Skip to content

snowplow-devops/terraform-aws-iglu-server-ec2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Release CI License Registry Source

terraform-aws-iglu-server-ec2

A Terraform module which deploys a Snowplow Iglu Server application on AWS running on top of EC2. If you want to use a custom AMI for this deployment you will need to ensure it is based on top of Amazon Linux 2.

Telemetry

This module by default collects and forwards telemetry information to Snowplow to understand how our applications are being used. No identifying information about your sub-account or account fingerprints are ever forwarded to us - it is very simple information about what modules and applications are deployed and active.

If you wish to subscribe to our mailing list for updates to these modules or security advisories please set the user_provided_id variable to include a valid email address which we can reach you at.

How do I disable it?

To disable telemetry simply set variable telemetry_enabled = false.

What are you collecting?

For details on what information is collected please see this module: https://github.com/snowplow-devops/terraform-snowplow-telemetry

Usage

The Iglu Server stack requires a Load Balancer and a Postgres instance to save information into for its backend. Here we are using several managed modules to facilitate this requirement but you can also sub in your own Postgres Host and Load Balancer if you prefer to do so.

locals {
  iglu_db_name     = "iglu"
  iglu_db_username = "iglu"

  # Keep this secret!!
  iglu_db_password = "Hell0W0rld!"

  # Used for API actions on the Iglu Server. Keep this secret!!
  iglu_super_api_key = "2f48ad70-b70c-4f58-af3b-f19d8b7706e1"
}

module "iglu_rds" {
  source  = "snowplow-devops/rds/aws"
  version = "0.2.0"

  name        = "iglu-rds"
  vpc_id      = var.vpc_id
  subnet_ids  = var.subnet_ids
  db_name     = local.iglu_db_name
  db_username = local.iglu_db_username
  db_password = local.iglu_db_password
}

module "iglu_lb" {
  source  = "snowplow-devops/alb/aws"
  version = "0.2.0"

  name              = "iglu-lb"
  vpc_id            = var.vpc_id
  subnet_ids        = var.subnet_ids
  health_check_path = "/api/meta/health"
}

module "iglu_server" {
  source = "snowplow-devops/iglu-server-ec2/aws"

  accept_limited_use_license = true

  name                 = "iglu-server"
  vpc_id               = var.vpc_id
  subnet_ids           = var.subnet_ids
  iglu_server_lb_sg_id = module.iglu_lb.sg_id
  iglu_server_lb_tg_id = module.iglu_lb.tg_id
  ingress_port         = module.iglu_lb.tg_egress_port
  db_sg_id             = module.iglu_rds.sg_id
  db_host              = module.iglu_rds.address
  db_port              = module.iglu_rds.port
  db_name              = local.iglu_db_name
  db_username          = local.iglu_db_username
  db_password          = local.iglu_db_password
  super_api_key        = local.iglu_super_api_key

  ssh_key_name     = "your-key-name"
  ssh_ip_allowlist = ["0.0.0.0/0"]
}

Requirements

Name Version
terraform >= 1.0.0
aws >= 3.72.0

Providers

Name Version
aws >= 3.72.0

Modules

Name Source Version
instance_type_metrics snowplow-devops/ec2-instance-type-metrics/aws 0.1.2
service snowplow-devops/service-ec2/aws 0.2.1
telemetry snowplow-devops/telemetry/snowplow 0.5.0

