OCTO Shared Terraform Modules
Documentation for all the Terraform modules shared by OCTO.
aws_acm_cert
Just a wrapper around terraform-aws-modules/acm/aws which reduces the
parameters even further.
Terraform Module Source
module "aws_acm_cert" {
source = "https://tfmodules.matillion-cto.matillion.com/aws_acm_cert.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_route53_zone.zone | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| url | n/a | object({ | n/a | yes |
| includeWildcard | n/a | bool | false | no |
Outputs
| Name | Description |
|---|---|
| certificate_arn | n/a |
| url | n/a |
| zone_id | n/a |
aws_eb_service
This module creates an elastic beanstalk service, with associated route53 entry, acm certificate for https and appropriate IAM policies.
Terraform Module Source
module "aws_eb_service" {
source = "https://tfmodules.matillion-cto.matillion.com/aws_eb_service.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_elastic_beanstalk_application.eb_application | resource |
| aws_elastic_beanstalk_environment.eb_environment | resource |
| aws_iam_instance_profile.eb_profile | resource |
| aws_iam_policy.service_policy | resource |
| aws_iam_role.eb_role | resource |
| aws_iam_role.service_role | resource |
| aws_s3_bucket.deployment_bucket | resource |
| aws_security_group.security_group | resource |
| random_id.index | resource |
| aws_caller_identity.aws | data source |
| aws_elastic_beanstalk_hosted_zone.current | data source |
| aws_elastic_beanstalk_solution_stack.solution_stack | data source |
| aws_iam_policy_document.empty_policy | data source |
| aws_subnets.subnets | data source |
| aws_vpc.vpc | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| serviceName | The name of the service | string | n/a | yes |
| serviceUrlName | The first part of the URL, this gets combined with zone to be serviceUrlName.zone | string | n/a | yes |
| bucketName | n/a | string | "" | no |
| bucketPrefix | n/a | string | "mtln-" | no |
| bucketSlug | n/a | string | "" | no |
| bucketSuffix | n/a | string | "-deployment-" | no |
| ebPolicyJson | n/a | string | "" | no |
| envVars | n/a | map | {} | no |
| instanceType | n/a | string | "t3.small" | no |
| internalPort | n/a | number | 8080 | no |
| maxInstances | The maximum number of instances that should be created | number | 2 | no |
| minInstances | The minimum number of instances that should be created | number | 2 | no |
| profile | The spring profile that should be enabled | string | "preprod" | no |
| subnet_id | The subnet to deploy the service to | string | "" | no |
| vpc_name | n/a | string | "public" | no |
| zone | The name of the Route53 zone to use | string | "matillion-cto.matillion.com" | no |
Outputs
| Name | Description |
|---|---|
| eb_profile_arn | n/a |
| output_values | n/a |
aws_ecs_task_definition_with_datadog
This module is a simple wrapper module around aws_ecs_task_definition which adds a datadog agent sidecar container to
the task definition.
Terraform Module Source
module "aws_ecs_task_definition_with_datadog" {
source = "https://tfmodules.matillion-cto.matillion.com/aws_ecs_task_definition_with_datadog.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_ecs_task_definition.aws_ecs_task_definition_with_datadog | resource |
| aws_iam_role.aws_ecs_task_role | resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| container_definitions | A list of valid container definitions provided as a single valid JSON document. Please note that you should only provide values that are part of the container definition document. For a detailed description of what parameters are available, see the Task Definition Parameters section from the official Developer Guide. | string | n/a | yes |
| cpu | Number of cpu units used by the task. If the requires_compatibilities is FARGATE this field is required. | string | n/a | yes |
| dd_api_key_secret | The secret to expose to the container. The supported values are either the full ARN of the AWS Secrets Manager secret or the full ARN of the parameter in the AWS Systems Manager Parameter Store. | string | n/a | yes |
| dd_env | The env tag to be attached to all data sent to Datadog. | string | n/a | yes |
| dd_service_name | The service name to be attached to all data sent to Datadog. | string | n/a | yes |
| dd_team | The team tag to be attached to all data sent to Datadog. | string | n/a | yes |
| dd_version | The version tag to be attached to all data sent to Datadog. | string | n/a | yes |
| execution_role_arn | ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume. | string | n/a | yes |
| family | A unique name for your task definition. | string | n/a | yes |
| memory | Amount (in MiB) of memory used by the task. If the requires_compatibilities is FARGATE this field is required. | string | n/a | yes |
| network_mode | Docker networking mode to use for the containers in the task. Valid values are none, bridge, awsvpc, and host. | string | n/a | yes |
| task_role_inline_policies | The inline policies to use for the task role. | set(object({name: string, policy: string})) | n/a | yes |
| dd_site | Can also use datadoghq.eu | string | "datadoghq.com" | no |
Outputs
| Name | Description |
|---|---|
| arn | n/a |
aws_efs_kube
Creates an efs volume and mounts it to a kubernetes cluster as a persistent volume.
