Terraform module which uses serverless or managed AWS resources to add JFrog Xray capabilities to an existing JFrog Platform configuration.
module "jfrog_xray" {
source = "github.com/hmrc/terraform-aws-jfrog-xray-serverless"
artifactory_url = "https://artifactory.example.com"
artifactory_join_key = "foo-join-key"
subnet_ids = ["subnet-123", "subnet-456"]
vpc_id = "vpc-123"
artifactory_security_group_id = "sg-123"
}
In order to successfully use this module, you require the following:
- A configured, healthy and licensed instance of JFrog Platform (i.e. JFrog Artifactory) running in AWS.
- The join key for the JFrog Platform.
- An AWS VPC, including subnets that can route to the public internet and the Artifactory URL.
Report issues/questions/feature requests on in the issues section.
PRs are welcomed. More specific guidance will be added in future.
Terratests can be run locally by running make test
with AWS authentication.
With aws-profile:
aws-profile -p <user> make test
With aws-vault:
aws-vault exec <user> -- make test
Name | Version |
---|---|
terraform | >= 1.0.11 |
aws | >= 3.69.0 |
random | >= 3.1.0 |
No providers.
No modules.
Name | Type |
---|---|
aws_caller_identity.current | data |
aws_region.current | data |
aws_cloudwatch_log_group.main | resource |
aws_db_instance.main | resource |
aws_db_subnet_group.main | resource |
aws_ecs_cluster.main | resource |
aws_ecs_service.main | resource |
aws_ecs_task_definition.main | resource |
aws_efs_access_point.rabbitmq | resource |
aws_efs_access_point.xray | resource |
aws_efs_file_system.main | resource |
aws_efs_mount_target.main | resource |
aws_iam_role.ecs_execution | resource |
aws_security_group.ecs_task | resource |
aws_security_group.efs_file_system | resource |
aws_security_group.rds_instance | resource |
aws_security_group_rule.ecs_task_allow_dns_to_anywhere | resource |
aws_security_group_rule.ecs_task_allow_http_from_artifactory | resource |
aws_security_group_rule.ecs_task_allow_http_to_anywhere | resource |
aws_security_group_rule.ecs_task_allow_http_to_artifactory | resource |
aws_security_group_rule.ecs_task_allow_https_to_anywhere | resource |
aws_security_group_rule.ecs_task_allow_nfs_to_efs | resource |
aws_security_group_rule.ecs_task_allow_postgres_to_rds | resource |
aws_security_group_rule.efs_allow_nfs_from_ecs_task | resource |
aws_security_group_rule.rds_allow_postgres_from_ecs_task | resource |
aws_ssm_parameter.artifactory_join_key | resource |
aws_ssm_parameter.rds_password | resource |
random_password.rds | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
artifactory_join_key | Key to use in order to join Xray to the JFrog Artifactory/Platform service. | string |
n/a | yes |
artifactory_security_group_id | The ID of the Security Group assigned to Artifactory instances. | string |
n/a | yes |
artifactory_url | URL of the JFrog Artifactory/Platform service that Xray will be joined to. | string |
n/a | yes |
assign_public_ip | Set whether to give the Xray task a public IP. Only turn this on if testing with only an internet gateway. | bool |
false |
no |
aws_tags | Map of tags to apply to supporting AWS resources. | map |
{} |
no |
db_endpoint | The hostname of an external RDS instance | string |
"" |
no |
db_ssm_parameter | The name of an existing ssm parameter that holds the RDS password | string |
"" |
no |
environment_name | The name of the environment. Used for the names of various resources. | string |
"jfrog-xray" |
no |
rds_security_group_id | A security group for an external RDS | string |
"" |
no |
subnet_ids | A list of subnet IDs to run the JFrog Xray resources in. | list(string) |
n/a | yes |
vpc_id | The ID of the VPC to run the JFrog Xray resources in. | string |
n/a | yes |
xray_task_cpu | CPU value to be used for the Xray Fargate task. | number |
1024 |
no |
xray_task_memory | Amount of memory to be used for the Xray Fargate task. | number |
2048 |
no |
xray_version | Version of JFrog Xray you wish to run. | string |
"3.36.2" |
no |
No outputs.
This code is open source software licensed under the Apache 2.0 License.