Resources

Name Type
aws_cloudwatch_log_group.log_group resource
aws_iam_instance_profile.instance_profile resource
aws_iam_policy.iam_policy resource
aws_iam_role.iam_role resource
aws_iam_role_policy_attachment.policy_attachment resource
aws_security_group.sg resource
aws_security_group_rule.egress_tcp_443 resource
aws_security_group_rule.egress_tcp_80 resource
aws_security_group_rule.egress_tcp_webserver_rds resource
aws_security_group_rule.egress_udp_123 resource
aws_security_group_rule.ingress_tcp_22 resource
aws_security_group_rule.ingress_tcp_webserver resource
aws_security_group_rule.lb_egress_tcp_webserver resource
aws_security_group_rule.rds_egress_tcp_webserver resource
aws_caller_identity.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
db_host The hostname of the database to connect to string n/a yes
db_name The name of the database to connect to string n/a yes
db_password The password to use to connect to the database string n/a yes
db_port The port the database is running on number n/a yes
db_sg_id The ID of the RDS security group that sits downstream of the webserver string n/a yes
db_username The username to use to connect to the database string n/a yes
iglu_server_lb_sg_id The ID of the load-balancer security group that sits upstream of the webserver string n/a yes
iglu_server_lb_tg_id The ID of the load-balancer target group to direct traffic from the load-balancer to the webserver string n/a yes
ingress_port The port that the Iglu Server will be bound to and expose over HTTP number n/a yes
name A name which will be pre-pended to the resources created string n/a yes
ssh_key_name The name of the SSH key-pair to attach to all EC2 nodes deployed string n/a yes
subnet_ids The list of subnets to deploy the Iglu Server across list(string) n/a yes
super_api_key A UUIDv4 string to use as the master API key for Iglu Server management string n/a yes
vpc_id The VPC to deploy the Iglu Server within string n/a yes
accept_limited_use_license Acceptance of the SLULA terms (https://docs.snowplow.io/limited-use-license-1.0/) bool false no
amazon_linux_2_ami_id The AMI ID to use which must be based of of Amazon Linux 2; by default the latest community version is used string "" no
app_version App version to use. This variable facilitates dev flow, the modules may not work with anything other than the default value. string "0.12.0" no
associate_public_ip_address Whether to assign a public ip address to this instance bool true no
cloudwatch_logs_enabled Whether application logs should be reported to CloudWatch bool true no
cloudwatch_logs_retention_days The length of time in days to retain logs for number 7 no
enable_auto_scaling Whether to enable auto-scaling policies for the service (WARN: ensure you have sufficient db_connections available for the max number of nodes in the ASG) bool true no
iam_permissions_boundary The permissions boundary ARN to set on IAM roles created string "" no
instance_type The instance type to use string "t3a.micro" no
java_opts Custom JAVA Options string "-XX:InitialRAMPercentage=75 -XX:MaxRAMPercentage=75" no
max_size The maximum number of servers in this server-group number 2 no
min_size The minimum number of servers in this server-group number 1 no
patches_allowed Whether or not patches are allowed for published Iglu Schemas bool true no
private_ecr_registry The URL of an ECR registry that the sub-account has access to (e.g. '000000000000.dkr.ecr.cn-north-1.amazonaws.com.cn/') string "" no
scale_down_cooldown_sec Time (in seconds) until another scale-down action can occur number 600 no
scale_down_cpu_threshold_percentage The average CPU percentage that we must be below to scale-down number 20 no
scale_down_eval_minutes The number of consecutive minutes that we must be below the threshold to scale-down number 60 no
scale_up_cooldown_sec Time (in seconds) until another scale-up action can occur number 180 no
scale_up_cpu_threshold_percentage The average CPU percentage that must be exceeded to scale-up number 60 no
scale_up_eval_minutes The number of consecutive minutes that the threshold must be breached to scale-up number 5 no
ssh_ip_allowlist The list of CIDR ranges to allow SSH traffic from list(any)
[
"0.0.0.0/0"
]
no
tags The tags to append to this resource map(string) {} no
telemetry_enabled Whether or not to send telemetry information back to Snowplow Analytics Ltd bool true no
user_provided_id An optional unique identifier to identify the telemetry events emitted by this stack string "" no

Outputs

Name Description
asg_id ID of the ASG
asg_name Name of the ASG
sg_id ID of the security group attached to the Iglu Server node

Copyright and license

Copyright 2021-current Snowplow Analytics Ltd.

Licensed under the Snowplow Limited Use License Agreement. (If you are uncertain how it applies to your use case, check our answers to frequently asked questions.)