Skip to content

Latest commit

 

History

History
202 lines (157 loc) · 16.9 KB

README.md

File metadata and controls

202 lines (157 loc) · 16.9 KB
Raw

AWS RabbitMQ Terraform Module

squareops_avatar

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.


This module provides an easy and efficient way to provision and manage RabbitMQ clusters on AWS. It simplifies the process of creating highly available and scalable RabbitMQ infrastructures by automating the deployment and configuration tasks. Features

  1. Easy Configuration: The module allows you to define your RabbitMQ clusters and related resources using a concise and declarative syntax.

  2. High Availability: It supports the creation of RabbitMQ clusters with multiple nodes distributed across availability zones, ensuring fault tolerance and high availability.

  3. Security: The module integrates with AWS security features, allowing you to define security groups and control access to your RabbitMQ clusters.

  4. Scalability: You can easily scale your RabbitMQ clusters up or down by adjusting the number of nodes and instance types.

  5. Monitoring and Alerting: It provides integration with CloudWatch, enabling you to monitor key metrics and set up alerts for your RabbitMQ clusters.

  6. Logging: The module supports logging of RabbitMQ server logs to CloudWatch Logs or other specified destinations.

  7. Maintenance: You can configure maintenance windows for your RabbitMQ clusters to control the timing of maintenance activities.

  8. Secrets Management: The module supports the use of AWS Secrets Manager to securely store and manage RabbitMQ credentials.

  9. Customization: It offers a wide range of customizable parameters, allowing you to tailor the RabbitMQ configuration to your specific needs.

  10. CloudWatch Alerts: Set up CloudWatch alarms to monitor the health and performance of your Redis cluster. Integrate these alarms with AWS Simple Notification Service (SNS) to receive real-time alerts. Use AWS Lambda functions to customize your alerting logic, and send notifications to Slack channels for immediate visibility into your AWS RabbitMQ status.

Uses Example

module "rabbitmq_broker" {
  source = "gitlab.com/sq-ia/aws/rabbitmq.git"
  environment                      = "production"
  name                             = "skaf"
  vpc_id                           = "vpc-xyz5ed3skaf"
  username                         = "admin"
  subnet_ids                       = ["subnet-xyz355fskaf"]
  engine_version                   = "3.10.20"
  storage_type                     = "ebs"
  host_instance_type               = "mq.m5.large"
  deployment_mode                  = "SINGLE_INSTANCE"
  apply_immediately                = true
  publicly_accessible              = false
  authentication_strategy          = "simple"
  allowed_security_groups          = ["sg-xyzf8bdc01fd9skaf"]
  auto_minor_version_upgrade       = false
  cloudwatch_metric_alarms_enabled = true
  alarm_cpu_threshold_percent      = 70
  alarm_memory_used_threshold      = "10000000" # in bytes
  slack_username                   = "John"
  slack_channel                    = "skaf"
  slack_webhook_url                = "https://hooks.slack.com/services/xxxxxxxxx"
  maintenance_window_start_time = {
    day_of_week = "SUNDAY"
    time_of_day = "00:30"
    time_zone   = "GMT"
  }
}

Important Notes

  1. This module permit safety institution regulations to permit access to the broker.
  2. By default, the variable create_random_password is set to true. Therefore, even if the user provides a password, it will not be read. The create_random_password variable should be set to false and the password variable should have a non-null value to be read and used.

Requirements

Name Version
terraform >= 1.0
aws >= 4.23
random >= 3.0.0

Providers

Name Version
archive n/a
aws >= 4.23
random >= 3.0.0

Modules

Name Source Version
cw_sns_slack ./lambda n/a
security_group_mq terraform-aws-modules/security-group/aws 4.13.0

