Terraform Configuration for WSO2 Products

This repository contains the Terraform scripts to provision AWS resources for WSO2 products.

Prerequisites

Before you begin, ensure you have the following installed:

• Terraform >= 1.3.8
• AWS Provider ~> 5.0
• AWS CLI
• Proper AWS credentials configured

Configuration

To configure the AWS resources, you need to perform the following steps:

1. Navigate to the sample directory.
2. Copy the input.auto.tfvars and secrets.auto.tfvars files from the sample directory to the root of the project.

   cp sample/input.tfvars
   cp sample/secrets.tfvars

3. Review and update the input.tfvars and secrets.tfvars files with the appropriate values for your environment.

Deployment

To deploy the AWS resources:

1. Initialize Terraform to download and configure the providers.

   terraform init

2. Review the Terraform execution plan to ensure the configurations are as expected.

   terraform plan

3. Apply the configuration to provision the AWS resources.

   terraform apply

Please ensure the secrets.tfvars file is kept secure and is not committed to your version control system.

Modules

Name	Source	Version
alert_group	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/SNS-Topic	n/a
aurora_mysql_rds_cluster	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/RDS-Aurora	n/a
bastion	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EC2-Instance	n/a
bastion_security_group	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group	n/a
db_az1_subnet	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet	n/a
db_az2_subnet	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet	n/a
db_security_group	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group	n/a
db_subnet_group	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/RDS-Subnet-Group	n/a
ec2_messages_vpc_endpoint	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Interface-VPC-Endpoint	n/a
efs	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EFS	n/a
efs_access_point	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EFS-Access-Point	n/a
eks_cluster	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/eks_cluster	n/a
eks_cluster_bastion_access_sg_rule	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group-Rule	n/a
eks_cluster_container_cpu_utilization_warning_alert	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm	n/a
eks_cluster_container_memory_utilization_warning_alert	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm	n/a
eks_cluster_container_restarts_warning_alert	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm	n/a
eks_cluster_efs_access_group	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group	n/a
eks_cluster_node_cpu_utilization_warning_alert	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm	n/a
eks_cluster_node_group	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/EKS-Node-Group	n/a
eks_cluster_node_memory_utilization_warning_alert	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Metric-Alarm	n/a
endpoint_security_group	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Security-Group	n/a
internet_gateway	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Gateway	n/a
internet_gateway_subnet	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet	n/a
internet_gateway_subnet_routes	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet-Routes	n/a
management_az_subnet	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC-Subnet	n/a
nat_gateway	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/nat_gateway	n/a
secret	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Secret-Manager-Secret	n/a
ssm_messages_vpc_endpoint	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Interface-VPC-Endpoint	n/a
ssm_vpc_endpoint	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/Interface-VPC-Endpoint	n/a
vpc	git::https://github.com/wso2/aws-terraform-modules.git//modules/aws/VPC	n/a

Resources

Name	Type
aws_availability_zones.available	data source
aws_caller_identity.current	data source

