diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 41c1baa..bed3c96 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,4 +1,14 @@ # Use this file to define individuals or teams that are responsible for code in a repository. # Read more: +# +# Order is important: the last matching pattern takes the most precedence -* @cloudposse/engineering \ No newline at end of file +# These owners will be the default owners for everything +* @cloudposse/engineering @cloudposse/contributors + +# Cloud Posse must review any changes to Makefiles +**/Makefile @cloudposse/engineering +**/Makefile.* @cloudposse/engineering + +# Cloud Posse must review any changes to GitHub actions +.github/* @cloudposse/engineering diff --git a/README.md b/README.md index f8df284..56c44c2 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ [![Cloud Posse][logo]](https://cpco.io/homepage) -# terraform-aws-ecs-atlantis [![Codefresh Build Status](https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecs-atlantis?type=cf-1)](https://g.codefresh.io/public/accounts/cloudposse/pipelines/5dc082b14d7990012e651a3b) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecs-atlantis.svg)](https://github.com/cloudposse/terraform-aws-ecs-atlantis/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) +# terraform-aws-ecs-atlantis [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecs-atlantis.svg)](https://github.com/cloudposse/terraform-aws-ecs-atlantis/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) ![terraform-aws-ecs-atlantis](docs/logo.png) @@ -408,166 +408,184 @@ Available targets: lint Lint terraform code ``` +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | +| random | n/a | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alb_arn_suffix | The ARN suffix of the ALB | string | - | yes | -| alb_dns_name | DNS name of ALB | string | - | yes | -| alb_ingress_authenticated_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_authenticated_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_listener_authenticated_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | number | `100` | no | -| alb_ingress_listener_unauthenticated_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | number | `50` | no | -| alb_ingress_unauthenticated_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_unauthenticated_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_security_group | Security group of the ALB | string | - | yes | -| alb_target_group_alarms_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | bool | `false` | no | -| alb_target_group_alarms_insufficient_data_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT_DATA state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | list(string) | `` | no | -| alb_zone_id | The ID of the zone in which ALB is provisioned | string | - | yes | -| atlantis_gh_team_whitelist | Atlantis GitHub team whitelist | string | `` | no | -| atlantis_gh_user | Atlantis GitHub user | string | - | yes | -| atlantis_gh_webhook_secret | Atlantis GitHub webhook secret | string | `` | no | -| atlantis_log_level | Atlantis log level | string | `info` | no | -| atlantis_port | Atlantis container port | number | `4141` | no | -| atlantis_repo_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | string | `atlantis-repo-config.yaml` | no | -| atlantis_repo_whitelist | Whitelist of repositories Atlantis will accept webhooks from | list(string) | `` | no | -| atlantis_url_format | Template for the Atlantis URL which is populated with the hostname | string | `https://%s` | no | -| atlantis_wake_word | Wake world for atlantis | string | `atlantis` | no | -| atlantis_webhook_format | Template for the Atlantis webhook URL which is populated with the hostname | string | `https://%s/events` | no | -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no | -| authentication_cognito_user_pool_arn_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | string | `` | no | -| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no | -| authentication_cognito_user_pool_client_id_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | string | `` | no | -| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no | -| authentication_cognito_user_pool_domain_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | string | `` | no | -| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no | -| authentication_oidc_client_id | OIDC Client ID | string | `` | no | -| authentication_oidc_client_id_ssm_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | string | `` | no | -| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no | -| authentication_oidc_client_secret_ssm_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | string | `` | no | -| authentication_oidc_issuer | OIDC Issuer | string | `` | no | -| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no | -| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no | -| authentication_type | Authentication type. Supported values are `COGNITO` and `OIDC` | string | `` | no | -| autoscaling_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | bool | `false` | no | -| autoscaling_max_capacity | Atlantis maximum tasks to run | number | `1` | no | -| autoscaling_min_capacity | Atlantis minimum tasks to run | number | `1` | no | -| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | string | `master` | no | -| build_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | number | `10` | no | -| chamber_format | Format to store parameters in SSM, for consumption with chamber | string | `/%s/%s` | no | -| chamber_service | SSM parameter service name for use with chamber. This is used in chamber_format where /$chamber_service/$parameter would be the default. | string | `atlantis` | no | -| codepipeline_enabled | A boolean to enable/disable AWS Codepipeline and ECR | bool | `false` | no | -| codepipeline_s3_bucket_force_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | bool | `false` | no | -| container_cpu | Atlantis CPUs per task | number | `256` | no | -| container_memory | Atlantis memory per task | number | `512` | no | -| default_backend_image | ECS default (bootstrap) image | string | `cloudposse/default-backend:0.1.2` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| desired_count | Atlantis desired number of tasks | number | `1` | no | -| ecs_alarms_cpu_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | list(string) | `` | no | -| ecs_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | bool | `false` | no | -| ecs_alarms_memory_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | list(string) | `` | no | -| ecs_cluster_arn | ARN of the ECS cluster to deploy Atlantis | string | - | yes | -| ecs_cluster_name | Name of the ECS cluster to deploy Atlantis | string | - | yes | -| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | bool | `false` | no | -| github_oauth_token | GitHub OAuth token. If not provided the token is looked up from SSM | string | `` | no | -| github_oauth_token_ssm_name | SSM param name to lookup `github_oauth_token` if not provided | string | `` | no | -| github_webhooks_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | string | `` | no | -| github_webhooks_token_ssm_name | SSM param name to lookup `github_webhooks_token` if not provided | string | `` | no | -| healthcheck_path | Healthcheck path | string | `/healthz` | no | -| hostname | Atlantis URL | string | `` | no | -| kms_key_id | KMS key ID used to encrypt SSM SecureString parameters | string | `` | no | -| launch_type | The ECS launch type (valid options: FARGATE or EC2) | string | `FARGATE` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| overwrite_ssm_parameter | Whether to overwrite an existing SSM parameter | bool | `true` | no | -| parent_zone_id | The zone ID where the DNS record for the `short_name` will be written | string | `` | no | -| policy_arn | Permission to grant to atlantis server | string | `arn:aws:iam::aws:policy/AdministratorAccess` | no | -| private_subnet_ids | The private subnet IDs | list(string) | `` | no | -| region | AWS Region for S3 bucket | string | - | yes | -| repo_name | GitHub repository name of the atlantis to be built and deployed to ECS. | string | - | yes | -| repo_owner | GitHub organization containing the Atlantis repository | string | - | yes | -| security_group_ids | Additional Security Group IDs to allow into ECS Service. | list(string) | `` | no | -| short_name | Alantis short DNS name (e.g. `atlantis`) | string | `atlantis` | no | -| ssh_private_key_name | Atlantis SSH private key name | string | `atlantis_ssh_private_key` | no | -| ssh_public_key_name | Atlantis SSH public key name | string | `atlantis_ssh_public_key` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| vpc_id | VPC ID for the ECS Cluster | string | - | yes | -| webhook_enabled | Set to false to prevent the module from creating any webhook resources | bool | `true` | no | -| webhook_events | A list of events which should trigger the webhook. | list(string) | `` | no | -| webhook_secret_length | GitHub webhook secret length | number | `32` | no | +|------|-------------|------|---------|:--------:| +| alb\_arn\_suffix | The ARN suffix of the ALB | `string` | n/a | yes | +| alb\_dns\_name | DNS name of ALB | `string` | n/a | yes | +| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/*"
