concourse

Repository files navigation

Create Concourse Server with Application Load Balancer

Terraform module which sets up a very generic concourse CI server. CoreOS and docker are used in behind.

  • Create instance
  • Create EC2 role
  • Create ALB (with optional SSL binding)

Usage Example

module "concourse" {
  source  = "git::https://github.com/zoitech/terraform-aws-concourse.git?ref=v0.0.5"
  instance_name = "concourse"
  instance_sg_id = aws_security_group.group_concourse.id
  alb_sg_id = aws_security_group.allow_all.id
  concourse_username = "concourse"
  concourse_password = "Sup3rS3cur3"
  instance_key_name = "my_key"
  public_sn_a = "subnet-ab123456"
  public_sn_b = "subnet-ab654321"
  private_sn_a = "subnet-bc123456"
  vpc_id = "vpc-98ad1234"
  instance_volume_size = "200" #default 60
  instance_ami = "ami-fo33w5t"

To enable access logs for the load balancer, set the parameter "enable_alb_access_logs = true". When set to true, the following parameters should also be configured as shown below:

  enable_alb_access_logs = true
  s3_log_bucket_name = "log-log-log-for-logging-test"
  s3_log_bucket_Key_name = "concourse-alb-logs"
  principle_account_id = "054676820928" # See below for more information
  lifecycle_rule_id = "concourse_alb_log_expiration"
  lifecycle_rule_enabled = true
}

The account ID for the principle within the bucket policy needs to match the region to allow the load balancer to write the logs to the bucket.

Region Region Name Elastic Load Balancing Account ID
us-east-1 US East (N. Virginia) 127311923021
us-east-2 US East (Ohio) 033677994240
us-west-1 US West (N. California) 027434742980
us-west-2 US West (Oregon) 797873946194
ca-central-1 Canada (Central) 985666609251
eu-central-1 EU (Frankfurt) 054676820928
eu-west-1 EU (Ireland) 156460612806
eu-west-2 EU (London) 652711504416
eu-west-3 EU (Paris) 009996457667
ap-northeast-1 Asia Pacific (Tokyo) 582318560864
ap-northeast-2 Asia Pacific (Seoul)) 600734575887
ap-northeast-3 Asia Pacific (Osaka-Local) 383597477331
ap-southeast-1 Asia Pacific (Singapore) 114774131450
ap-southeast-2 Asia Pacific (Sydney) 783225319266
ap-south-1 Asia Pacific (Mumbai) 718504428378
sa-east-1 South America (São Paulo) 507241528517
us-gov-west-1* AWS GovCloud (US) 048591011584
cn-north-1 ** China (Beijing) 638102146993
cn-northwest-1 ** China (Ningxia) 037604701340

* This region requires a separate account. For more information, see AWS GovCloud (US).

** This region requires a separate account. For more information, see China (Beijing).

For updated account IDs with corresponding regions, please refer to: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy

Authors

Module managed by Zoi.

License

MIT License. See LICENSE for full details.

Requirements

Name Version
terraform >= 0.12

Providers

Name Version
aws n/a
random n/a
template n/a

Modules

No modules.

Resources

Name Type
aws_db_event_subscription.postgres resource
aws_db_instance.postgres resource
aws_db_parameter_group.concourse resource
aws_db_subnet_group.postgres resource
aws_iam_instance_profile.ec2_role_profile resource
aws_iam_role.ec2_role resource
aws_iam_role_policy_attachment.ec2_role_admin resource
aws_instance.ec2_docker_instance resource
aws_lb.concourse resource
aws_lb_listener.concource_http resource
aws_lb_listener.concource_https resource
aws_lb_target_group.concourse resource
aws_lb_target_group_attachment.concourse resource
aws_s3_bucket.log_bucket resource
aws_s3_bucket_acl.log_bucket resource
aws_s3_bucket_lifecycle_configuration.log_bucket resource
aws_s3_bucket_object.concourse_alb_access_logs resource
aws_s3_bucket_policy.log_bucket resource
aws_security_group.GroupLB resource
aws_security_group.GroupWS resource
aws_security_group.RuleGroupLBHttpIn resource
aws_security_group.RuleGroupWsIn resource
aws_sns_topic.postgres resource
random_string.concourse_password resource
random_string.postgres_password resource
aws_caller_identity.current data source
aws_iam_policy_document.allow_alb_loggin_access data source
template_file.userdata data source

Inputs

Name Description Type Default Required
alb_sg_id The Security Group ID/s which should be attached to the Loadbalancer. list(string) n/a yes
alb_tags Custom tags for the Application Load Balancer map(string) {} no
certificate_arn ARN of the certificate. string "" no
concourse_db_size Size of the DB Instance. string "db.t2.micro" no
concourse_db_storage Size of the DB Disk. string "100" no
concourse_external_url The external URL (including http://) of the Concourse server. string "" no
concourse_password The Password for the default user on the Concourse Server. string "" no
concourse_username The Username for the default user on the Concourse Server. string "concourse" no
concourse_version The Concourse version to launch. string "3.4.1" no
ebs_tags Custom tags for the EBS volume map(string) {} no
ec2_tags Custom tags for the EC2 instance map(string) {} no
enable_alb_access_logs Turn alb access logs on or off. bool false no
enable_special_char_in_random_password Enable special characters in random password. bool false no
instance_ami ami any n/a yes
instance_key_name The SSH key to use for connecting to the instance. any n/a yes
instance_name The name of the Instance. string "concourse" no
instance_sg_id The Security Group ID/s which should be attached to the Instance. list(string) n/a yes
instance_size The size of the Instance's disk. string "t2.medium" no
instance_volume_size Custom volume size for concourse string "60" no
lifecycle_rule_enabled To enable the lifecycle rule bool false no
lifecycle_rule_expiration Delete log files X days after creation number 90 no
lifecycle_rule_id Name of the lifecyle rule id. string "rule1" no
lifecycle_rule_prefix Lifecycle rule prefix. string "" no
postgres_family The Postgres Family to use. string "postgres9.5" no
postgres_multiaz n/a string "0" no
postgres_password The Password for the Postgres database. string "" no
postgres_username The Username for the Postgres database. string "dbadmin" no
postgres_version The Postgres Version to use. string "9.5.10" no
prefix A prefix which is added to each ressource. string "prod" no
principle_account_id Set principle account ID for the region string "156460612806" no
private_sn The Public Subnets in which the EC2 Instance should be created. list(string) n/a yes
public_sn The Public Subnets in which the LB should be created. list(string) n/a yes
rds_tags Custom tags for the RDS instance map(string) {} no
region The AWS region to run in. string "eu-west-1" no
role_policies The policies which would be attached to the EC2 Role. list(string)
[
"arn:aws:iam::aws:policy/AdministratorAccess"
]
no
s3_log_bucket_Key_name Name of the folder to store logs in the bucket. string "" no
s3_log_bucket_name Name of the logs bucket. string "" no
s3_tags Custom tags for the S3 bucket map(string) {} no
sg_tags Custom tags for the security groups map(string) {} no
sns_tags Custom tags for the SNS topic map(string) {} no
vpc_id The VPC Id in which the EC2 Instance should be created. any n/a yes

Outputs

Name Description
alb_dns_name n/a
alb_name n/a
concourse_password n/a
instance_id n/a
postgres_password n/a
public_ip n/a
url n/a