Inputs

Name	Description	Type	Default	Required
alert_subscribers	List of emails to be notified when a warning alert is triggered	any	n/a	yes
az1_dmz_subnet_cidr_block	CIDR range for subnet that holds Firewalls and Public Load Balancers in AZ	string	n/a	yes
bastion_access_security_group_rules	List of rules to allow/deny access to the Bastion	any	n/a	yes
bastion_ami	AMI to be used for Bastion	string	n/a	yes
bastion_instance_type	Instance type to be used for Bastion	string	n/a	yes
bastion_ip_address	IP address of the Bastion	string	n/a	yes
client_name	Name of the Client. Used to separate client deployments	string	n/a	yes
db_access_security_group_rules	List of rules to allow/deny access to the Database	any	n/a	yes
db_az1_subnet_cidr_block	CIDR range for subnet that holds the Database in AZ1	string	n/a	yes
db_az2_subnet_cidr_block	CIDR range for subnet that holds the Database in AZ2	string	n/a	yes
db_engine	Database engine to be used	string	n/a	yes
db_engine_mode	Database engine mode to be used	string	n/a	yes
db_engine_version	Database engine version to be used	string	n/a	yes
db_instance_size	Database instance size to be used	string	n/a	yes
db_master_username	Master username to be used in MySQL DB	string	n/a	yes
db_password	Password for the Database	string	n/a	yes
db_primary_db_name	Primary Database name to be used in MySQL DB	string	n/a	yes
default_tags	Default tags to be applied to all resources	map(string)	n/a	yes
ec2_subnet_vpc_cidr_block	CIDR of the subnet which should contain the VM	string	null	no
efs_creation_token	Token used for setting up the EFS	string	n/a	yes
efs_owner_gid	The group ID for the root directory owner.	number	802	no
efs_owner_uid	The user ID for the root directory owner.	number	802	no
efs_permissions	The permissions for the root directory.	string	"0755"	no
efs_posix_user_gid	The group ID for the POSIX-compatible user.	number	802	no
efs_posix_user_uid	The user ID for the POSIX-compatible user.	number	802	no
efs_root_directory_path	The permissions for the root directory.	string	n/a	yes
eks_availability_zone_1_subnet_cidr_block	CIDR range for subnet that holds the First EKS cluster in AZ1	string	n/a	yes
eks_availability_zone_2_subnet_cidr_block	CIDR range for subnet that holds the First EKS cluster in AZ2	string	n/a	yes
eks_cluster_container_cpu_utilization_warning_threshold	Warning threshold for container CPU utilization in percentage.	number	n/a	yes
eks_cluster_container_memory_utilization_warning_threshold	Warning threshold for container memory utilization in percentage.	number	n/a	yes
eks_cluster_container_restart_warning_threshold	Warning threshold for container restarts.	number	n/a	yes
eks_cluster_enable_monitoring_global_flag	Flag to enable global monitoring for the EKS cluster.	bool	n/a	yes
eks_cluster_node_cpu_utilization_warning_threshold	Warning threshold for node CPU utilization in percentage.	number	n/a	yes
eks_cluster_node_memory_utilization_warning_threshold	Warning threshold for node memory utilization in percentage.	number	n/a	yes
eks_default_nodepool_desired_size	Desired number of nodes in the default node pool for the First EKS Cluster	number	n/a	yes
eks_default_nodepool_max_size	Maximum number of nodes in the default node pool for the First EKS Cluster	number	n/a	yes
eks_default_nodepool_max_unavailable	Maximum number of nodes that can be unavailable in the default node pool for the First EKS Cluster	number	n/a	yes
eks_default_nodepool_min_size	Minimum number of nodes in the default node pool for the First EKS Cluster	number	n/a	yes
eks_external_lb_az1_subnet_cidr	CIDR range for subnet that holds the Internal Load Balancers in AZ1	string	n/a	yes
eks_external_lb_az2_subnet_cidr	CIDR range for subnet that holds the Internal Load Balancers in AZ2	string	n/a	yes
eks_instance_types	n/a	any	n/a	yes
eks_service_ipv4_cidr	CIDR range for EKS K8S services	string	n/a	yes
enable_database	Set true to enable the creation of a MySQL database.	bool	true	no
enable_efs_access_point	Deploy a EFS access point for persistent storage	bool	true	no
enable_secret	Enable secrets to store passwords	bool	true	no
environment_name	Name used to identify Resources of the development resources	string	n/a	yes
kubernetes_version	Kubernetes version to be used in EKS clusters	string	n/a	yes
management_subnet_az_cidr	CIDR range for subnet that holds the Transit Gateway attachment in AZ1	string	n/a	yes
project	Name of the project. Used for naming	string	n/a	yes
region	Deployment region	string	n/a	yes
secret_name	Secret name for string	string	n/a	yes
secret_recovery_window_in_days	Recovery window of the secret	number	n/a	yes
secret_string	String value for string	string	n/a	yes
vpc_cidr_block	CIDR range for VPC	string	n/a	yes

Outputs

Name	Description
bastion_instance	ID of the bastion instance.
database_writer_endpoint	Writer endpoint of the database instance.
efs_efs_access_point	ID of the EFS Access Point
efs_id	ID of the Elastic File Storage
filestore_location	Location of the filestore.