]
| no | +| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no | +| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `50` | no | +| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/events"
]
| no | +| alb\_security\_group | Security group of the ALB | `string` | n/a | yes | +| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | +| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | `list(string)` | `[]` | no | +| alb\_zone\_id | The ID of the zone in which ALB is provisioned | `string` | n/a | yes | +| atlantis\_gh\_team\_whitelist | Atlantis GitHub team whitelist | `string` | `""` | no | +| atlantis\_gh\_user | Atlantis GitHub user | `string` | n/a | yes | +| atlantis\_gh\_webhook\_secret | Atlantis GitHub webhook secret | `string` | `""` | no | +| atlantis\_log\_level | Atlantis log level | `string` | `"info"` | no | +| atlantis\_port | Atlantis container port | `number` | `4141` | no | +| atlantis\_repo\_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | `string` | `"atlantis-repo-config.yaml"` | no | +| atlantis\_repo\_whitelist | Whitelist of repositories Atlantis will accept webhooks from | `list(string)` | `[]` | no | +| atlantis\_url\_format | Template for the Atlantis URL which is populated with the hostname | `string` | `"https://%s"` | no | +| atlantis\_wake\_word | Wake world for atlantis | `string` | `"atlantis"` | no | +| atlantis\_webhook\_format | Template for the Atlantis webhook URL which is populated with the hostname | `string` | `"https://%s/events"` | no | +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_arn\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | `string` | `""` | no | +| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | +| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | +| authentication\_oidc\_client\_id\_ssm\_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | `string` | `""` | no | +| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | +| authentication\_oidc\_client\_secret\_ssm\_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | `string` | `""` | no | +| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | +| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | +| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | +| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | +| autoscaling\_max\_capacity | Atlantis maximum tasks to run | `number` | `1` | no | +| autoscaling\_min\_capacity | Atlantis minimum tasks to run | `number` | `1` | no | +| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | `string` | `"master"` | no | +| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | `number` | `10` | no | +| chamber\_format | Format to store parameters in SSM, for consumption with chamber | `string` | `"/%s/%s"` | no | +| chamber\_service | SSM parameter service name for use with chamber. This is used in chamber\_format where /$chamber\_service/$parameter would be the default. | `string` | `"atlantis"` | no | +| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `false` | no | +| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| container\_cpu | Atlantis CPUs per task | `number` | `256` | no | +| container\_memory | Atlantis memory per task | `number` | `512` | no | +| default\_backend\_image | ECS default (bootstrap) image | `string` | `"cloudposse/default-backend:0.1.2"` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| desired\_count | Atlantis desired number of tasks | `number` | `1` | no | +| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | +| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_cluster\_arn | ARN of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| ecs\_cluster\_name | Name of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | `bool` | `false` | no | +| github\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_token`) | `bool` | `false` | no | +| github\_oauth\_token | GitHub OAuth token. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_oauth\_token\_ssm\_name | SSM param name to lookup `github_oauth_token` if not provided | `string` | `""` | no | +| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_webhooks\_token\_ssm\_name | SSM param name to lookup `github_webhooks_token` if not provided | `string` | `""` | no | +| healthcheck\_path | Healthcheck path | `string` | `"/healthz"` | no | +| hostname | Atlantis URL | `string` | `""` | no | +| kms\_key\_id | KMS key ID used to encrypt SSM SecureString parameters | `string` | `""` | no | +| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| overwrite\_ssm\_parameter | Whether to overwrite an existing SSM parameter | `bool` | `true` | no | +| parent\_zone\_id | The zone ID where the DNS record for the `short_name` will be written | `string` | `""` | no | +| policy\_arn | Permission to grant to atlantis server | `string` | `"arn:aws:iam::aws:policy/AdministratorAccess"` | no | +| private\_subnet\_ids | The private subnet IDs | `list(string)` | `[]` | no | +| region | AWS Region for S3 bucket | `string` | n/a | yes | +| repo\_name | GitHub repository name of the atlantis to be built and deployed to ECS. | `string` | n/a | yes | +| repo\_owner | GitHub organization containing the Atlantis repository | `string` | n/a | yes | +| security\_group\_ids | Additional Security Group IDs to allow into ECS Service. | `list(string)` | `[]` | no | +| short\_name | Alantis short DNS name (e.g. `atlantis`) | `string` | `"atlantis"` | no | +| ssh\_private\_key\_name | Atlantis SSH private key name | `string` | `"atlantis_ssh_private_key"` | no | +| ssh\_public\_key\_name | Atlantis SSH public key name | `string` | `"atlantis_ssh_public_key"` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| vpc\_id | VPC ID for the ECS Cluster | `string` | n/a | yes | +| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| webhook\_events | A list of events which should trigger the webhook. | `list(string)` | 
[
  "issue_comment",
  "pull_request",
  "pull_request_review",
  "pull_request_review_comment",
  "push"
]
| no | +| webhook\_secret\_length | GitHub webhook secret length | `number` | `32` | no | ## Outputs | Name | Description | |------|-------------| -| alb_ingress_target_group_arn | ALB Target Group ARN | -| alb_ingress_target_group_arn_suffix | ALB Target Group ARN suffix | -| alb_ingress_target_group_name | ALB Target Group name | -| atlantis_ssh_public_key | Atlantis SSH Public Key | -| atlantis_url | The URL endpoint for the atlantis server | -| atlantis_webhook_url | atlantis webhook URL | -| codebuild_badge_url | The URL of the build badge when badge_enabled is enabled | -| codebuild_cache_bucket_arn | CodeBuild cache S3 bucket ARN | -| codebuild_cache_bucket_name | CodeBuild cache S3 bucket name | -| codebuild_project_id | CodeBuild project ID | -| codebuild_project_name | CodeBuild project name | -| codebuild_role_arn | CodeBuild IAM Role ARN | -| codebuild_role_id | CodeBuild IAM Role ID | -| codepipeline_arn | CodePipeline ARN | -| codepipeline_id | CodePipeline ID | -| codepipeline_webhook_id | The CodePipeline webhook's ID | -| codepipeline_webhook_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | -| container_definition_json | JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition | -| container_definition_json_map | JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition | -| ecr_registry_id | Registry ID | -| ecr_registry_url | Registry URL | -| ecr_repository_name | Registry name | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_arn | ECS CPU utilization high CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id | ECS CPU utilization high CloudWatch