Skip to content
/ terraform-aws-ecs-app-front Public
forked from DNXLabs/terraform-aws-ecs-app-front

This terraform module is an AWS ECS Application Module (frontend component).

modules.dnx.one

License

Apache-2.0 license
0 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

divipayhq/terraform-aws-ecs-app-front

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
.github
.github
 
 
examples
examples
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.MD
CONTRIBUTING.MD
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
_data.tf
_data.tf
 
 
_outputs.tf
_outputs.tf
 
 
_variables.tf
_variables.tf
 
 
cloudfront.tf
cloudfront.tf
 
 
cloudwatch-alarms.tf
cloudwatch-alarms.tf
 
 
route53-record.tf
route53-record.tf
 
 
versions.tf
versions.tf
 
 
waf.tf
waf.tf
 
 

Repository files navigation

terraform-aws-ecs-app-front

Lint Status LICENSE

This terraform module is an AWS ECS Application Module (frontend component).

It's designed to be used with DNXLabs/terraform-aws-ecs (https://github.com/DNXLabs/terraform-aws-ecs). and DNXLabs/terraform-aws-ecs-app (https://github.com/DNXLabs/terraform-aws-ecs-app).

The following resources will be created:

  • Cloudwatch Metrics alarm - Provides a CloudWatch Metric Alarm resource.
  • Application Load Balancer (ALB) cloudfront key - Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront
  • ALB Dns Name - ALB DNS Name that CloudFront will point as origin
  • Certificate Amazon Resource Name (ARN) - Certificate for this app to use in CloudFront (US), must cover hostname.
  • Cloudwatch Log Groups

In addition you have the option to create or not:

  • Cloudfront 500 Errors rate threshold
  • Simple Notification Service (SNS) topic United States (US) - Alarm topics to create and alert on metrics on US region
  • Cloudfront forward headers - Headers to forward to origin from CloudFront
  • Cloudfront Logging bucket - Bucket to store logs from app
  • Cloudfront origin keepalive timeout - The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds.
  • Cloudfront origin read timeout - The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds.
  • Web Application Firewall (WAF) to attach to Cloudfront
  • IAM Certificate ID - Specifies IAM certificate id for CloudFront distribution
  • Minimum protocol version - The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
  • One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1.2_2018.

NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id),and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

Requirements

Name Version
terraform >= 0.13.0

Providers

Name Version
aws n/a

Inputs

Name Description Type Default Required
alarm_cloudfront_500_errors_threshold Cloudfront 500 Errors rate threshold (use 0 to disable this alarm) number 5 no
alarm_prefix String prefix for cloudwatch alarms. (Optional) string "alarm" no
alarm_sns_topics_us Alarm topics to create and alert on metrics on US region list [] no
alb_cloudfront_key Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront any n/a yes
alb_dns_name ALB DNS Name that CloudFront will point as origin any n/a yes
certificate_arn Certificate for this app to use in CloudFront (US), must cover hostname. any n/a yes
cloudfront_forward_headers Headers to forward to origin from CloudFront list 
[
  "*"
]
 no
cloudfront_logging_bucket Bucket to store logs from app string null no
cloudfront_logging_prefix Logging prefix string "" no
cloudfront_origin_keepalive_timeout The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds. number 5 no
cloudfront_origin_read_timeout The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds. number 30 no
cloudfront_web_acl_id Optional web acl (WAF) to attach to CloudFront string "" no
cluster_name Name of existing ECS Cluster to deploy this app to any n/a yes
dynamic_custom_origin_config Configuration for the custom origin config to be used in dynamic block any [] no
dynamic_ordered_cache_behavior Ordered Cache Behaviors to be used in dynamic block any [] no
hosted_zone Existing Hosted Zone domain to add hostnames as DNS records any n/a yes
hostname_create Create hostnames in the hosted zone passed? bool true no
hostnames Hostnames to create DNS record for this app that the cloudfront distribution will accept any n/a yes
iam_certificate_id Specifies IAM certificate id for CloudFront distribution string null no
minimum_protocol_version The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1.2_2018.
NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id),
and have specified sni-only in ssl_support_method, TLSv1 or later must be specified.
If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified.
If you have specified cloudfront_default_certificate, TLSv1 must be specified.		 string "TLSv1.2_2018" no
name Name of your ECS service any n/a yes
restriction_location The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist) list(any) [] no
restriction_type The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist string "none" no
waf_cloudfront_enable Enable WAF for Cloudfront distribution bool false no
wafv2_managed_block_rule_groups List of WAF V2 managed rule groups, set to block list(string) [] no
wafv2_managed_rule_groups List of WAF V2 managed rule groups, set to count list(string) 
[
  "AWSManagedRulesCommonRuleSet"
]
 no
wafv2_rate_limit_rule The limit on requests per 5-minute period for a single originating IP address (leave 0 to disable) number 0 no
web_acl_id Web ACL ARN for Cloudfront distribution string null no

Outputs

Name Description
cloudfront_distribution_hostname The hostname of the CloudFront Distribution (use for DNS CNAME).
cloudfront_distribution_id The ID of the CloudFront Distribution.
cloudfront_zone_id The Zone ID of the CloudFront Distribution (use for DNS Alias).

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.

About

This terraform module is an AWS ECS Application Module (frontend component).

modules.dnx.one

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 100.0%