This repository contains the Terraform scripts to provision AWS resources for WSO2 products.
Before you begin, ensure you have the following installed:
- Terraform >= 1.3.8
- AWS Provider ~> 5.0
- AWS CLI
- Proper AWS credentials configured
To configure the AWS resources, you need to perform the following steps:
- Navigate to the
sample
directory. - Copy the
input.auto.tfvars
andsecrets.auto.tfvars
files from thesample
directory to the root of the project.
cp sample/input.tfvars
cp sample/secrets.tfvars
- Review and update the input.tfvars and secrets.tfvars files with the appropriate values for your environment.
To deploy the AWS resources:
- Initialize Terraform to download and configure the providers.
terraform init
- Review the Terraform execution plan to ensure the configurations are as expected.
terraform plan
- Apply the configuration to provision the AWS resources.
terraform apply
Please ensure the secrets.tfvars file is kept secure and is not committed to your version control system.
Name | Type |
---|---|
aws_availability_zones.available | data source |
aws_caller_identity.current | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
alert_subscribers | List of emails to be notified when a warning alert is triggered | any |
n/a | yes |
az1_dmz_subnet_cidr_block | CIDR range for subnet that holds Firewalls and Public Load Balancers in AZ | string |
n/a | yes |
bastion_access_security_group_rules | List of rules to allow/deny access to the Bastion | any |
n/a | yes |
bastion_ami | AMI to be used for Bastion | string |
n/a | yes |
bastion_instance_type | Instance type to be used for Bastion | string |
n/a | yes |
bastion_ip_address | IP address of the Bastion | string |
n/a | yes |
client_name | Name of the Client. Used to separate client deployments | string |
n/a | yes |
db_access_security_group_rules | List of rules to allow/deny access to the Database | any |
n/a | yes |
db_az1_subnet_cidr_block | CIDR range for subnet that holds the Database in AZ1 | string |
n/a | yes |
db_az2_subnet_cidr_block | CIDR range for subnet that holds the Database in AZ2 | string |
n/a | yes |
db_engine | Database engine to be used | string |
n/a | yes |
db_engine_mode | Database engine mode to be used | string |
n/a | yes |
db_engine_version | Database engine version to be used | string |
n/a | yes |
db_instance_size | Database instance size to be used | string |
n/a | yes |
db_master_username | Master username to be used in MySQL DB | string |
n/a | yes |
db_password | Password for the Database | string |
n/a | yes |
db_primary_db_name | Primary Database name to be used in MySQL DB | string |
n/a | yes |
default_tags | Default tags to be applied to all resources | map(string) |
n/a | yes |
ec2_subnet_vpc_cidr_block | CIDR of the subnet which should contain the VM | string |
null |
no |
efs_creation_token | Token used for setting up the EFS | string |
n/a | yes |
efs_owner_gid | The group ID for the root directory owner. | number |
802 |
no |
efs_owner_uid | The user ID for the root directory owner. | number |
802 |
no |
efs_permissions | The permissions for the root directory. | string |
"0755" |
no |
efs_posix_user_gid | The group ID for the POSIX-compatible user. | number |
802 |
no |
efs_posix_user_uid | The user ID for the POSIX-compatible user. | number |
802 |
no |
efs_root_directory_path | The permissions for the root directory. | string |
n/a | yes |
eks_availability_zone_1_subnet_cidr_block | CIDR range for subnet that holds the First EKS cluster in AZ1 | string |
n/a | yes |
eks_availability_zone_2_subnet_cidr_block | CIDR range for subnet that holds the First EKS cluster in AZ2 | string |
n/a | yes |
eks_cluster_container_cpu_utilization_warning_threshold | Warning threshold for container CPU utilization in percentage. | number |
n/a | yes |
eks_cluster_container_memory_utilization_warning_threshold | Warning threshold for container memory utilization in percentage. | number |
n/a | yes |
eks_cluster_container_restart_warning_threshold | Warning threshold for container restarts. | number |
n/a | yes |
eks_cluster_enable_monitoring_global_flag | Flag to enable global monitoring for the EKS cluster. | bool |
n/a | yes |
eks_cluster_node_cpu_utilization_warning_threshold | Warning threshold for node CPU utilization in percentage. | number |
n/a | yes |
eks_cluster_node_memory_utilization_warning_threshold | Warning threshold for node memory utilization in percentage. | number |
n/a | yes |
eks_default_nodepool_desired_size | Desired number of nodes in the default node pool for the First EKS Cluster | number |
n/a | yes |
eks_default_nodepool_max_size | Maximum number of nodes in the default node pool for the First EKS Cluster | number |
n/a | yes |
eks_default_nodepool_max_unavailable | Maximum number of nodes that can be unavailable in the default node pool for the First EKS Cluster | number |
n/a | yes |
eks_default_nodepool_min_size | Minimum number of nodes in the default node pool for the First EKS Cluster | number |
n/a | yes |
eks_external_lb_az1_subnet_cidr | CIDR range for subnet that holds the Internal Load Balancers in AZ1 | string |
n/a | yes |
eks_external_lb_az2_subnet_cidr | CIDR range for subnet that holds the Internal Load Balancers in AZ2 | string |
n/a | yes |
eks_instance_types | n/a | any |
n/a | yes |
eks_service_ipv4_cidr | CIDR range for EKS K8S services | string |
n/a | yes |
enable_database | Set true to enable the creation of a MySQL database. | bool |
true |
no |
enable_efs_access_point | Deploy a EFS access point for persistent storage | bool |
true |
no |
enable_secret | Enable secrets to store passwords | bool |
true |
no |
environment_name | Name used to identify Resources of the development resources | string |
n/a | yes |
kubernetes_version | Kubernetes version to be used in EKS clusters | string |
n/a | yes |
management_subnet_az_cidr | CIDR range for subnet that holds the Transit Gateway attachment in AZ1 | string |
n/a | yes |
project | Name of the project. Used for naming | string |
n/a | yes |
region | Deployment region | string |
n/a | yes |
secret_name | Secret name for string | string |
n/a | yes |
secret_recovery_window_in_days | Recovery window of the secret | number |
n/a | yes |
secret_string | String value for string | string |
n/a | yes |
vpc_cidr_block | CIDR range for VPC | string |
n/a | yes |
Name | Description |
---|---|
bastion_instance | ID of the bastion instance. |
database_writer_endpoint | Writer endpoint of the database instance. |
efs_efs_access_point | ID of the EFS Access Point |
efs_id | ID of the Elastic File Storage |
filestore_location | Location of the filestore. |