This repository is used to create the elastic beanstalk infrastructure for the Gatekeeper OIDC/OAuth2 service.
| Name | Version |
|---|---|
| terraform | >=1.2.2 |
| aws | >=4.17.1 |
| Name | Version |
|---|---|
| aws | >=4.17.1 |
No modules.
| Name | Type |
|---|---|
| aws_ecr_repository.gatekeeper_arm64 | resource |
| aws_elastic_beanstalk_application.gatekeeper | resource |
| aws_elastic_beanstalk_environment.web_server_prod | resource |
| aws_iam_instance_profile.aws_eb_ec2_instance_profile | resource |
| aws_iam_role.aws_eb_ec2_role | resource |
| aws_iam_role_policy_attachment.ecr | resource |
| aws_security_group.ip_block | resource |
| aws_acm_certificate.gk_cert | data source |
| aws_elastic_beanstalk_solution_stack.stack | data source |
| aws_iam_policy.amazon_ec2_container_registry_readonly | data source |
| aws_iam_policy_document.assume_role_policy | data source |
| aws_subnets.default_subnets | data source |
| aws_vpc.default_vpc | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| app_secret | A secret used by the running application | string |
n/a | yes |
| custom_domain | The custom domain for the web server environment | string |
n/a | yes |
| default_vpc_id | The id of the default VPC in the region | string |
n/a | yes |
| deployment_policy | Choose a deployment policy for application version deployments | string |
n/a | yes |
| ecr_arm64_repo_name | The name of the ECR that stores arm64 images | string |
n/a | yes |
| elastic_beanstalk_app_name | The name of the elastic beanstalk application | string |
n/a | yes |
| email_from | Which email address email messages are from | string |
n/a | yes |
| email_provider | The third party service that sends email messages | string |
n/a | yes |
| enc_key | A key used to encode / encrypt data | string |
n/a | yes |
| environment_type | The type of elastic beanstalk environment to deploy, LoadBalanced or SingleInstance | string |
n/a | yes |
| inbound_ip_addresses | The set of source IP addresses that are allowed to connect | set(string) |
n/a | yes |
| instance_types | The EC2 instance types used by the app servers | list(string) |
n/a | yes |
| max_instance_count | The maximum number of instances that can be running under peak load | number |
n/a | yes |
| mfa_issuer | The string displayed in Google Authenticator to describe the TOTP | string |
n/a | yes |
| min_instance_count | The minimum number of instances that should be running at all times | number |
n/a | yes |
| mongo_uri | Connection string used to connect to MongoDB | string |
n/a | yes |
| outbound_ip_addresses | The set of IP addresses that can be accessed on outbound connections | set(string) |
n/a | yes |
| region | The AWS region the IaC will be deployed into | string |
n/a | yes |
| rolling_update_type | This includes three types: time-based rolling updates, health-based rolling updates, and immutable updates. Time-based rolling updates apply a PauseTime between batches. Health-based rolling updates wait for new instances to pass health checks before moving on to the next batch. Immutable updates launch a full set of instances in a new Auto Scaling group. | string |
n/a | yes |
| ses_aws_identity_arn | The ARN of the identity used to send email messages | string |
n/a | yes |
| ses_aws_region | The AWS region that SES is being used in | string |
n/a | yes |
| sms_sender_id | The string used to say where SMS messages have come from | string |
n/a | yes |
| tags | Tags associated with all deployed IaC resources | map(string) |
n/a | yes |
| valid_azs | The AWS availability zones the app servers should run in | string |
n/a | yes |
| web_server_prod_name | Name of web server prod environment | string |
n/a | yes |
| wkc_issuer | The well known config issuer url | string |
n/a | yes |
| Name | Description |
|---|---|
| eb_application_arn | n/a |
| eb_application_name | n/a |
| eb_prod_env_arn | n/a |
| eb_prod_env_cname | n/a |
| eb_prod_env_endpoint | n/a |
| eb_prod_env_name | n/a |
This code is open sourced licensed under the Apache 2.0 License