Terraform Module Source
module "aws_efs_kube" {
source = "https://tfmodules.matillion-cto.matillion.com/aws_efs_kube.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_efs_file_system.efs | resource |
| aws_efs_mount_target.mount_target | resource |
| aws_iam_policy.policy | resource |
| aws_kms_key.new_key | resource |
| aws_security_group.efs_security_group | resource |
| aws_vpc_security_group_ingress_rule.efs_inbound | resource |
| kubernetes_persistent_volume_claim_v1.pvc | resource |
| kubernetes_persistent_volume_v1.pv | resource |
| aws_iam_policy_document.efs_policy | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| kube_config | n/a | object({ | n/a | yes |
| kube_namespace | n/a | string | n/a | yes |
| name | n/a | string | n/a | yes |
| create_service_role | n/a | bool | true | no |
| creation_token | n/a | string | "" | no |
| efs_name | n/a | string | "" | no |
| efs_throughput_mode | n/a | string | "bursting" | no |
| encrypted | n/a | bool | true | no |
| kms_key_arn | n/a | string | "" | no |
| pv_capacity_storage | n/a | string | "100Gi" | no |
| pv_name | n/a | string | "" | no |
| pvc_name | n/a | string | "" | no |
| pvc_request_storage | n/a | string | "1Gi" | no |
| sg_name | n/a | string | "" | no |
Outputs
| Name | Description |
|---|---|
| claim | n/a |
| efs_id | n/a |
| pvc_name | n/a |
| service_role_name | n/a |
| service_role_policy | n/a |
aws_react_frontend
Creates a bunch of resources like an s3 bucket and cloudfront distribution to host a SPA react app. It also sets up CF to forward API requests to the backend server and sets up the associated domain name and certificates.
Terraform Module Source
module "aws_react_frontend" {
source = "https://tfmodules.matillion-cto.matillion.com/aws_react_frontend.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_cloudfront_distribution.cloudfront | resource |
| aws_cloudfront_origin_access_identity.web_distribution | resource |
| aws_s3_bucket.s3_bucket | resource |
| aws_s3_bucket_policy.s3_bucket_policy | resource |
| aws_cloudfront_cache_policy.api_policy | data source |
| aws_cloudfront_origin_request_policy.api_policy | data source |
| aws_iam_policy_document.s3_bucket_policy | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backendUrlName | The first part of the URL of the backend. | string | n/a | yes |
| serviceName | The name of the service | string | n/a | yes |
| serviceUrlName | The first part of the URL, this gets combined with zone to be serviceUrlName.zone | string | n/a | yes |
| includeWildcard | Whether to include a wildcard record for the service | bool | false | no |
| zone | The name of the Route53 zone to use | string | "matillion-cto.matillion.com" | no |
Outputs
| Name | Description |
|---|---|
| output_values | n/a |
| s3_id | n/a |
aws_route53_domain
A small wrapper around route53. It handles getting the correct zone from the domain and constructing a correct url.
