A Terraform module for deploying Concourse CI.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples/default Use aws-env to support arbitrary secrets passed to the ATC environment ( Dec 18, 2018
modules
packer
.gitignore
.travis.yml
CODEOWNERS Fix codeowners. Jun 27, 2018
LICENSE
Makefile
README.md Use aws-env to support arbitrary secrets passed to the ATC environment ( Dec 18, 2018

README.md

Concourse CI

Build Status

A Terraform module for deploying Concourse CI.

Prerequisites

  1. Use Packer to create an AMI with Concourse (and related tooling installed) installed:
# From the project root, using make:
make ami
  1. Generate key pairs for Concourse:
# Create folder
mkdir -p keys

ssh-keygen -t rsa -f ./keys/tsa_host_key -N ''
ssh-keygen -t rsa -f ./keys/worker_key -N ''
ssh-keygen -t rsa -f ./keys/session_signing_key -N ''

# Authorized workers
cp ./keys/worker_key.pub ./keys/authorized_worker_keys

Required for HTTPS

Route53 hosted zone, domain and ACM certificate.

Required for Github authentication

Github Oauth application, with an encrypted password:

aws kms encrypt \
  --key-id <aws-kms-key-id> \
  --plaintext <github-client-secret> \
  --output text \
  --query CiphertextBlob \
  --profile default

Or you can add it to SSM Parameter store/Secrets Manager and aws-env will populate the environment at runtime:

module "concourse_atc" {
  # ... other configuration

  github_client_id     = "sm:///concourse-internal/github-oauth-client-id"
  github_client_secret = "sm:///concourse-internal/github-oauth-client-secret"
}

By default the ATC will have permissions to read secrets from /concourse-internal/* in secrets manager (in addition to /concourse/* for the secrets backend).

Usage

See example. If you want to learn more about how to use Concourse, check out the official documentation.

Related projects