diff --git a/README.md b/README.md index f8df284..7df76a1 100644 --- a/README.md +++ b/README.md @@ -408,166 +408,183 @@ Available targets: lint Lint terraform code ``` +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | +| random | n/a | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alb_arn_suffix | The ARN suffix of the ALB | string | - | yes | -| alb_dns_name | DNS name of ALB | string | - | yes | -| alb_ingress_authenticated_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_authenticated_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_listener_authenticated_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | number | `100` | no | -| alb_ingress_listener_unauthenticated_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | number | `50` | no | -| alb_ingress_unauthenticated_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_unauthenticated_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_security_group | Security group of the ALB | string | - | yes | -| alb_target_group_alarms_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | bool | `false` | no | -| alb_target_group_alarms_insufficient_data_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT_DATA state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | list(string) | `` | no | -| alb_zone_id | The ID of the zone in which ALB is provisioned | string | - | yes | -| atlantis_gh_team_whitelist | Atlantis GitHub team whitelist | string | `` | no | -| atlantis_gh_user | Atlantis GitHub user | string | - | yes | -| atlantis_gh_webhook_secret | Atlantis GitHub webhook secret | string | `` | no | -| atlantis_log_level | Atlantis log level | string | `info` | no | -| atlantis_port | Atlantis container port | number | `4141` | no | -| atlantis_repo_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | string | `atlantis-repo-config.yaml` | no | -| atlantis_repo_whitelist | Whitelist of repositories Atlantis will accept webhooks from | list(string) | `` | no | -| atlantis_url_format | Template for the Atlantis URL which is populated with the hostname | string | `https://%s` | no | -| atlantis_wake_word | Wake world for atlantis | string | `atlantis` | no | -| atlantis_webhook_format | Template for the Atlantis webhook URL which is populated with the hostname | string | `https://%s/events` | no | -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no | -| authentication_cognito_user_pool_arn_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | string | `` | no | -| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no | -| authentication_cognito_user_pool_client_id_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | string | `` | no | -| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no | -| authentication_cognito_user_pool_domain_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | string | `` | no | -| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no | -| authentication_oidc_client_id | OIDC Client ID | string | `` | no | -| authentication_oidc_client_id_ssm_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | string | `` | no | -| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no | -| authentication_oidc_client_secret_ssm_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | string | `` | no | -| authentication_oidc_issuer | OIDC Issuer | string | `` | no | -| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no | -| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no | -| authentication_type | Authentication type. Supported values are `COGNITO` and `OIDC` | string | `` | no | -| autoscaling_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | bool | `false` | no | -| autoscaling_max_capacity | Atlantis maximum tasks to run | number | `1` | no | -| autoscaling_min_capacity | Atlantis minimum tasks to run | number | `1` | no | -| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | string | `master` | no | -| build_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | number | `10` | no | -| chamber_format | Format to store parameters in SSM, for consumption with chamber | string | `/%s/%s` | no | -| chamber_service | SSM parameter service name for use with chamber. This is used in chamber_format where /$chamber_service/$parameter would be the default. | string | `atlantis` | no | -| codepipeline_enabled | A boolean to enable/disable AWS Codepipeline and ECR | bool | `false` | no | -| codepipeline_s3_bucket_force_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | bool | `false` | no | -| container_cpu | Atlantis CPUs per task | number | `256` | no | -| container_memory | Atlantis memory per task | number | `512` | no | -| default_backend_image | ECS default (bootstrap) image | string | `cloudposse/default-backend:0.1.2` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| desired_count | Atlantis desired number of tasks | number | `1` | no | -| ecs_alarms_cpu_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | list(string) | `` | no | -| ecs_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | bool | `false` | no | -| ecs_alarms_memory_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | list(string) | `` | no | -| ecs_cluster_arn | ARN of the ECS cluster to deploy Atlantis | string | - | yes | -| ecs_cluster_name | Name of the ECS cluster to deploy Atlantis | string | - | yes | -| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | bool | `false` | no | -| github_oauth_token | GitHub OAuth token. If not provided the token is looked up from SSM | string | `` | no | -| github_oauth_token_ssm_name | SSM param name to lookup `github_oauth_token` if not provided | string | `` | no | -| github_webhooks_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | string | `` | no | -| github_webhooks_token_ssm_name | SSM param name to lookup `github_webhooks_token` if not provided | string | `` | no | -| healthcheck_path | Healthcheck path | string | `/healthz` | no | -| hostname | Atlantis URL | string | `` | no | -| kms_key_id | KMS key ID used to encrypt SSM SecureString parameters | string | `` | no | -| launch_type | The ECS launch type (valid options: FARGATE or EC2) | string | `FARGATE` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| overwrite_ssm_parameter | Whether to overwrite an existing SSM parameter | bool | `true` | no | -| parent_zone_id | The zone ID where the DNS record for the `short_name` will be written | string | `` | no | -| policy_arn | Permission to grant to atlantis server | string | `arn:aws:iam::aws:policy/AdministratorAccess` | no | -| private_subnet_ids | The private subnet IDs | list(string) | `` | no | -| region | AWS Region for S3 bucket | string | - | yes | -| repo_name | GitHub repository name of the atlantis to be built and deployed to ECS. | string | - | yes | -| repo_owner | GitHub organization containing the Atlantis repository | string | - | yes | -| security_group_ids | Additional Security Group IDs to allow into ECS Service. | list(string) | `` | no | -| short_name | Alantis short DNS name (e.g. `atlantis`) | string | `atlantis` | no | -| ssh_private_key_name | Atlantis SSH private key name | string | `atlantis_ssh_private_key` | no | -| ssh_public_key_name | Atlantis SSH public key name | string | `atlantis_ssh_public_key` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| vpc_id | VPC ID for the ECS Cluster | string | - | yes | -| webhook_enabled | Set to false to prevent the module from creating any webhook resources | bool | `true` | no | -| webhook_events | A list of events which should trigger the webhook. | list(string) | `` | no | -| webhook_secret_length | GitHub webhook secret length | number | `32` | no | +|------|-------------|------|---------|:--------:| +| alb\_arn\_suffix | The ARN suffix of the ALB | `string` | n/a | yes | +| alb\_dns\_name | DNS name of ALB | `string` | n/a | yes | +| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/*"
]
| no | +| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no | +| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `50` | no | +| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/events"
]
| no | +| alb\_security\_group | Security group of the ALB | `string` | n/a | yes | +| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | +| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | `list(string)` | `[]` | no | +| alb\_zone\_id | The ID of the zone in which ALB is provisioned | `string` | n/a | yes | +| atlantis\_gh\_team\_whitelist | Atlantis GitHub team whitelist | `string` | `""` | no | +| atlantis\_gh\_user | Atlantis GitHub user | `string` | n/a | yes | +| atlantis\_gh\_webhook\_secret | Atlantis GitHub webhook secret | `string` | `""` | no | +| atlantis\_log\_level | Atlantis log level | `string` | `"info"` | no | +| atlantis\_port | Atlantis container port | `number` | `4141` | no | +| atlantis\_repo\_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | `string` | `"atlantis-repo-config.yaml"` | no | +| atlantis\_repo\_whitelist | Whitelist of repositories Atlantis will accept webhooks from | `list(string)` | `[]` | no | +| atlantis\_url\_format | Template for the Atlantis URL which is populated with the hostname | `string` | `"https://%s"` | no | +| atlantis\_wake\_word | Wake world for atlantis | `string` | `"atlantis"` | no | +| atlantis\_webhook\_format | Template for the Atlantis webhook URL which is populated with the hostname | `string` | `"https://%s/events"` | no | +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_arn\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | `string` | `""` | no | +| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | +| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | +| authentication\_oidc\_client\_id\_ssm\_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | `string` | `""` | no | +| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | +| authentication\_oidc\_client\_secret\_ssm\_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | `string` | `""` | no | +| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | +| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | +| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | +| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | +| autoscaling\_max\_capacity | Atlantis maximum tasks to run | `number` | `1` | no | +| autoscaling\_min\_capacity | Atlantis minimum tasks to run | `number` | `1` | no | +| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | `string` | `"master"` | no | +| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | `number` | `10` | no | +| chamber\_format | Format to store parameters in SSM, for consumption with chamber | `string` | `"/%s/%s"` | no | +| chamber\_service | SSM parameter service name for use with chamber. This is used in chamber\_format where /$chamber\_service/$parameter would be the default. | `string` | `"atlantis"` | no | +| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `false` | no | +| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| container\_cpu | Atlantis CPUs per task | `number` | `256` | no | +| container\_memory | Atlantis memory per task | `number` | `512` | no | +| default\_backend\_image | ECS default (bootstrap) image | `string` | `"cloudposse/default-backend:0.1.2"` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| desired\_count | Atlantis desired number of tasks | `number` | `1` | no | +| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | +| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_cluster\_arn | ARN of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| ecs\_cluster\_name | Name of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | `bool` | `false` | no | +| github\_oauth\_token | GitHub OAuth token. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_oauth\_token\_ssm\_name | SSM param name to lookup `github_oauth_token` if not provided | `string` | `""` | no | +| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_webhooks\_token\_ssm\_name | SSM param name to lookup `github_webhooks_token` if not provided | `string` | `""` | no | +| healthcheck\_path | Healthcheck path | `string` | `"/healthz"` | no | +| hostname | Atlantis URL | `string` | `""` | no | +| kms\_key\_id | KMS key ID used to encrypt SSM SecureString parameters | `string` | `""` | no | +| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| overwrite\_ssm\_parameter | Whether to overwrite an existing SSM parameter | `bool` | `true` | no | +| parent\_zone\_id | The zone ID where the DNS record for the `short_name` will be written | `string` | `""` | no | +| policy\_arn | Permission to grant to atlantis server | `string` | `"arn:aws:iam::aws:policy/AdministratorAccess"` | no | +| private\_subnet\_ids | The private subnet IDs | `list(string)` | `[]` | no | +| region | AWS Region for S3 bucket | `string` | n/a | yes | +| repo\_name | GitHub repository name of the atlantis to be built and deployed to ECS. | `string` | n/a | yes | +| repo\_owner | GitHub organization containing the Atlantis repository | `string` | n/a | yes | +| security\_group\_ids | Additional Security Group IDs to allow into ECS Service. | `list(string)` | `[]` | no | +| short\_name | Alantis short DNS name (e.g. `atlantis`) | `string` | `"atlantis"` | no | +| ssh\_private\_key\_name | Atlantis SSH private key name | `string` | `"atlantis_ssh_private_key"` | no | +| ssh\_public\_key\_name | Atlantis SSH public key name | `string` | `"atlantis_ssh_public_key"` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| vpc\_id | VPC ID for the ECS Cluster | `string` | n/a | yes | +| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| webhook\_events | A list of events which should trigger the webhook. | `list(string)` | 
[
  "issue_comment",
  "pull_request",
  "pull_request_review",
  "pull_request_review_comment",
  "push"
]
| no | +| webhook\_secret\_length | GitHub webhook secret length | `number` | `32` | no | ## Outputs | Name | Description | |------|-------------| -| alb_ingress_target_group_arn | ALB Target Group ARN | -| alb_ingress_target_group_arn_suffix | ALB Target Group ARN suffix | -| alb_ingress_target_group_name | ALB Target Group name | -| atlantis_ssh_public_key | Atlantis SSH Public Key | -| atlantis_url | The URL endpoint for the atlantis server | -| atlantis_webhook_url | atlantis webhook URL | -| codebuild_badge_url | The URL of the build badge when badge_enabled is enabled | -| codebuild_cache_bucket_arn | CodeBuild cache S3 bucket ARN | -| codebuild_cache_bucket_name | CodeBuild cache S3 bucket name | -| codebuild_project_id | CodeBuild project ID | -| codebuild_project_name | CodeBuild project name | -| codebuild_role_arn | CodeBuild IAM