Terraform Module Source
module "aws_route53_domain" {
source = "https://tfmodules.matillion-cto.matillion.com/aws_route53_domain.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_route53_record.dns | resource |
| aws_route53_zone.zone | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| target | n/a | object({ | n/a | yes |
| url | n/a | object({ | n/a | yes |
Outputs
| Name | Description |
|---|---|
| url | n/a |
Kube Config
This module exports a bunch of config option to save repetition
Terraform Module Source
module "kube_config" {
source = "https://tfmodules.matillion-cto.matillion.com/kube_config.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_eks_cluster.eks_cluster | data source |
| aws_eks_cluster_auth.cluster | data source |
| aws_vpc.vpc | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | n/a | string | n/a | yes |
| include_node_info | n/a | bool | false | no |
Outputs
| Name | Description |
|---|---|
| config | n/a |
| provider_config | n/a |
Kube Service
A kube spring backend with route53 and such
Terraform Module Source
module "kube_service" {
source = "https://tfmodules.matillion-cto.matillion.com/kube_service.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_ecr_repository.repository | resource |
| aws_iam_policy.main | resource |
| kubernetes_deployment.deployment | resource |
| kubernetes_ingress_v1.kube_ingress | resource |
| kubernetes_namespace.namespace | resource |
| kubernetes_service.service | resource |
| kubernetes_service.service_new | resource |
| aws_caller_identity.aws | data source |
| aws_elb_hosted_zone_id.elb_zone_id | data source |
| aws_iam_policy_document.empty_policy | data source |
| aws_region.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| kube_config | n/a | object({ | n/a | yes |
| serviceName | The name of the service | string | n/a | yes |
| serviceUrlName | The first part of the URL, this gets combined with zone to be serviceUrlName.zone | string | n/a | yes |
| create_ecr_repository | n/a | bool | true | no |
| create_namespace | n/a | bool | true | no |
| ebPolicyJson | n/a | string | "" | no |
| envVars | n/a | map(string) | {} | no |
| expose_path | n/a | string | "/api/" | no |
| image_name | n/a | string | "" | no |
| image_version | n/a | string | "latest" | no |
| include_legacy_service_lb | n/a | bool | false | no |
| ingress_alternate_hosts | n/a | list(string) | [] | no |
| ingress_group | n/a | string | "shared-apis" | no |
| internalPort | n/a | number | 8080 | no |
| maxInstances | The maximum number of instances that should be created | number | 2 | no |
| minInstances | The minimum number of instances that should be created | number | 2 | no |
| namespace | n/a | string | "" | no |
| persistent_volumes | n/a | list(object({ | [] | no |
| profile | The spring profile that should be enabled | string | "preprod" | no |
| prometheus_enabled | n/a | bool | false | no |
| prometheus_path | n/a | string | "/actuator/prometheus" | no |
| prometheus_port | n/a | number | 0 | no |
| use_legacy_service_dns | n/a | bool | false | no |
| vpc_name | n/a | string | "public" | no |
| zone | The name of the Route53 zone to use | string | "matillion-cto.matillion.com" | no |
Outputs
| Name | Description |
|---|---|
| service_account | n/a |
Kube Service Role
Create a kube IAM service role
Terraform Module Source
module "kube_service_role" {
source = "https://tfmodules.matillion-cto.matillion.com/kube_service_role.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| aws_eks_pod_identity_association.pod_association | resource |
| aws_iam_role.main | resource |
| aws_iam_role_policy_attachment.attach_policy | resource |
| kubernetes_service_account.service | resource |
| aws_caller_identity.aws | data source |
| aws_region.current | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| eks_cluster | n/a | string | n/a | yes |
| kube_namespace | n/a | string | n/a | yes |
| name | n/a | string | n/a | yes |
| policy_arn | n/a | string | n/a | yes |
| oidc_provider_id | n/a | string | "AB88EFEC40ADAB4358F8851BF7EDAE54" | no |
| use_pod_identity | n/a | bool | false | no |
Outputs
| Name | Description |
|---|---|
| iam_role | n/a |
| iam_role_arn | n/a |
| service_account_name | n/a |
Kube Simple Ingress
A simple module which combines some basic kube configuration and some aws configuration to make setting up an ingress a little easier
Terraform Module Source
module "kube_simple_ingress" {
source = "https://tfmodules.matillion-cto.matillion.com/kube_simple_ingress.tar.gz"
...
}
Resources
| Name | Type |
|---|---|
| kubernetes_ingress_v1.kube_ingress | resource |
| aws_lb_hosted_zone_id.elb_zone_id | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| kube_namespace | n/a | string | n/a | yes |
| name | n/a | string | n/a | yes |
| service_name | n/a | string | n/a | yes |
| subdomain | n/a | string | n/a | yes |
| domain | n/a | string | "matillion-cto.matillion.com" | no |
| expose_path | n/a | string | "/" | no |
| ingress_alternate_hosts | n/a | list(string) | [] | no |
| ingress_group | n/a | string | "shared-apis" | no |
Outputs
No outputs.