forked from cloudposse-archives/terraform-aws-ecs-atlantis
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
96 lines (79 loc) · 3.06 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
provider "aws" {
region = var.region
}
data "aws_availability_zones" "available" {}
locals {
availability_zones = slice(data.aws_availability_zones.available.names, 0, 2)
}
module "vpc" {
source = "cloudposse/vpc/aws"
version = "0.18.1"
cidr_block = "172.16.0.0/16"
context = module.this.context
}
module "subnets" {
source = "cloudposse/dynamic-subnets/aws"
version = "0.33.0"
availability_zones = local.availability_zones
vpc_id = module.vpc.vpc_id
igw_id = module.vpc.igw_id
cidr_block = module.vpc.vpc_cidr_block
nat_gateway_enabled = true
nat_instance_enabled = false
context = module.this.context
}
module "alb" {
source = "cloudposse/alb/aws"
version = "0.24.0"
vpc_id = module.vpc.vpc_id
security_group_ids = [module.vpc.vpc_default_security_group_id]
subnet_ids = module.subnets.public_subnet_ids
internal = false
http_enabled = true
alb_access_logs_s3_bucket_force_destroy = true
access_logs_enabled = true
cross_zone_load_balancing_enabled = true
http2_enabled = true
deletion_protection_enabled = false
context = module.this.context
}
# ECS Cluster (needed even if using FARGATE launch type)
resource "aws_ecs_cluster" "default" {
name = module.this.id
tags = module.this.tags
setting {
name = "containerInsights"
value = "enabled"
}
}
module "atlantis" {
source = "../.."
enabled = true
atlantis_gh_team_whitelist = var.atlantis_gh_team_whitelist
atlantis_gh_user = var.atlantis_gh_user
atlantis_repo_whitelist = var.atlantis_repo_whitelist
alb_arn_suffix = module.alb.alb_arn_suffix
alb_dns_name = module.alb.alb_dns_name
alb_name = module.alb.alb_name
alb_zone_id = module.alb.alb_zone_id
alb_security_group = module.alb.security_group_id
container_cpu = var.atlantis_container_cpu
container_memory = var.atlantis_container_memory
branch = var.atlantis_branch
parent_zone_id = var.parent_zone_id
ecs_cluster_arn = aws_ecs_cluster.default.arn
ecs_cluster_name = aws_ecs_cluster.default.name
repo_name = var.atlantis_repo_name
repo_owner = var.atlantis_repo_owner
private_subnet_ids = module.subnets.private_subnet_ids
security_group_ids = [module.vpc.vpc_default_security_group_id]
vpc_id = module.vpc.vpc_id
# Without authentication, both HTTP and HTTPS endpoints are supported
alb_ingress_unauthenticated_listener_arns = [module.alb.listener_arns]
alb_ingress_unauthenticated_listener_arns_count = 2
# All paths are unauthenticated
alb_ingress_unauthenticated_paths = ["/*"]
alb_ingress_listener_unauthenticated_priority = 100
alb_ingress_authenticated_paths = []
context = module.this.context
}