metric alarm ID | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_arn | ECS CPU utilization low CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id | ECS CPU utilization low CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_arn | ECS Memory utilization high CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id | ECS Memory utilization high CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_arn | ECS Memory utilization low CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id | ECS Memory utilization low CloudWatch metric alarm ID | -| ecs_cloudwatch_autoscaling_scale_down_policy_arn | ARN of the scale down policy | -| ecs_cloudwatch_autoscaling_scale_up_policy_arn | ARN of the scale up policy | -| ecs_exec_role_policy_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs_exec_role_policy_name | ECS service role name | -| ecs_service_name | ECS Service name | -| ecs_service_role_arn | ECS Service role ARN | -| ecs_service_security_group_id | Security Group ID of the ECS task | -| ecs_task_definition_family | ECS task definition family | -| ecs_task_definition_revision | ECS task definition revision | -| ecs_task_exec_role_arn | ECS Task exec role ARN | -| ecs_task_exec_role_name | ECS Task role name | -| ecs_task_role_arn | ECS Task role ARN | -| ecs_task_role_id | ECS Task role id | -| ecs_task_role_name | ECS Task role name | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_arn | ALB 5xx count CloudWatch metric alarm ARN | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_id | ALB 5xx count CloudWatch metric alarm ID | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_id | ALB Target Group 3xx count CloudWatch metric alarm ID | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_id | ALB Target Group 4xx count CloudWatch metric alarm ID | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_id | ALB Target Group 5xx count CloudWatch metric alarm ID | -| target_response_time_average_cloudwatch_metric_alarm_arn | ALB Target Group response time average CloudWatch metric alarm ARN | -| target_response_time_average_cloudwatch_metric_alarm_id | ALB Target Group response time average CloudWatch metric alarm ID | +| alb\_ingress\_target\_group\_arn | ALB Target Group ARN | +| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix | +| alb\_ingress\_target\_group\_name | ALB Target Group name | +| atlantis\_ssh\_public\_key | Atlantis SSH Public Key | +| atlantis\_url | The URL endpoint for the atlantis server | +| atlantis\_webhook\_url | atlantis webhook URL | +| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | +| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | +| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | +| codebuild\_project\_id | CodeBuild project ID | +| codebuild\_project\_name | CodeBuild project name | +| codebuild\_role\_arn | CodeBuild IAM Role ARN | +| codebuild\_role\_id | CodeBuild IAM Role ID | +| codepipeline\_arn | CodePipeline ARN | +| codepipeline\_id | CodePipeline ID | +| codepipeline\_webhook\_id | The CodePipeline webhook's ID | +| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| ecr\_registry\_id | Registry ID | +| ecr\_repository\_name | Repository name | +| ecr\_repository\_url | Repository URL | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID | +| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy | +| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy | +| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| ecs\_exec\_role\_policy\_name | ECS service role name | +| ecs\_service\_name | ECS Service name | +| ecs\_service\_role\_arn | ECS Service role ARN | +| ecs\_service\_security\_group\_id | Security Group ID of the ECS task | +| ecs\_task\_definition\_family | ECS task definition family | +| ecs\_task\_definition\_revision | ECS task definition revision | +| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN | +| ecs\_task\_exec\_role\_name | ECS Task role name | +| ecs\_task\_role\_arn | ECS Task role ARN | +| ecs\_task\_role\_id | ECS Task role id | +| ecs\_task\_role\_name | ECS Task role name | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID | diff --git a/README.yaml b/README.yaml index a6653a7..69158e3 100644 --- a/README.yaml +++ b/README.yaml @@ -24,9 +24,6 @@ screenshots: # Badges to display badges: - - name: "Codefresh Build Status" - image: "https://g.codefresh.io/api/badges/pipeline/cloudposse/terraform-modules%2Fterraform-aws-ecs-atlantis?type=cf-1" - url: "https://g.codefresh.io/public/accounts/cloudposse/pipelines/5dc082b14d7990012e651a3b" - name: "Latest Release" image: "https://img.shields.io/github/release/cloudposse/terraform-aws-ecs-atlantis.svg" url: "https://github.com/cloudposse/terraform-aws-ecs-atlantis/releases/latest" diff --git a/docs/terraform.md b/docs/terraform.md index 0583d16..a65a0e1 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,161 +1,179 @@ +## Requirements + +| Name | Version | +|------|---------| +| terraform | ~> 0.12.0 | +| aws | ~> 2.0 | +| local | ~> 1.3 | +| null | ~> 2.0 | +| template | ~> 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| aws | ~> 2.0 | +| random | n/a | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| alb_arn_suffix | The ARN suffix of the ALB | string | - | yes | -| alb_dns_name | DNS name of ALB | string | - | yes | -| alb_ingress_authenticated_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_authenticated_listener_arns_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_authenticated_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_listener_authenticated_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | number | `100` | no | -| alb_ingress_listener_unauthenticated_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | number | `50` | no | -| alb_ingress_unauthenticated_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | list(string) | `` | no | -| alb_ingress_unauthenticated_listener_arns_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | number | `0` | no | -| alb_ingress_unauthenticated_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | list(string) | `` | no | -| alb_security_group | Security group of the ALB | string | - | yes | -| alb_target_group_alarms_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | bool | `false` | no | -| alb_target_group_alarms_insufficient_data_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT_DATA state from any other state. | list(string) | `` | no | -| alb_target_group_alarms_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | list(string) | `` | no | -| alb_zone_id | The ID of the zone in which ALB is provisioned | string | - | yes | -| atlantis_gh_team_whitelist | Atlantis GitHub team whitelist | string | `` | no | -| atlantis_gh_user | Atlantis GitHub user | string | - | yes | -| atlantis_gh_webhook_secret | Atlantis GitHub webhook secret | string | `` | no | -| atlantis_log_level | Atlantis log level | string | `info` | no | -| atlantis_port | Atlantis container port | number | `4141` | no | -| atlantis_repo_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | string | `atlantis-repo-config.yaml` | no | -| atlantis_repo_whitelist | Whitelist of repositories Atlantis will accept webhooks from | list(string) | `` | no | -| atlantis_url_format | Template for the Atlantis URL which is populated with the hostname | string | `https://%s` | no | -| atlantis_wake_word | Wake world for atlantis | string | `atlantis` | no | -| atlantis_webhook_format | Template for the Atlantis webhook URL which is populated with the hostname | string | `https://%s/events` | no | -| attributes | Additional attributes (_e.g._ "1") | list(string) | `` | no | -| authentication_cognito_user_pool_arn | Cognito User Pool ARN | string | `` | no | -| authentication_cognito_user_pool_arn_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | string | `` | no | -| authentication_cognito_user_pool_client_id | Cognito User Pool Client ID | string | `` | no | -| authentication_cognito_user_pool_client_id_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | string | `` | no | -| authentication_cognito_user_pool_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | string | `` | no | -| authentication_cognito_user_pool_domain_ssm_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | string | `` | no | -| authentication_oidc_authorization_endpoint | OIDC Authorization Endpoint | string | `` | no | -| authentication_oidc_client_id | OIDC Client ID | string | `` | no | -| authentication_oidc_client_id_ssm_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | string | `` | no | -| authentication_oidc_client_secret | OIDC Client Secret | string | `` | no | -| authentication_oidc_client_secret_ssm_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | string | `` | no | -| authentication_oidc_issuer | OIDC Issuer | string | `` | no | -| authentication_oidc_token_endpoint | OIDC Token Endpoint | string | `` | no | -| authentication_oidc_user_info_endpoint | OIDC User Info Endpoint | string | `` | no | -| authentication_type | Authentication type. Supported values are `COGNITO` and `OIDC` | string | `` | no | -| autoscaling_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | bool | `false` | no | -| autoscaling_max_capacity | Atlantis maximum tasks to run | number | `1` | no | -| autoscaling_min_capacity | Atlantis minimum tasks to run | number | `1` | no | -| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | string | `master` | no | -| build_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | number | `10` | no | -| chamber_format | Format to store parameters in SSM, for consumption with chamber | string | `/%s/%s` | no | -| chamber_service | SSM parameter service name for use with chamber. This is used in chamber_format where /$chamber_service/$parameter would be the default. | string | `atlantis` | no | -| codepipeline_enabled | A boolean to enable/disable AWS Codepipeline and ECR | bool | `false` | no | -| codepipeline_s3_bucket_force_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | bool | `false` | no | -| container_cpu | Atlantis CPUs per task | number | `256` | no | -| container_memory | Atlantis memory per task | number | `512` | no | -| default_backend_image | ECS default (bootstrap) image | string | `cloudposse/default-backend:0.1.2` | no | -| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | string | `-` | no | -| desired_count | Atlantis desired number of tasks | number | `1` | no | -| ecs_alarms_cpu_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_cpu_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | list(string) | `` | no | -| ecs_alarms_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | bool | `false` | no | -| ecs_alarms_memory_utilization_high_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_high_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_alarm_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | list(string) | `` | no | -| ecs_alarms_memory_utilization_low_ok_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | list(string) | `` | no | -| ecs_cluster_arn | ARN of the ECS cluster to deploy Atlantis | string | - | yes | -| ecs_cluster_name | Name of the ECS cluster to deploy Atlantis | string | - | yes | -| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | bool | `false` | no | -| github_oauth_token | GitHub OAuth token. If not provided the token is looked up from SSM | string | `` | no | -| github_oauth_token_ssm_name | SSM param name to lookup `github_oauth_token` if not provided | string | `` | no | -| github_webhooks_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | string | `` | no | -| github_webhooks_token_ssm_name | SSM param name to lookup `github_webhooks_token` if not provided | string | `` | no | -| healthcheck_path | Healthcheck path | string | `/healthz` | no | -| hostname | Atlantis URL | string | `` | no | -| kms_key_id | KMS key ID used to encrypt SSM SecureString parameters | string | `` | no | -| launch_type | The ECS launch type (valid options: FARGATE or EC2) | string | `FARGATE` | no | -| name | Name of the application | string | - | yes | -| namespace | Namespace (e.g. `eg` or `cp`) | string | `` | no | -| overwrite_ssm_parameter | Whether to overwrite an existing SSM parameter | bool | `true` | no | -| parent_zone_id | The zone ID where the DNS record for the `short_name` will be written | string | `` | no | -| policy_arn | Permission to grant to atlantis server | string | `arn:aws:iam::aws:policy/AdministratorAccess` | no | -| private_subnet_ids | The private subnet IDs | list(string) | `` | no | -| region | AWS Region for S3 bucket | string | - | yes | -| repo_name | GitHub repository name of the atlantis to be built and deployed to ECS. | string | - | yes | -| repo_owner | GitHub organization containing the Atlantis repository | string | - | yes | -| security_group_ids | Additional Security Group IDs to allow into ECS Service. | list(string) | `` | no | -| short_name | Alantis short DNS name (e.g. `atlantis`) | string | `atlantis` | no | -| ssh_private_key_name | Atlantis SSH private key name | string | `atlantis_ssh_private_key` | no | -| ssh_public_key_name | Atlantis SSH public key name | string | `atlantis_ssh_public_key` | no | -| stage | Stage (e.g. `prod`, `dev`, `staging`) | string | `` | no | -| tags | Additional tags (_e.g._ { BusinessUnit : ABC }) | map(string) | `` | no | -| vpc_id | VPC ID for the ECS Cluster | string | - | yes | -| webhook_enabled | Set to false to prevent the module from creating any webhook resources | bool | `true` | no | -| webhook_events | A list of events which should trigger the webhook. | list(string) | `` | no | -| webhook_secret_length | GitHub webhook secret length | number | `32` | no | +|------|-------------|------|---------|:--------:| +| alb\_arn\_suffix | The ARN suffix of the ALB | `string` | n/a | yes | +| alb\_dns\_name | DNS name of ALB | `string` | n/a | yes | +| alb\_ingress\_authenticated\_hosts | Authenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns | A list of authenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_authenticated\_listener\_arns\_count | The number of authenticated ARNs in `alb_ingress_authenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_authenticated\_paths | Authenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/*"
]
| no | +| alb\_ingress\_listener\_authenticated\_priority | The priority for the rules with authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_unauthenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `100` | no | +| alb\_ingress\_listener\_unauthenticated\_priority | The priority for the rules without authentication, between 1 and 50000 (1 being highest priority). Must be different from `alb_ingress_listener_authenticated_priority` since a listener can't have multiple rules with the same priority | `number` | `50` | no | +| alb\_ingress\_unauthenticated\_hosts | Unauthenticated hosts to match in Hosts header (a maximum of 1 can be defined) | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns | A list of unauthenticated ALB listener ARNs to attach ALB listener rules to | `list(string)` | `[]` | no | +| alb\_ingress\_unauthenticated\_listener\_arns\_count | The number of unauthenticated ARNs in `alb_ingress_unauthenticated_listener_arns`. This is necessary to work around a limitation in Terraform where counts cannot be computed | `number` | `0` | no | +| alb\_ingress\_unauthenticated\_paths | Unauthenticated path pattern to match (a maximum of 1 can be defined) | `list(string)` | 
[
  "/events"
]
| no | +| alb\_security\_group | Security group of the ALB | `string` | n/a | yes | +| alb\_target\_group\_alarms\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an ALARM state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ALB Target metrics | `bool` | `false` | no | +| alb\_target\_group\_alarms\_insufficient\_data\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an INSUFFICIENT\_DATA state from any other state. | `list(string)` | `[]` | no | +| alb\_target\_group\_alarms\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to execute when ALB Target Group alarms transition into an OK state from any other state. | `list(string)` | `[]` | no | +| alb\_zone\_id | The ID of the zone in which ALB is provisioned | `string` | n/a | yes | +| atlantis\_gh\_team\_whitelist | Atlantis GitHub team whitelist | `string` | `""` | no | +| atlantis\_gh\_user | Atlantis GitHub user | `string` | n/a | yes | +| atlantis\_gh\_webhook\_secret | Atlantis GitHub webhook secret | `string` | `""` | no | +| atlantis\_log\_level | Atlantis log level | `string` | `"info"` | no | +| atlantis\_port | Atlantis container port | `number` | `4141` | no | +| atlantis\_repo\_config | Path to atlantis server-side repo config file (https://www.runatlantis.io/docs/server-side-repo-config.html) | `string` | `"atlantis-repo-config.yaml"` | no | +| atlantis\_repo\_whitelist | Whitelist of repositories Atlantis will accept webhooks from | `list(string)` | `[]` | no | +| atlantis\_url\_format | Template for the Atlantis URL which is populated with the hostname | `string` | `"https://%s"` | no | +| atlantis\_wake\_word | Wake world for atlantis | `string` | `"atlantis"` | no | +| atlantis\_webhook\_format | Template for the Atlantis webhook URL which is populated with the hostname | `string` | `"https://%s/events"` | no | +| attributes | Additional attributes (\_e.g.