Resources

Name Type
aws_cloudwatch_metric_alarm.cache_cpu resource
aws_cloudwatch_metric_alarm.memory_used resource
aws_kms_ciphertext.slack_url resource
aws_kms_key.this resource
aws_lambda_permission.sns_lambda_slack_invoke resource
aws_mq_broker.amazonmq resource
aws_secretsmanager_secret.secret_mq resource
aws_secretsmanager_secret_version.secret resource
aws_security_group_rule.cidr_ingress resource
aws_security_group_rule.default_ingress resource
aws_security_group_rule.https_ingress resource
aws_sns_topic.slack_topic resource
aws_sns_topic_subscription.slack-endpoint resource
random_password.password resource
archive_file.lambdazip data source

Inputs

Name Description Type Default Required
alarm_actions Alarm action list list(string) [] no
alarm_cpu_threshold_percent CPU threshold alarm level number 75 no
alarm_memory_used_threshold Alarm threshold for the 'lowFreeStorageSpace' alarm string "1000000000" no
allowed_cidr_blocks A list of CIDR blocks that are allowed to access the Amazon MQ cluster. list(any) [] no
allowed_security_groups A list of Security Group IDs that are allowed to access the Amazon MQ cluster. list(any) [] no
apply_immediately Specifies whether any broker modifications are applied immediately or during the next maintenance window. bool true no
authentication_strategy The authentication strategy used to secure the broker. string "simple" no
auto_minor_version_upgrade Whether to automatically upgrade to new minor versions of brokers as Amazon MQ makes releases available. bool false no
cloudwatch_metric_alarms_enabled Boolean flag to enable/disable CloudWatch metrics alarms bool false no
cw_sns_topic_arn The username to use when sending notifications to Slack. string "" no
deployment_mode The deployment mode of the Amazon MQ cluster. string "SINGLE_INSTANCE" no
engine_type The type of broker engine used in the Amazon MQ cluster. string "RabbitMQ" no
engine_version The version of the broker engine used in the Amazon MQ cluster. string "" no
environment The name of the environment where the Amazon MQ cluster is deployed. string "" no
host_instance_type The instance type of the Amazon MQ broker. For example, 'mq.t3.micro' or 'mq.m5.large'. string "" no
maintenance_window_start_time The configuration block for the maintenance window start time. 
object({
    day_of_week = string
    time_of_day = string
    time_zone   = string
  })
 
{
  "day_of_week": "MONDAY",
  "time_of_day": "22:45",
  "time_zone": "Europe/Berlin"
}
 no
name The name of the Amazon MQ cluster. It provides a unique identifier for the cluster. string "" no
ok_actions The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN) list(string) [] no
port The port number on which the RabbitMQ cluster will be accessible. number 5671 no
publicly_accessible Whether to enable connections from applications outside of the VPC that hosts the broker's subnets bool false no
recovery_window_aws_secret Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. number 0 no
slack_channel The Slack channel where notifications will be posted. string "" no
slack_notification_enabled Whether to enable/disable slack notification. bool false no
slack_username The username to use when sending notifications to Slack. string "" no
slack_webhook_url The Slack Webhook URL where notifications will be sent. string "" no
storage_type (optional) Storage type of the broker, only ebs work with mq.m5.large string null no
subnet_ids The IDs of the subnets in which the Amazon MQ broker will be launched. list(string) [] no
username The username of the user for authentication. string "" no
vpc_id The ID of the VPC where the Amazon MQ cluster will be created. string "" no

Outputs

Name Description
rabbitmq_broker_arn The Amazon Resource Name (ARN) of the RabbitMQ broker.
rabbitmq_broker_console_url The URL of the RabbitMQ Web Console for managing the broker.
rabbitmq_broker_endpoint The wire-level protocol endpoint of the RabbitMQ broker.
rabbitmq_broker_id The unique identifier of the RabbitMQ broker.
rabbitmq_password The password for accessing the RabbitMQ cluster. Note that Terraform does not track this password after initial creation.
rabbitmq_security_group The security group ID associated with the RabbitMQ cluster.

Contribute & Issue Report

To report an issue with a project:

  1. Check the repository's issue tracker on GitHub
  2. Search to check if the issue has already been reported
  3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

  1. Visit the repository: Navigate to the GitHub repository

  2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

  3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

  1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
  2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
  3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
  4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
  5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
  6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.