terraform-aws-concourse-ec2-worker

Terraform module for deploying a Concourse EC2 worker ASG.

---

Usage

TODO

Makefile Targets

Available targets:

  help                                Help screen
  help/all                            Display help for all targets
  help/short                          This help short screen

Requirements

Name	Version
terraform	~> 0.14.0
aws	~> 3.32
external	~> 2.1
http	~> 2.0
local	~> 2.0
template	~> 2.2
utils	~> 0.3

Providers

Name	Version
aws	~> 3.32
local	~> 2.0
template	~> 2.2

Modules

Name	Source	Version
autoscale_group	cloudposse/ec2-autoscale-group/aws	0.24.0
cross_account_label	cloudposse/label/null	0.24.1
this	cloudposse/label/null	0.24.1

Resources

Name	Type
aws_iam_instance_profile.default	resource
aws_iam_role.default	resource
aws_iam_role_policy.cross_account_worker	resource
aws_iam_role_policy.default	resource
aws_security_group.default	resource
aws_security_group_rule.all_tcp	resource
aws_security_group_rule.all_udp	resource
aws_security_group_rule.baggage_claim	resource
aws_security_group_rule.garden	resource
aws_security_group_rule.reaper	resource
aws_ami.ubuntu	data source
aws_iam_policy_document.assume	data source
aws_iam_policy_document.cross_account_worker	data source
aws_iam_policy_document.default	data source
local_file.concourse_systemd	data source
template_cloudinit_config.concourse_bootstrap	data source
template_file.check_attachment	data source
template_file.concourse_bootstrap	data source
template_file.concourse_systemd_worker_config	data source

Inputs

Name	Description	Type	Default	Required
additional_security_group_ids	Additional security group ids to attach to the worker instances	list(string)	[]	no
additional_tag_map	Additional tags for appending to tags_as_list_of_maps. Not added to tags.	map(string)	{}	no
associate_public_ip_address	Boolean flag to enable / disable public IPs for network interfaces	bool	false	no
attributes	Additional attributes (e.g. 1)	list(string)	[]	no
concourse_tags	List of tags to add to the worker to use for assigning jobs and tasks	list(string)	[]	no
concourse_tsa_hostname	Hostname where Concourse will be available (NLB).	string	n/a	yes
concourse_version	Concourse CI version to use. Defaults to the latest tested version	string	"5.8.0"	no
concourse_worker_dns_servers	DNS server list	list(string)	[ "8.8.8.8", "8.8.4.4" ]	no
concourse_worker_max_count	Min number of Concourse worker instances	number	1	no
concourse_worker_min_count	Min number of Concourse worker instances	number	1	no
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	object({ enabled = bool namespace = string environment = string stage = string name = string delimiter = string attributes = list(string) tags = map(string) additional_tag_map = map(string) regex_replace_chars = string label_order = list(string) id_length_limit = number })	{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "enabled": true, "environment": null, "id_length_limit": null, "label_order": [], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {} }	no
cpu_credits	The credit option for CPU usage. Can be standard or unlimited	string	"standard"	no
cross_account_worker_role_arn	IAM role ARN to assume to access the Concourse keys bucket in another AWS account	string	null	no
delimiter	Delimiter to be used between namespace, environment, stage, name and attributes. Defaults to - (hyphen). Set to "" to use no delimiter at all.	string	null	no
enabled	Set to false to prevent the module from creating any resources	bool	null	no
environment	Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'	string	null	no
id_length_limit	Limit id to this many characters. Set to 0 for unlimited length. Set to null for default, which is 0. Does not affect id_full.	number	null	no
instance_type	EC2 instance type for the worker instances	string	"t3.medium"	no
keys_bucket_arn	The S3 bucket ARN which contains the SSH keys to connect to the TSA	string	n/a	yes
keys_bucket_id	The S3 bucket id which contains the SSH keys to connect to the TSA	string	n/a	yes
label_order	The naming order of the id output and Name tag. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 5 elements, but at least one must be present.	list(string)	null	no
name	Solution name, e.g. 'app' or 'jenkins'	string	null	no
namespace	Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'	string	null	no
regex_replace_chars	Regex to replace chars with empty string in namespace, environment, stage and name. If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.	string	null	no
region	AWS Region for S3 bucket	string	n/a	yes
root_disk_volume_size	Size of the worker instances root disk	string	"10"	no
root_disk_volume_type	Volume type of the worker instances root disk	string	"gp2"	no
ssh_key_name	The key name to use for the instance	string	""	no
stage	Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'	string	null	no
subnet_ids	List of subnet ids where to deploy the worker instances	list(string)	n/a	yes
tags	Additional tags (e.g. map('BusinessUnit','XYZ')	map(string)	{}	no
vpc_id	The VPC id where to deploy the worker instances	string	n/a	yes
work_disk_device_name	Device name of the external EBS volume to use as Concourse worker storage	string	"/dev/sdf"	no
work_disk_ephemeral	Whether to use ephemeral volumes as Concourse worker storage. You must use an instance_type that supports this	string	false	no
work_disk_internal_device_name	Device name of the internal volume as identified by the Linux kernel, which can differ from work_disk_device_name depending on used AMI. Make sure this is set according the instance_type, eg. /dev/xvdf when using an older AMI	string	"/dev/nvme1n1"	no
work_disk_volume_size	Size of the external EBS volume to use as Concourse worker storage	string	"100"	no
work_disk_volume_type	Volume type of the external EBS volume to use as Concourse worker storage	string	"gp2"	no
worker_tsa_port	TSA port that the worker can use to connect to the web	number	2222	no

Outputs

Name	Description
worker_iam_role	Role name of the worker instances
worker_iam_role_arn	Role ARN of the worker instances
worker_security_group_id	Security group ID used for the worker instances

Related Projects

Check out these related projects.

• terraform-aws-concourse-web - Terraform module for deploying Concourse on ECS
• terraform-aws-concourse-keys-s3 - Terraform module for deploying Concourse TLS / SSH keys to S3
• terraform-aws-concourse-sidecred-lambda - Terraform module to create a sidecred lambda for injecting and rotating credentials into SSM
• terraform-root-modules - Terraform root modules to provision top level account

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

1. Fork the repo on GitHub
2. Clone the project to your own machine
3. Commit changes to your own branch
4. Push your work back up to your fork
5. Submit a Pull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

Copyrights

Copyright © 2017-2021 Cloud Posse, LLC

Copyright © 2020-2021 Carnegie Robotics, LLC

Trademarks

All other trademarks referenced herein are the property of their respective owners.

About

This project is maintained and funded by Carnegie Robotics, LLC.