\_ "1") | `list(string)` | `[]` | no | +| authentication\_cognito\_user\_pool\_arn | Cognito User Pool ARN | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_arn\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_arn` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id | Cognito User Pool Client ID | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_client\_id\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_client_id` if not provided | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain | Cognito User Pool Domain. The User Pool Domain should be set to the domain prefix (`xxx`) instead of full domain (https://xxx.auth.us-west-2.amazoncognito.com) | `string` | `""` | no | +| authentication\_cognito\_user\_pool\_domain\_ssm\_name | SSM param name to lookup `authentication_cognito_user_pool_domain` if not provided | `string` | `""` | no | +| authentication\_oidc\_authorization\_endpoint | OIDC Authorization Endpoint | `string` | `""` | no | +| authentication\_oidc\_client\_id | OIDC Client ID | `string` | `""` | no | +| authentication\_oidc\_client\_id\_ssm\_name | SSM param name to lookup `authentication_oidc_client_id` if not provided | `string` | `""` | no | +| authentication\_oidc\_client\_secret | OIDC Client Secret | `string` | `""` | no | +| authentication\_oidc\_client\_secret\_ssm\_name | SSM param name to lookup `authentication_oidc_client_secret` if not provided | `string` | `""` | no | +| authentication\_oidc\_issuer | OIDC Issuer | `string` | `""` | no | +| authentication\_oidc\_token\_endpoint | OIDC Token Endpoint | `string` | `""` | no | +| authentication\_oidc\_user\_info\_endpoint | OIDC User Info Endpoint | `string` | `""` | no | +| authentication\_type | Authentication type. Supported values are `COGNITO` and `OIDC` | `string` | `""` | no | +| autoscaling\_enabled | A boolean to enable/disable Autoscaling policy for ECS Service | `bool` | `false` | no | +| autoscaling\_max\_capacity | Atlantis maximum tasks to run | `number` | `1` | no | +| autoscaling\_min\_capacity | Atlantis minimum tasks to run | `number` | `1` | no | +| branch | Atlantis branch of the GitHub repository, _e.g._ `master` | `string` | `"master"` | no | +| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. | `number` | `10` | no | +| chamber\_format | Format to store parameters in SSM, for consumption with chamber | `string` | `"/%s/%s"` | no | +| chamber\_service | SSM parameter service name for use with chamber. This is used in chamber\_format where /$chamber\_service/$parameter would be the default. | `string` | `"atlantis"` | no | +| codepipeline\_enabled | A boolean to enable/disable AWS Codepipeline and ECR | `bool` | `false` | no | +| codepipeline\_s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| container\_cpu | Atlantis CPUs per task | `number` | `256` | no | +| container\_memory | Atlantis memory per task | `number` | `512` | no | +| default\_backend\_image | ECS default (bootstrap) image | `string` | `"cloudposse/default-backend:0.1.2"` | no | +| delimiter | Delimiter between `namespace`, `stage`, `name` and `attributes` | `string` | `"-"` | no | +| desired\_count | Atlantis desired number of tasks | `number` | `1` | no | +| ecs\_alarms\_cpu\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_cpu\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on CPU Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_enabled | A boolean to enable/disable CloudWatch Alarms for ECS Service metrics | `bool` | `false` | no | +| ecs\_alarms\_memory\_utilization\_high\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_high\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization High OK action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_alarm\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low Alarm action | `list(string)` | `[]` | no | +| ecs\_alarms\_memory\_utilization\_low\_ok\_actions | A list of ARNs (i.e. SNS Topic ARN) to notify on Memory Utilization Low OK action | `list(string)` | `[]` | no | +| ecs\_cluster\_arn | ARN of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| ecs\_cluster\_name | Name of the ECS cluster to deploy Atlantis | `string` | n/a | yes | +| enabled | Whether to create the resources. Set to `false` to prevent the module from creating any resources | `bool` | `false` | no | +| github\_anonymous | Github Anonymous API (if `true`, token must not be set as GITHUB\_TOKEN or `github_token`) | `bool` | `false` | no | +| github\_oauth\_token | GitHub OAuth token. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_oauth\_token\_ssm\_name | SSM param name to lookup `github_oauth_token` if not provided | `string` | `""` | no | +| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM | `string` | `""` | no | +| github\_webhooks\_token\_ssm\_name | SSM param name to lookup `github_webhooks_token` if not provided | `string` | `""` | no | +| healthcheck\_path | Healthcheck path | `string` | `"/healthz"` | no | +| hostname | Atlantis URL | `string` | `""` | no | +| kms\_key\_id | KMS key ID used to encrypt SSM SecureString parameters | `string` | `""` | no | +| launch\_type | The ECS launch type (valid options: FARGATE or EC2) | `string` | `"FARGATE"` | no | +| name | Name of the application | `string` | n/a | yes | +| namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no | +| overwrite\_ssm\_parameter | Whether to overwrite an existing SSM parameter | `bool` | `true` | no | +| parent\_zone\_id | The zone ID where the DNS record for the `short_name` will be written | `string` | `""` | no | +| policy\_arn | Permission to grant to atlantis server | `string` | `"arn:aws:iam::aws:policy/AdministratorAccess"` | no | +| private\_subnet\_ids | The private subnet IDs | `list(string)` | `[]` | no | +| region | AWS Region for S3 bucket | `string` | n/a | yes | +| repo\_name | GitHub repository name of the atlantis to be built and deployed to ECS. | `string` | n/a | yes | +| repo\_owner | GitHub organization containing the Atlantis repository | `string` | n/a | yes | +| security\_group\_ids | Additional Security Group IDs to allow into ECS Service. | `list(string)` | `[]` | no | +| short\_name | Alantis short DNS name (e.g. `atlantis`) | `string` | `"atlantis"` | no | +| ssh\_private\_key\_name | Atlantis SSH private key name | `string` | `"atlantis_ssh_private_key"` | no | +| ssh\_public\_key\_name | Atlantis SSH public key name | `string` | `"atlantis_ssh_public_key"` | no | +| stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | `""` | no | +| tags | Additional tags (\_e.g.\_ { BusinessUnit : ABC }) | `map(string)` | `{}` | no | +| vpc\_id | VPC ID for the ECS Cluster | `string` | n/a | yes | +| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| webhook\_events | A list of events which should trigger the webhook. | `list(string)` | 
[
  "issue_comment",
  "pull_request",
  "pull_request_review",
  "pull_request_review_comment",
  "push"
]
| no | +| webhook\_secret\_length | GitHub webhook secret length | `number` | `32` | no | ## Outputs | Name | Description | |------|-------------| -| alb_ingress_target_group_arn | ALB Target Group ARN | -| alb_ingress_target_group_arn_suffix | ALB Target Group ARN suffix | -| alb_ingress_target_group_name | ALB Target Group name | -| atlantis_ssh_public_key | Atlantis SSH Public Key | -| atlantis_url | The URL endpoint for the atlantis server | -| atlantis_webhook_url | atlantis webhook URL | -| codebuild_badge_url | The URL of the build badge when badge_enabled is enabled | -| codebuild_cache_bucket_arn | CodeBuild cache S3 bucket ARN | -| codebuild_cache_bucket_name | CodeBuild cache S3 bucket name | -| codebuild_project_id | CodeBuild project ID | -| codebuild_project_name | CodeBuild project name | -| codebuild_role_arn | CodeBuild IAM Role ARN | -| codebuild_role_id | CodeBuild IAM Role ID | -| codepipeline_arn | CodePipeline ARN | -| codepipeline_id | CodePipeline ID | -| codepipeline_webhook_id | The CodePipeline webhook's ID | -| codepipeline_webhook_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | -| container_definition_json | JSON encoded list of container definitions for use with other terraform resources such as aws_ecs_task_definition | -| container_definition_json_map | JSON encoded container definitions for use with other terraform resources such as aws_ecs_task_definition | -| ecr_registry_id | Registry ID | -| ecr_registry_url | Registry URL | -| ecr_repository_name | Registry name | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_arn | ECS CPU utilization high CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id | ECS CPU utilization high CloudWatch metric alarm ID | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_arn | ECS CPU utilization low CloudWatch metric alarm ARN | -| ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id | ECS CPU utilization low CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_arn | ECS Memory utilization high CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id | ECS Memory utilization high CloudWatch metric alarm ID | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_arn | ECS Memory utilization low CloudWatch metric alarm ARN | -| ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id | ECS Memory utilization low CloudWatch metric alarm ID | -| ecs_cloudwatch_autoscaling_scale_down_policy_arn | ARN of the scale down policy | -| ecs_cloudwatch_autoscaling_scale_up_policy_arn | ARN of the scale up policy | -| ecs_exec_role_policy_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | -| ecs_exec_role_policy_name | ECS service role name | -| ecs_service_name | ECS Service name | -| ecs_service_role_arn | ECS Service role ARN | -| ecs_service_security_group_id | Security Group ID of the ECS task | -| ecs_task_definition_family | ECS task definition family | -| ecs_task_definition_revision | ECS task definition revision | -| ecs_task_exec_role_arn | ECS Task exec role ARN | -| ecs_task_exec_role_name | ECS Task role name | -| ecs_task_role_arn | ECS Task role ARN | -| ecs_task_role_id | ECS Task role id | -| ecs_task_role_name | ECS Task role name | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_arn | ALB 5xx count CloudWatch metric alarm ARN | -| httpcode_elb_5xx_count_cloudwatch_metric_alarm_id | ALB 5xx count CloudWatch metric alarm ID | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | -| httpcode_target_3xx_count_cloudwatch_metric_alarm_id | ALB Target Group 3xx count CloudWatch metric alarm ID | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | -| httpcode_target_4xx_count_cloudwatch_metric_alarm_id | ALB Target Group 4xx count CloudWatch metric alarm ID | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | -| httpcode_target_5xx_count_cloudwatch_metric_alarm_id | ALB Target Group 5xx count CloudWatch metric alarm ID | -| target_response_time_average_cloudwatch_metric_alarm_arn | ALB Target Group response time average CloudWatch metric alarm ARN | -| target_response_time_average_cloudwatch_metric_alarm_id | ALB Target Group response time average CloudWatch metric alarm ID | +| alb\_ingress\_target\_group\_arn | ALB Target Group ARN | +| alb\_ingress\_target\_group\_arn\_suffix | ALB Target Group ARN suffix | +| alb\_ingress\_target\_group\_name | ALB Target Group name | +| atlantis\_ssh\_public\_key | Atlantis SSH Public Key | +| atlantis\_url | The URL endpoint for the atlantis server | +| atlantis\_webhook\_url | atlantis webhook URL | +| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | +| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | +| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | +| codebuild\_project\_id | CodeBuild project ID | +| codebuild\_project\_name | CodeBuild project name | +| codebuild\_role\_arn | CodeBuild IAM Role ARN | +| codebuild\_role\_id | CodeBuild IAM Role ID | +| codepipeline\_arn | CodePipeline ARN | +| codepipeline\_id | CodePipeline ID | +| codepipeline\_webhook\_id | The CodePipeline webhook's ID | +| codepipeline\_webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| container\_definition\_json | JSON encoded list of container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| container\_definition\_json\_map | JSON encoded container definitions for use with other terraform resources such as aws\_ecs\_task\_definition | +| ecr\_registry\_id | Registry ID | +| ecr\_repository\_name | Repository name | +| ecr\_repository\_url | Repository URL | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS CPU utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_cpu\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS CPU utilization low CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization high CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_high\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization high CloudWatch metric alarm ID | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_arn | ECS Memory utilization low CloudWatch metric alarm ARN | +| ecs\_alarms\_memory\_utilization\_low\_cloudwatch\_metric\_alarm\_id | ECS Memory utilization low CloudWatch metric alarm ID | +| ecs\_cloudwatch\_autoscaling\_scale\_down\_policy\_arn | ARN of the scale down policy | +| ecs\_cloudwatch\_autoscaling\_scale\_up\_policy\_arn | ARN of the scale up policy | +| ecs\_exec\_role\_policy\_id | The ECS service role policy ID, in the form of `role_name:role_policy_name` | +| ecs\_exec\_role\_policy\_name | ECS service role name | +| ecs\_service\_name | ECS Service name | +| ecs\_service\_role\_arn | ECS Service role ARN | +| ecs\_service\_security\_group\_id | Security Group ID of the ECS task | +| ecs\_task\_definition\_family | ECS task definition family | +| ecs\_task\_definition\_revision | ECS task definition revision | +| ecs\_task\_exec\_role\_arn | ECS Task exec role ARN | +| ecs\_task\_exec\_role\_name | ECS Task role name | +| ecs\_task\_role\_arn | ECS Task role ARN | +| ecs\_task\_role\_id | ECS Task role id | +| ecs\_task\_role\_name | ECS Task role name | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB 5xx count CloudWatch metric alarm ARN | +| httpcode\_elb\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB 5xx count CloudWatch metric alarm ID | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 3xx count CloudWatch metric alarm ARN | +| httpcode\_target\_3xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 3xx count CloudWatch metric alarm ID | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 4xx count CloudWatch metric alarm ARN | +| httpcode\_target\_4xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 4xx count CloudWatch metric alarm ID | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_arn | ALB Target Group 5xx count CloudWatch metric alarm ARN | +| httpcode\_target\_5xx\_count\_cloudwatch\_metric\_alarm\_id | ALB Target Group 5xx count CloudWatch metric alarm ID | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_arn | ALB Target Group response time average CloudWatch metric alarm ARN | +| target\_response\_time\_average\_cloudwatch\_metric\_alarm\_id | ALB Target Group response time average CloudWatch metric alarm ID | diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars index 4a7b476..c21233e 100644 --- a/examples/complete/fixtures.us-east-2.tfvars +++ b/examples/complete/fixtures.us-east-2.tfvars @@ -36,8 +36,6 @@ webhook_enabled = false github_oauth_token = "test" -github_webhooks_token = "test" - atlantis_gh_user = "test" atlantis_gh_team_whitelist = "dev:plan,ops:*" diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 50cdc4a..815afae 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -13,7 +13,7 @@ module "label" { } module "vpc" { - source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.8.1" + source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.14.0" namespace = var.namespace stage = var.stage name = var.name @@ -24,7 +24,7 @@ module "vpc" { } module "subnets" { - source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.16.1" + source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.19.0" availability_zones = var.availability_zones namespace = var.namespace stage = var.stage @@ -40,7 +40,7 @@ module "subnets" { } module "alb" { - source = "git::https://github.com/cloudposse/terraform-aws-alb.git?ref=tags/0.7.0" + source = "git::https://github.com/cloudposse/terraform-aws-alb.git?ref=tags/0.11.0" namespace = var.namespace stage = var.stage name = var.name @@ -72,7 +72,7 @@ resource "aws_sns_topic" "sns_topic" { } module "kms_key" { - source = "git::https://github.com/cloudposse/terraform-aws-kms-key.git?ref=tags/0.3.0" + source = "git::https://github.com/cloudposse/terraform-aws-kms-key.git?ref=tags/0.4.0" enabled = var.enabled namespace = var.namespace stage = var.stage diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 5a2f403..119c240 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -83,14 +83,14 @@ output "ecr_registry_id" { description = "Registry ID" } -output "ecr_registry_url" { - value = module.atlantis.ecr_registry_url - description = "Registry URL" +output "ecr_repository_url" { + value = module.atlantis.ecr_repository_url + description = "Repository URL" } output "ecr_repository_name" { value = module.atlantis.ecr_repository_name - description = "Registry name" + description = "Repository name" } output "alb_ingress_target_group_name" { diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf index a4d4a7e..5a6f69d 100644 --- a/examples/complete/variables.tf +++ b/examples/complete/variables.tf @@ -68,6 +68,7 @@ variable "github_oauth_token" { variable "github_webhooks_token" { type = string description = "GitHub OAuth Token with permissions to create webhooks. If not provided the token is looked up from SSM" + default = "" } variable "codepipeline_enabled" { diff --git a/main.tf b/main.tf index c6d8479..619ffd4 100644 --- a/main.tf +++ b/main.tf @@ -39,7 +39,7 @@ locals { # Modules #-------------------------------------------------------------- module "ssh_key_pair" { - source = "git::https://github.com/cloudposse/terraform-aws-ssm-tls-ssh-key-pair.git?ref=tags/0.4.0" + source = "git::https://github.com/cloudposse/terraform-aws-ssm-tls-ssh-key-pair.git?ref=tags/0.5.0" enabled = var.enabled namespace = var.namespace stage = var.stage @@ -51,19 +51,21 @@ module "ssh_key_pair" { kms_key_id = local.kms_key_id } -module "webhooks" { - source = "git::https://github.com/cloudposse/terraform-github-repository-webhooks.git?ref=tags/0.5.0" - enabled = var.enabled && var.webhook_enabled - github_token = local.github_webhooks_token - webhook_secret = local.atlantis_gh_webhook_secret - webhook_url = local.atlantis_webhook_url - github_organization = var.repo_owner - github_repositories = [var.repo_name] - events = var.webhook_events +module "github_webhooks" { + source = "git::https://github.com/cloudposse/terraform-github-repository-webhooks.git?ref=tags/0.8.0" + enabled = var.enabled && var.webhook_enabled ? true : false + github_anonymous = var.github_anonymous + github_organization = var.repo_owner + github_repositories = [var.repo_name] + github_token = local.github_webhooks_token + webhook_secret = local.atlantis_gh_webhook_secret + webhook_url = local.atlantis_webhook_url + webhook_content_type = "json" + events = var.webhook_events } module "ecs_web_app" { - source = "git::https://github.com/cloudposse/terraform-aws-ecs-web-app.git?ref=tags/0.24.0" + source = "git::https://github.com/cloudposse/terraform-aws-ecs-web-app.git?ref=tags/0.31.0" namespace = var.namespace stage = var.stage name = var.name diff --git a/outputs.tf b/outputs.tf index 83cab60..5928d0d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -18,14 +18,14 @@ output "ecr_registry_id" { description = "Registry ID" } -output "ecr_registry_url" { - value = module.ecs_web_app.ecr_registry_url - description = "Registry URL" +output "ecr_repository_url" { + value = module.ecs_web_app.ecr_repository_url + description = "Repository URL" } output "ecr_repository_name" { value = module.ecs_web_app.ecr_repository_name - description = "Registry name" + description = "Repository name" } output "alb_ingress_target_group_name" { diff --git a/test/src/Makefile b/test/src/Makefile index dec7cfb..f31ff7b 100644 --- a/test/src/Makefile +++ b/test/src/Makefile @@ -8,6 +8,8 @@ PATH := $(PATH):$(GOBIN) export TF_DATA_DIR ?= $(CURDIR)/.terraform export TF_CLI_ARGS_init ?= -get-plugins=true export GOPATH +# Expose GitHub Token as github_webhooks_token variable so that SSM does not fail +export TF_VAR_github_webhooks_token ?= $(GITHUB_TOKEN) .PHONY: all ## Default target diff --git a/test/src/examples_complete_test.go b/test/src/examples_complete_test.go index 3e1f82e..0048ad1 100644 --- a/test/src/examples_complete_test.go +++ b/test/src/examples_complete_test.go @@ -7,6 +7,9 @@ import ( "github.com/gruntwork-io/terratest/modules/terraform" "github.com/stretchr/testify/assert" + "math/rand" + "strconv" + "time" ) // Test the Terraform module in examples/complete using Terratest. @@ -15,6 +18,10 @@ func TestExamplesComplete(t *testing.T) { targets := []string{"module.label", "module.vpc", "module.subnets", "module.alb"} + rand.Seed(time.Now().UnixNano()) + + attributes := []string{strconv.Itoa(rand.Intn(1000))} + // We need to create the ALB first because terraform does not wwait for it to be in the ready state before creating ECS target group terraformOptions := &terraform.Options{ // The path to where our Terraform code is located @@ -22,6 +29,9 @@ func TestExamplesComplete(t *testing.T) { Upgrade: true, // Variables to pass to our Terraform code using -var-file options VarFiles: []string{"fixtures.us-east-2.tfvars"}, + Vars: map[string]interface{}{ + "attributes": attributes, + }, Targets: targets, } @@ -65,7 +75,8 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable albName := terraform.Output(t, terraformOptions, "alb_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis", albName) + expectedAlbName := "eg-test-ecs-atlantis-" + attributes[0] + assert.Equal(t, expectedAlbName, albName) // Run `terraform output` to get the value of an output variable albHttpListenerArn := terraform.Output(t, terraformOptions, "alb_http_listener_arn") @@ -75,12 +86,14 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable albIngressTargetGroupName := terraform.Output(t, terraformOptions, "alb_ingress_target_group_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis", albIngressTargetGroupName) + expectedAlbIngressTargetGroupName := "eg-test-ecs-atlantis-" + attributes[0] + assert.Equal(t, expectedAlbIngressTargetGroupName, albIngressTargetGroupName) // Run `terraform output` to get the value of an output variable albAccessLogsBucketId := terraform.Output(t, terraformOptions, "alb_access_logs_bucket_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-alb-access-logs", albAccessLogsBucketId) + expectedAlbAccessLogsBucketId := "eg-test-ecs-atlantis-" + attributes[0] + "-alb-access-logs" + assert.Equal(t, expectedAlbAccessLogsBucketId, albAccessLogsBucketId) // Run `terraform output` to get the value of an output variable containerDefinitionJsonMap := terraform.OutputRequired(t, terraformOptions, "container_definition_json_map") @@ -88,7 +101,8 @@ func TestExamplesComplete(t *testing.T) { var jsonObject map[string]interface{} err := json.Unmarshal([]byte(containerDefinitionJsonMap), &jsonObject) assert.NoError(t, err) - assert.Equal(t, "eg-test-ecs-atlantis", jsonObject["name"]) + expectedContainerDefinitionName := "eg-test-ecs-atlantis-" + attributes[0] + assert.Equal(t, expectedContainerDefinitionName, jsonObject["name"]) assert.Equal(t, "cloudposse/default-backend:0.1.2", jsonObject["image"]) assert.Equal(t, 512, int((jsonObject["memory"]).(float64))) assert.Equal(t, 128, int((jsonObject["memoryReservation"]).