Role ARN | -| codebuild_role_id | CodeBuild IAM Role ID | -| codepipeline_arn | CodePipeline ARN | -| codepipeline_id | CodePipeline ID | -| codepipeline_webhook_id | The CodePipeline webhook's ID | -| codepipeline_webhook_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | -| container_definition_json | JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition | -| container_definition_json_map | JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition | -| ecr_registry_id | Registry ID | -| ecr_registry_url | Registry URL | -| ecr_repository_name | Registry name | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_arn | ECS CPU utilization high CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id | ECS CPU utilization high CloudWatch metric alarm ID | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_arn | ECS CPU utilization low CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id | ECS CPU utilization low CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_arn | ECS Memory utilization high CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id | ECS Memory utilization high CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_arn | ECS Memory utilization low CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id | ECS Memory utilization low CloudWatch metric alarm ID | -| ecs_cloudwatch_autoscaling_scale_down_policy_arn | ARN of the scale down policy | -| ecs_cloudwatch_autoscaling_scale_up_policy_arn | ARN of the scale up policy | -| ecs_exec_role_policy_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs_exec_role_policy_name | ECS service role name | -| ecs_service_name | ECS Service name | -| ecs_service_role_arn | ECS Service role ARN | -| ecs_service_security_group_id | Security Group ID of the ECS task | -| ecs_task_definition_family | ECS task definition family | -| ecs_task_definition_revision | ECS task definition revision | -| ecs_task_exec_role_arn | ECS Task exec role ARN | -| ecs_task_exec_role_name | ECS Task role name | -| ecs_task_role_arn | ECS Task role ARN | -| ecs_task_role_id | ECS Task role id | -| ecs_task_role_name | ECS Task role name | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_arn | ALB 5xx count CloudWatch metric alarm ARN | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_id | ALB 5xx count CloudWatch metric alarm ID | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_id | ALB Target Group 3xx count CloudWatch metric alarm ID | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_id | ALB Target Group 4xx count CloudWatch metric alarm ID | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_id | ALB Target Group 5xx count CloudWatch metric alarm ID | -| target_response_time_average_cloudwatch_metric_alarm_arn | ALB Target Group response time average CloudWatch metric alarm ARN | -| target_response_time_average_cloudwatch_metric_alarm_id | ALB Target Group response time average CloudWatch metric alarm ID | +| alb\_ingress\_target\_group\_arn | ALB Target Group ARN | +| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix | +| alb\_ingress\_target\_group\_name | ALB Target Group name | +| atlantis\_ssh\_public\_key | Atlantis SSH Public Key | +| atlantis\_url | The URL endpoint for the atlantis server | +| atlantis\_webhook\_url | atlantis webhook URL | +| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | +| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | +| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | +| codebuild\_project\_id | CodeBuild project ID | +| codebuild\_project\_name | CodeBuild project name | +| codebuild\_role\_arn | CodeBuild IAM Role ARN | +| codebuild\_role\_id | CodeBuild IAM Role ID | +| codepipeline\_arn | CodePipeline ARN | +| codepipeline\_id | CodePipeline ID | +| codepipeline\_webhook\_id | The CodePipeline webhook's ID | +| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| ecr\_registry\_id | Registry ID | +| ecr\_registry\_url | Registry URL | +| ecr\_repository\_name | Registry name | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID | +| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy | +| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy | +| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| ecs\_exec\_role\_policy\_name | ECS service role name | +| ecs\_service\_name | ECS Service name | +| ecs\_service\_role\_arn | ECS Service role ARN | +| ecs\_service\_security\_group\_id | Security Group ID of the ECS task | +| ecs\_task\_definition\_family | ECS task definition family | +| ecs\_task\_definition\_revision | ECS task definition revision | +| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN | +| ecs\_task\_exec\_role\_name | ECS Task role name | +| ecs\_task\_role\_arn | ECS Task role ARN | +| ecs\_task\_role\_id | ECS Task role id | +| ecs\_task\_role\_name | ECS Task role name | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID | diff --git a/docs/terraform.md b/docs/terraform.md index 0583d16..ee11cc6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,161 +1,178 @@ +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | +| random | n/a | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alb_arn_suffix | The ARN suffix of the ALB | string | - | yes | -| alb_dns_name | DNS name of ALB | string | - | yes | -| alb_ingress_authenticated_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_authenticated_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_listener_authenticated_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | number | `100` | no | -| alb_ingress_listener_unauthenticated_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | number | `50` | no | -| alb_ingress_unauthenticated_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_unauthenticated_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_security_group | Security group of the ALB | string | - | yes | -| alb_target_group_alarms_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | bool | `false` | no | -| alb_target_group_alarms_insufficient_data_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT_DATA state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | list(string) | `` | no | -| alb_zone_id | The ID of the zone in which ALB is provisioned | string | - | yes | -| atlantis_gh_team_whitelist | Atlantis GitHub team whitelist | string | `` | no | -| atlantis_gh_user | Atlantis GitHub user | string | - | yes | -| atlantis_gh_webhook_secret | Atlantis GitHub webhook secret | string | `` | no | -| atlantis_log_level | Atlantis log level | string | `info` | no | -| atlantis_port | Atlantis container port | number | `4141` | no | -| atlantis_repo_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | string | `atlantis-repo-config.yaml` | no | -| atlantis_repo_whitelist | Whitelist of repositories Atlantis will accept webhooks from | list(string) | `` | no | -| atlantis_url_format | Template for the Atlantis URL which is populated with the hostname | string | `https://%s` | no | -| atlantis_wake_word | Wake world for atlantis | string | `atlantis` | no | -| atlantis_webhook_format | Template for the Atlantis webhook URL which is populated with the hostname | string | `https://%s/events` | no | -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no | -| authentication_cognito_user_pool_arn_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | string | `` | no | -| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no | -| authentication_cognito_user_pool_client_id_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | string | `` | no | -| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no | -| authentication_cognito_user_pool_domain_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | string | `` | no | -| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no | -| authentication_oidc_client_id | OIDC Client ID | string | `` | no | -| authentication_oidc_client_id_ssm_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | string | `` | no | -| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no | -| authentication_oidc_client_secret_ssm_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | string | `` | no | -| authentication_oidc_issuer | OIDC Issuer | string | `` | no | -| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no | -| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no | -| authentication_type | Authentication type. Supported values are `COGNITO` and `OIDC` | string | `` | no | -| autoscaling_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | bool | `false` | no | -| autoscaling_max_capacity | Atlantis maximum tasks to run | number | `1` | no | -| autoscaling_min_capacity | Atlantis minimum tasks to run | number | `1` | no | -| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | string | `master` | no | -| build_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | number | `10` | no | -| chamber_format | Format to store parameters in SSM, for consumption with chamber | string | `/%s/%s` | no | -| chamber_service | SSM parameter service name for use with chamber. This is used in chamber_format where /$chamber_service/$parameter would be the default. | string | `atlantis` | no | -| codepipeline_enabled | A boolean to enable/disable AWS Codepipeline and ECR | bool | `false` | no | -| codepipeline_s3_bucket_force_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | bool | `false` | no | -| container_cpu | Atlantis CPUs per task | number | `256` | no | -| container_memory | Atlantis memory per task | number | `512` | no | -| default_backend_image | ECS default (bootstrap) image | string | `cloudposse/default-backend:0.1.2` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| desired_count | Atlantis desired number of tasks | number | `1` | no | -| ecs_alarms_cpu_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | list(string) | `` | no | -| ecs_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | bool | `false` | no | -| ecs_alarms_memory_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | list(string) | `` | no | -| ecs_cluster_arn | ARN of the ECS cluster to deploy Atlantis | string | - | yes | -| ecs_cluster_name | Name of the ECS cluster to deploy Atlantis | string | - | yes | -| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | bool | `false` | no | -| github_oauth_token | GitHub OAuth token. If not provided the token is looked up from SSM | string | `` | no | -| github_oauth_token_ssm_name | SSM param name to lookup `github_oauth_token` if not provided | string | `` | no | -| github_webhooks_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | string | `` | no | -| github_webhooks_token_ssm_name | SSM param name to lookup `github_webhooks_token` if not provided | string | `` | no | -| healthcheck_path | Healthcheck path | string | `/healthz` | no | -| hostname | Atlantis URL | string | `` | no | -| kms_key_id | KMS key ID used to encrypt SSM SecureString parameters | string | `` | no | -| launch_type | The ECS launch type (valid options: FARGATE or EC2) | string | `FARGATE` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| overwrite_ssm_parameter | Whether to overwrite an existing SSM parameter | bool | `true` | no | -| parent_zone_id | The zone ID where the DNS record for the `short_name` will be written | string | `` | no | -| policy_arn | Permission to grant to atlantis server | string | `arn:aws:iam::aws:policy/AdministratorAccess` | no | -| private_subnet_ids | The private subnet IDs | list(string) | `` | no | -| region | AWS Region for S3 bucket | string | - | yes | -| repo_name | GitHub repository name of the atlantis to be built and deployed to ECS. | string | - | yes | -| repo_owner | GitHub organization containing the Atlantis repository | string | - | yes | -| security_group_ids | Additional Security Group IDs to allow into ECS Service. | list(string) | `` | no | -| short_name | Alantis short DNS name (e.g. `atlantis`) | string | `atlantis` | no | -| ssh_private_key_name | Atlantis SSH private key name | string | `atlantis_ssh_private_key` | no | -| ssh_public_key_name | Atlantis SSH public key name | string | `atlantis_ssh_public_key` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| vpc_id | VPC ID for the ECS Cluster | string | - | yes | -| webhook_enabled | Set to false to prevent the module from creating any webhook resources | bool | `true` | no | -| webhook_events | A list of events which should trigger the webhook. | list(string) | `` | no | -| webhook_secret_length | GitHub webhook secret length | number | `32` | no | +|------|-------------|------|---------|:--------:| +| alb\_arn\_suffix | The ARN suffix of the ALB | `string` | n/a | yes | +| alb\_dns\_name | DNS name of ALB | `string` | n/a | yes | +| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/*"
]
| no | +| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no | +| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `50` | no | +| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/events"
]
| no | +| alb\_security\_group | Security group of the ALB | `string` | n/a | yes | +| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | +| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | `list(string)` | `[]` | no | +| alb\_zone\_id | The ID of the zone in which ALB is provisioned | `string` | n/a | yes | +| atlantis\_gh\_team\_whitelist | Atlantis GitHub team whitelist | `string` | `""` | no | +| atlantis\_gh\_user | Atlantis GitHub user | `string` | n/a | yes | +| atlantis\_gh\_webhook\_secret | Atlantis GitHub webhook secret | `string` | `""` | no | +| atlantis\_log\_level | Atlantis log level | `string` | `"info"` | no | +| atlantis\_port | Atlantis container port | `number` | `4141` | no | +| atlantis\_repo\_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | `string` | `"atlantis-repo-config.yaml"` | no | +| atlantis\_repo\_whitelist | Whitelist of repositories Atlantis will accept webhooks from | `list(string)` | `[]` | no | +| atlantis\_url\_format | Template for the Atlantis URL which is populated with the hostname | `string` | `"https://%s"` | no | +| atlantis\_wake\_word | Wake world for atlantis | `string` | `"atlantis"` | no | +| atlantis\_webhook\_format | Template for the Atlantis webhook URL which is populated with the hostname | `string` | `"https://%s/events"` | no | +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_arn\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | `string` | `""` | no | +| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | +| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | +| authentication\_oidc\_client\_id\_ssm\_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | `string` | `""` | no | +| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | +| authentication\_oidc\_client\_secret\_ssm\_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | `string` | `""` | no | +| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | +| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | +| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | +| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | +| autoscaling\_max\_capacity | Atlantis maximum tasks to run | `number` | `1` | no | +| autoscaling\_min\_capacity | Atlantis minimum tasks to run | `number` | `1` | no | +| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | `string` | `"master"` | no | +| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | `number` | `10` | no | +| chamber\_format | Format to store parameters in SSM, for consumption with chamber | `string` | `"/%s/%s"` | no | +| chamber\_service | SSM parameter service name for use with chamber. This is used in chamber\_format where /$chamber\_service/$parameter would be the default. | `string` | `"atlantis"` | no | +| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `false` | no | +| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| container\_cpu | Atlantis CPUs per task | `number` | `256` | no | +| container\_memory | Atlantis memory per task | `number` | `512` | no | +| default\_backend\_image | ECS default (bootstrap) image | `string` | `"cloudposse/default-backend:0.1.2"` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| desired\_count | Atlantis desired number of tasks | `number` | `1` | no | +| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | +| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_cluster\_arn | ARN of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| ecs\_cluster\_name | Name of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | `bool` | `false` | no | +| github\_oauth\_token | GitHub OAuth token. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_oauth\_token\_ssm\_name | SSM param name to lookup `github_oauth_token` if not provided | `string` | `""` | no | +| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_webhooks\_token\_ssm\_name | SSM param name to lookup `github_webhooks_token` if not provided | `string` | `""` | no | +| healthcheck\_path | Healthcheck path | `string` | `"/healthz"` | no | +| hostname | Atlantis URL | `string` | `""` | no | +| kms\_key\_id | KMS key ID used to encrypt SSM SecureString parameters | `string` | `""` | no | +| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| overwrite\_ssm\_parameter | Whether to overwrite an existing SSM parameter | `bool` | `true` | no | +| parent\_zone\_id | The zone ID where the DNS record for the `short_name` will be written | `string` | `""` | no | +| policy\_arn | Permission to grant to atlantis server | `string` | `"arn:aws:iam::aws:policy/AdministratorAccess"` | no | +| private\_subnet\_ids | The private subnet IDs | `list(string)` | `[]` | no | +| region | AWS Region for S3 bucket | `string` | n/a | yes | +| repo\_name | GitHub repository name of the atlantis to be built and deployed to ECS. | `string` | n/a | yes | +| repo\_owner | GitHub organization containing the Atlantis repository | `string` | n/a | yes | +| security\_group\_ids | Additional Security Group IDs to allow into ECS Service. | `list(string)` | `[]` | no | +| short\_name | Alantis short DNS name (e.g. `atlantis`) | `string` | `"atlantis"` | no | +| ssh\_private\_key\_name | Atlantis SSH private key name | `string` | `"atlantis_ssh_private_key"` | no | +| ssh\_public\_key\_name | Atlantis SSH public key name | `string` | `"atlantis_ssh_public_key"` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| vpc\_id | VPC ID for the ECS Cluster | `string` | n/a | yes | +| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| webhook\_events | A list of events which should trigger the webhook. | `list(string)` | 
[
  "issue_comment",
  "pull_request",
  "pull_request_review",
  "pull_request_review_comment",
  "push"
]
| no | +| webhook\_secret\_length | GitHub webhook secret length | `number` | `32` | no | ## Outputs | Name | Description | |------|-------------| -| alb_ingress_target_group_arn | ALB Target Group ARN | -| alb_ingress_target_group_arn_suffix | ALB Target Group ARN suffix | -| alb_ingress_target_group_name | ALB Target Group name | -| atlantis_ssh_public_key | Atlantis SSH Public Key | -| atlantis_url | The URL endpoint for the atlantis server | -| atlantis_webhook_url | atlantis webhook URL | -| codebuild_badge_url | The URL of the build badge when badge_enabled is enabled | -| codebuild_cache_bucket_arn | CodeBuild cache S3 bucket ARN | -| codebuild_cache_bucket_name | CodeBuild cache S3 bucket name | -| codebuild_project_id | CodeBuild project ID | -| codebuild_project_name | CodeBuild project name | -| codebuild_role_arn | CodeBuild IAM Role ARN | -| codebuild_role_id | CodeBuild IAM Role ID | -| codepipeline_arn | CodePipeline ARN | -| codepipeline_id | CodePipeline ID | -| codepipeline_webhook_id | The CodePipeline webhook's ID | -| codepipeline_webhook_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | -| container_definition_json | JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition | -| container_definition_json_map | JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition | -| ecr_registry_id | Registry ID | -| ecr_registry_url | Registry URL | -| ecr_repository_name | Registry name | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_arn | ECS CPU utilization high CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id | ECS CPU utilization high CloudWatch metric alarm ID | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_arn | ECS CPU utilization low CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id | ECS CPU utilization low CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_arn | ECS Memory utilization high CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id | ECS Memory utilization high CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_arn | ECS Memory utilization low CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id | ECS Memory utilization low CloudWatch metric alarm ID | -| ecs_cloudwatch_autoscaling_scale_down_policy_arn | ARN of the scale down policy | -| ecs_cloudwatch_autoscaling_scale_up_policy_arn | ARN of the scale up policy | -| ecs_exec_role_policy_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs_exec_role_policy_name | ECS service role name | -| ecs_service_name | ECS Service name | -| ecs_service_role_arn | ECS Service role ARN | -| ecs_service_security_group_id | Security Group ID of the ECS task | -| ecs_task_definition_family | ECS task definition family | -| ecs_task_definition_revision | ECS task definition revision | -| ecs_task_exec_role_arn | ECS Task exec role ARN | -| ecs_task_exec_role_name | ECS Task role name | -| ecs_task_role_arn | ECS Task role ARN | -| ecs_task_role_id | ECS Task role id | -| ecs_task_role_name | ECS Task role name | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_arn | ALB 5xx count CloudWatch metric alarm ARN | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_id | ALB 5xx count CloudWatch metric alarm ID | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_id | ALB Target Group 3xx count CloudWatch metric alarm ID | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_id | ALB Target Group 4xx count CloudWatch metric alarm ID | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_id | ALB Target Group 5xx count CloudWatch metric alarm ID | -| target_response_time_average_cloudwatch_metric_alarm_arn | ALB Target Group response time average CloudWatch metric alarm ARN | -| target_response_time_average_cloudwatch_metric_alarm_id | ALB Target Group response time average CloudWatch metric alarm ID | +| alb\_ingress\_target\_group\_arn | ALB Target Group ARN | +| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix | +| alb\_ingress\_target\_group\_name | ALB Target Group name | +| atlantis\_ssh\_public\_key | Atlantis SSH Public Key | +| atlantis\_url | The URL endpoint for the atlantis server | +| atlantis\_webhook\_url | atlantis webhook URL | +| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | +| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | +| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | +| codebuild\_project\_id | CodeBuild project ID | +| codebuild\_project\_name | CodeBuild project name | +| codebuild\_role\_arn | CodeBuild IAM Role ARN | +| codebuild\_role\_id | CodeBuild IAM Role ID | +| codepipeline\_arn | CodePipeline ARN | +| codepipeline\_id | CodePipeline ID | +| codepipeline\_webhook\_id | The CodePipeline webhook's ID | +| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| ecr\_registry\_id | Registry ID | +| ecr\_registry\_url | Registry URL | +| ecr\_repository\_name | Registry name | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID | +| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy | +| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy | +| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| ecs\_exec\_role\_policy\_name | ECS service role name | +| ecs\_service\_name | ECS Service name | +| ecs\_service\_role\_arn | ECS Service role ARN | +| ecs\_service\_security\_group\_id | Security Group ID of the ECS task | +| ecs\_task\_definition\_family | ECS task definition family | +| ecs\_task\_definition\_revision | ECS task definition revision | +| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN | +| ecs\_task\_exec\_role\_name | ECS Task role name | +| ecs\_task\_role\_arn | ECS Task role ARN | +| ecs\_task\_role\_id | ECS Task role id | +| ecs\_task\_role\_name | ECS Task role name | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID |