Skip to content

ejstreet/terraform-aws-ghost

BranchesTags

Repository files navigation

terraform-aws-ghost

Module for deploying a Ghost blog to AWS

The defaults will deploy an fully featured deployment of Ghost, where all components are covered under the first 12 months of the AWS free-tier.

This includes:

  • A VPC with a public and private subnets
  • EC2 Instance running Flatcar Linux (t2/t3.micro)
    • Configuration to run Ghost and Nginx Docker containers
    • EBS persistent volume
    • Security groups to prevent direct access to the instance
  • A separate RDS instance to host the database (db.(t4g/t3/t2).micro)
  • A Cloudfront CDN
  • ACM certificates for TLS

DNS configuration

Some additional configuration is required after running the module. The details are given as outputs. You can either enter these into your DNS provider manually, or use this module in a larger terraform deployment that creates the DNS records.

Requirements

Name Version
terraform ~> 1.0
aws ~> 5.0
ct ~> 0.13.0
template ~> 2.0

Providers

Name Version
aws 5.36.0
aws.global 5.36.0
ct 0.13.0
template 2.2.0

Modules

No modules.

Resources

Name Type
aws_acm_certificate.cdn_cert resource
aws_cloudfront_cache_policy.caching-optimized-with-ghost-cookies resource
aws_cloudfront_distribution.ghost resource
aws_db_instance.ghost resource
aws_db_subnet_group.private resource
aws_ebs_volume.persistent-data resource
aws_instance.flatcar resource
aws_internet_gateway.public resource
aws_key_pair.ssh resource
aws_route_table.private resource
aws_route_table.public resource
aws_route_table_association.private resource
aws_route_table_association.public resource
aws_security_group.db resource
aws_security_group.flatcar resource
aws_subnet.private resource
aws_subnet.public resource
aws_volume_attachment.persistent-data resource
aws_vpc.this resource
aws_vpc_security_group_egress_rule.to_all resource
aws_vpc_security_group_ingress_rule.admin_to_flatcar resource
aws_vpc_security_group_ingress_rule.cloudfront_to_flatcar resource
aws_vpc_security_group_ingress_rule.flatcar_to_db resource
aws_ami.flatcar_stable_latest data source
aws_availability_zones.available data source
aws_cloudfront_cache_policy.disabled data source
aws_cloudfront_cache_policy.optimized data source
aws_cloudfront_origin_request_policy.all-viewer data source
aws_cloudfront_response_headers_policy.simple-cors data source
aws_ec2_instance_types.free_tier data source
aws_ec2_managed_prefix_list.cloudfront data source
aws_rds_orderable_db_instance.free-tier data source
ct_config.machine-ignitions data source
template_file.machine-configs data source
template_file.nginx-config data source

Inputs

Name Description Type Default Required
admin_ip IP address with subnet mask (ideally /32) of admin to allow direct access to the instance. Only creates security group rule if set. string null no
aws_region AWS Region to use for running the machine string n/a yes
cached_paths Paths which should be cached for all clients. list(string) 
[
  "/content/",
  "/assets/",
  "/public/*"
]
 no
db_password The password for accessing the database. It is recommended to pass this as an environment variable, e.g. TF_VAR_db_password. string n/a yes
deployment_name Name used for the deployment. string "ghost" no
domain_name The fully qualified domain name used to access the website. Does not require a protocol prefix. string n/a yes
ghost_extra_env_vars A map of k/v pairs to add as additional environment variables for the Ghost container. See https://ghost.org/docs/config/ map(string) {} no
ghost_image The image of Ghost to run. string n/a yes
instance_type Instance type for the machine. If unset, a free-tier instance will be used. string null no
private_cidrs List of CIDRs to use for private subnets. list(string) 
[
  "10.0.100.0/24",
  "10.0.102.0/24"
]
 no
public_cidrs List of CIDRs to use for public subnets. list(string) 
[
  "10.0.0.0/24",
  "10.0.2.0/24"
]
 no
ssh_keys SSH public keys for user 'core' list(string) n/a yes
uncached_paths Paths which should not be cached. list(string) 
[
  "/ghost/",
  "/members/"
]
 no
vpc_cidr The CIDR block for the VPC. string "10.0.0.0/16" no

Outputs

Name Description
dns_acm_validation_records Record(s) required by ACM to validate TLS certificates.
dns_cloudfront_record Record required to point domain at the CDN. Use an ALIAS record if the domain_name is the apex, otherwise use a CNAME.
ec2_connection_details Use the following to connect to the EC2 instance as admin.

About

Module for deploying a Ghost blog to AWS

Resources

Readme

License

MPL-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Initial Latest
Feb 28, 2024

Packages

No packages published

Languages