(float64))) @@ -99,102 +113,122 @@ func TestExamplesComplete(t *testing.T) { // Run `terraform output` to get the value of an output variable codebuildCacheBucketName := terraform.Output(t, terraformOptions, "codebuild_cache_bucket_name") // Verify we're getting back the outputs we expect - assert.Contains(t, codebuildCacheBucketName, "eg-test-ecs-atlantis-build") + expectedCodebuildCacheBucketName := "eg-test-ecs-atlantis-" + attributes[0] + "-build" + assert.Contains(t, codebuildCacheBucketName, expectedCodebuildCacheBucketName) // Run `terraform output` to get the value of an output variable codebuildProjectName := terraform.Output(t, terraformOptions, "codebuild_project_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-build", codebuildProjectName) + expectedCodebuildProjectName := "eg-test-ecs-atlantis-" + attributes[0] + "-build" + assert.Equal(t, expectedCodebuildProjectName, codebuildProjectName) // Run `terraform output` to get the value of an output variable codebuildRoleId := terraform.Output(t, terraformOptions, "codebuild_role_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-build", codebuildRoleId) + expectedCodebuildRoleId := "eg-test-ecs-atlantis-" + attributes[0] + "-build" + assert.Equal(t, expectedCodebuildRoleId, codebuildRoleId) // Run `terraform output` to get the value of an output variable codepipelineId := terraform.Output(t, terraformOptions, "codepipeline_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-codepipeline", codepipelineId) + expectedCodepipelineId := "eg-test-ecs-atlantis-" + attributes[0] + "-codepipeline" + assert.Equal(t, expectedCodepipelineId, codepipelineId) // Run `terraform output` to get the value of an output variable ecrRepositoryName := terraform.Output(t, terraformOptions, "ecr_repository_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-ecr", ecrRepositoryName) + expectedEcrRepositoryName := "eg-test-ecs-atlantis-" + attributes[0] + "-ecr" + assert.Equal(t, expectedEcrRepositoryName, ecrRepositoryName) // Run `terraform output` to get the value of an output variable ecsTaskRoleName := terraform.Output(t, terraformOptions, "ecs_task_role_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-task", ecsTaskRoleName) + expectedEcsTaskRoleName := "eg-test-ecs-atlantis-" + attributes[0] + "-task" + assert.Equal(t, expectedEcsTaskRoleName, ecsTaskRoleName) // Run `terraform output` to get the value of an output variable ecsTaskExecRoleName := terraform.Output(t, terraformOptions, "ecs_task_exec_role_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-exec", ecsTaskExecRoleName) + expectedEcsTaskExecRoleName := "eg-test-ecs-atlantis-" + attributes[0] + "-exec" + assert.Equal(t, expectedEcsTaskExecRoleName, ecsTaskExecRoleName) // Run `terraform output` to get the value of an output variable ecsServiceName := terraform.Output(t, terraformOptions, "ecs_service_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis", ecsServiceName) + expectedEcsServiceName := "eg-test-ecs-atlantis-" + attributes[0] + assert.Equal(t, expectedEcsServiceName, ecsServiceName) // Run `terraform output` to get the value of an output variable ecsExecRolePolicyName := terraform.Output(t, terraformOptions, "ecs_exec_role_policy_name") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-exec", ecsExecRolePolicyName) + expectedEcsExecRolePolicyName := "eg-test-ecs-atlantis-" + attributes[0] + "-exec" + assert.Equal(t, expectedEcsExecRolePolicyName, ecsExecRolePolicyName) // Run `terraform output` to get the value of an output variable ecsCloudwatchAutoscalingScaleDownPolicyArn := terraform.Output(t, terraformOptions, "ecs_cloudwatch_autoscaling_scale_down_policy_arn") // Verify we're getting back the outputs we expect - assert.Contains(t, ecsCloudwatchAutoscalingScaleDownPolicyArn, "policyName/eg-test-ecs-atlantis-down") + expectedEcsCloudwatchAutoscalingScaleDownPolicyArn := "policyName/eg-test-ecs-atlantis-" + attributes[0] + "-down" + assert.Contains(t, ecsCloudwatchAutoscalingScaleDownPolicyArn, expectedEcsCloudwatchAutoscalingScaleDownPolicyArn) // Run `terraform output` to get the value of an output variable ecsCloudwatchAutoscalingScaleUpPolicyArn := terraform.Output(t, terraformOptions, "ecs_cloudwatch_autoscaling_scale_up_policy_arn") // Verify we're getting back the outputs we expect - assert.Contains(t, ecsCloudwatchAutoscalingScaleUpPolicyArn, "policyName/eg-test-ecs-atlantis-up") + expectedEcsCloudwatchAutoscalingScaleUpPolicyArn := "policyName/eg-test-ecs-atlantis-" + attributes[0] + "-up" + assert.Contains(t, ecsCloudwatchAutoscalingScaleUpPolicyArn, expectedEcsCloudwatchAutoscalingScaleUpPolicyArn) // Run `terraform output` to get the value of an output variable ecsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_cpu_utilization_high_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-cpu-utilization-high", ecsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId) + expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-cpu-utilization-high" + assert.Equal(t, expectedEcsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId, ecsAlarmsCpuUtilizationHighCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable ecsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_cpu_utilization_low_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-cpu-utilization-low", ecsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId) + expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-cpu-utilization-low" + assert.Equal(t, expectedEcsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId, ecsAlarmsCpuUtilizationLowCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable ecsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_memory_utilization_high_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-memory-utilization-high", ecsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId) + expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-memory-utilization-high" + assert.Equal(t, expectedEcsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId, ecsAlarmsMemoryUtilizationHighCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable ecsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "ecs_alarms_memory_utilization_low_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-memory-utilization-low", ecsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId) - + expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-memory-utilization-low" + assert.Equal(t, expectedEcsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId, ecsAlarmsMemoryUtilizationLowCloudwatchMetricAlarmId) + // Run `terraform output` to get the value of an output variable httpcodeElb5xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_elb_5xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-elb-5xx-count-high", httpcodeElb5xxCountCloudwatchMetricAlarmId) + expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-elb-5xx-count-high" + assert.Equal(t, expectedHttpcodeElb5xxCountCloudwatchMetricAlarmId, httpcodeElb5xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable httpcodeTarget3xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_3xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-3xx-count-high", httpcodeTarget3xxCountCloudwatchMetricAlarmId) + expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-3xx-count-high" + assert.Equal(t, expectedHttpcodeTarget3xxCountCloudwatchMetricAlarmId, httpcodeTarget3xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable httpcodeTarget4xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_4xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-4xx-count-high", httpcodeTarget4xxCountCloudwatchMetricAlarmId) + expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-4xx-count-high" + assert.Equal(t, expectedHttpcodeTarget4xxCountCloudwatchMetricAlarmId, httpcodeTarget4xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable httpcodeTarget5xxCountCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "httpcode_target_5xx_count_cloudwatch_metric_alarm_id") // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-5xx-count-high", httpcodeTarget5xxCountCloudwatchMetricAlarmId) + expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-5xx-count-high" + assert.Equal(t, expectedHttpcodeTarget5xxCountCloudwatchMetricAlarmId, httpcodeTarget5xxCountCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable targetResponseTimeAverageCloudwatchMetricAlarmId := terraform.Output(t, terraformOptions, "target_response_time_average_cloudwatch_metric_alarm_id") - // Verify we're getting back the outputs we expect - assert.Equal(t, "eg-test-ecs-atlantis-target-response-high", targetResponseTimeAverageCloudwatchMetricAlarmId) + // Verify we're getting back the outputs we + expectedTargetResponseTimeAverageCloudwatchMetricAlarmId := "eg-test-ecs-atlantis-" + attributes[0] + "-target-response-high" + assert.Equal(t, expectedTargetResponseTimeAverageCloudwatchMetricAlarmId, targetResponseTimeAverageCloudwatchMetricAlarmId) // Run `terraform output` to get the value of an output variable atlantisUrl := terraform.Output(t, terraformOptions, "atlantis_url") diff --git a/variables.tf b/variables.tf index c20a8ce..914d262 100644 --- a/variables.tf +++ b/variables.tf @@ -62,6 +62,12 @@ variable "github_webhooks_token" { default = "" } +variable "github_anonymous" { + type = bool + description = "Github Anonymous API (if `true`, token must not be set as GITHUB_TOKEN or `github_token`)" + default = false +} + variable "github_oauth_token_ssm_name" { type = string description = "SSM param name to lookup `github_oauth_token` if not provided"