This is a collection of terraform modules
Click on the links to see the details of each of the modules
This documentation is auto-generated from the terraform files using tf-auto-document.
| Module | Description | Link |
|---|---|---|
| alb | Creates an ALB with a linked HTTPS listener. Designed to be used with other modules which add target groups and listener rules. | more details |
| api-lambda | Exposes a python lambda function as an API using API gateway. Lambda function code must be in a public github repo. | more details |
| api-lambda-v2 | Exposes a python lambda function as a HTTP API using API gateway v2. Lambda function code must be in a public github repo. | more details |
| athena-view | This module creates views which are compatible with amazon athena | more details |
| atlantis-ec2 | This is a generalised version of the atlantis module which runs on EC2 backed ECS. It is designed to work with the ecs-haproxy module to be exposed via service discovery | more details |
| atlantis-fargate | Deploys a fargate task and service running atlantis (https://www.runatlantis.io). Can create its own ALB or work with the ALB module to add rules to an existing ALB. | more details |
| azure-build-agent | Deploys an instance of the azure devops build agent on ECS | more details |
| azure-clone-to-s3 | Creates an API which can be called by Azure to clone an Azure Devops repo into an S3 bucket so it can be used by tools like CodePipeline | more details |
| basic-cicd-ecs-pipeline | Builds a codepipeline and codebuild job attached to an ECS service to manage continious deployment as the source code in a github repository changes | more details |
| basic-cicd-pipeline | Builds a codepipeline which attaches to a Github repo and runs when there are changes | more details |
| basic-cicd-s3-pipeline | Builds a codepipeline and codebuild job attached to an S3 backed cloudfront distribution to deploy changes as the source code changes. | more details |
| basic-cicd-s3-to-s3-pipeline | Builds a codepipeline and codebuild job attached to an S3 backed cloudfront distribution to deploy changes as the source code changes. Uses an S3 bucket as a source. | more details |
| basicauth-user-manager | Deploys a service to manage users in a dynamodb table which is used by the basicauth reverse proxy module. | more details |
| basicauth-user-manager | Deploys a service to manage users in a dynamodb table which is used by the basicauth reverse proxy module. | more details |
| codepipeline-starter | Creates an API which can be called to start a given CodePipeline | more details |
| console-login | Deploys a service to generate AWS console login links | more details |
| docker-cicd | Builds docker images when source code changes, depends on buildspec.yml for specific instructions on what do to to perform the build. | more details |
| docker-registry | Deploys a docker registry on ECS and exposes via Cloudmap service discovery. Protected by http basic auth with user details stored in a dynamodb table. | more details |
| ecr-with-kms | Creates a ECR repository protected with KMS | more details |
| ecs-agent-updater | Deploys a lambda function and associated cloudwatch trigger to periodically check and update the ECS agent on ECS container instances. | more details |
| ecs-email-login-microsite | Creates a microsite linked to CICD with email based login on Keycloak | more details |
| ecs-haproxy | Deploys a version of haproxy on ECS which monitors a service discovery namespace and dynamically adds/removes backends as they change. Can either create its own ALB or work with an existing ALB. | more details |
| ecs-microsites-base | Deploys the microsites base: the ECS Fargate cluster, service registry, ALB, haproxy router and ECR repository - ready then for microsites to be deployed on the platform | more details |
| ecs-public-microsite | Creates a microsite linked to CICD with no authentication enabled | more details |
| ecs-service | Deploys a simple ECS service backed by a simple task. You can pass in your own task definition if you want to achieve more complex results. | more details |
| ecs-service-with-cicd | Builds an ECS service connected to a github reposistory and redeploys the service each time the code changes. | more details |
| ecs-sso-microsite | Creates a microsite linked to CICD with OIDC auth to an existing Keycloak realm | more details |
| ecs-with-fleet | Builds an EC2 based ECS clusyer backed by an EC2 instance fleet using on-demand instances. | more details |
| ecs-with-spot-fleet | Builds an EC2 based ECS clusyer backed by an EC2 instance fleet using spot instances. | more details |
| fargate-cluster | Deploys an ECS fargate cluster | more details |
| github-status-updater | Creates an SNS topic which you can attach to codepipeline instances to send notifications. Notifications are converted to github status labels and posted to github. | more details |
| guacamole-jump-proxy | Deploys a simple Apacha Guacamole instance to use as a proxy to a jump host | more details |
| guacamole-remote-access | Deploys a the vnc-proxy application using the 'dynamic-config' mode. | more details |
| keycloak-client | Sets up a new OIDC client in the specified realm | more details |
| keycloak-login-with-email | Sets up a new realm and OIDC client with email login enabled. | more details |
| keycloak-postgres | Deploys an instance of JBoss Keycloak backed by a postgres database on an ECS cluster | more details |
| keycloak-postgres-rds | Deploys an instance of JBoss Keycloak backed by a postgres database running on RDS | more details |
| keycloak-user-browser | Deploys a small read-only user brower for Keycloak behind OIDC auth. | more details |
| lambda-builder | This module is unfinished. Builds lambda function artifacts and uploads to a S3 bucket. See https://github.com/richardjkendall/lambda-builder for details of how the function is built. | more details |
| lambda-function | Creates a python lambda function using code in a public github repository. Uses docker to build the deployment package. Also depends on jq and cut to determine if code has changed in git and a function rebuild is needed. See https://github.com/richardjkendall/lambda-builder for details of how the function is built. | more details |
| lambda-function-node | Creates a nodejs lambda function using code in a public github repository. Uses docker to build the deployment package. | more details |
| lambda-function-with-layer | Deploys a python lambda function with a layer beneath to manage dependencies | more details |
| lambda-function | Creates a python lambda function using code in a public github repository. Uses docker to build the deployment package. Also depends on jq and cut to determine if code has changed in git and a function rebuild is needed. See https://github.com/richardjkendall/lambda-builder for details of how the function is built. | more details |
| lambda-schedule | Creates a schedule for triggering a lambda function. | more details |
| microsite-v2-with-existing-realm | Deploys a v2 (signed cookie) microsite with CICD and connects to an existing realm | more details |
| microsite-with-email-login | Deploys a microsite with CICD and email login | more details |
| microsite-with-existing-realm | Deploys a microsite with CICD and connects to an existing realm | more details |
| oidc-broker | Deploys the OIDC broker application for use by the signed cookie static site module | more details |
| pastebrush-fargate | Deploys simple pastebrush (pastebin) behind basic auth | more details |
| people-detect-lambda | Deploys a lambda function which when triggered by S3 ObjectCreated notifications scans the images for people and saves updated image files with bounding boxes drawn around the people. | more details |
| pipeline-viewer | Deploys an application to view codepipeline/codebuild status. | more details |
| postgres-rds | Sets up a basic RDS using postgres | more details |
| privatebin-fargate | Deploys simple privatebin (pastebin) behind basic auth | more details |
| prom-grafana | Deploys an instance of prometheus and grafana running on ECS and connected to each other. Uses EFS to store data. Created to help monitor haproxy. | more details |
| reflexive-sec-group | Creates a security group which allows communication to/from itself | more details |
| s3-bucket | Creates an S3 bucket with some sensible defaults | more details |
| s3-redirect | Creates simple HTTP only domain redirects using S3. | more details |
| service-registry | Deploys and AWS CloudMap service registry | more details |
| simple-cf-stats | Deploys a simple service based on webalizer to produce stats for AWS Cloudfront distributions. The stats are rebuilt every 6 hours. | more details |
| static-site | Deploys a simple static site on CloudFront backed by an S3 origin. Logs access request to S3. | more details |
| static-site-azure-cicd | Deploys a simple static site on CloudFront backed by an S3 origin with CICD from an azure devops repo. Works with the azure-clone-to-s3 API. | more details |
| static-site-azure-cicd-oidc-auth | Deploys a simple static site on CloudFront backed by an S3 origin with CICD from azure devops and protected by OIDC based login. | more details |
| static-site-cicd-oidc-auth | Deploys a simple static site on CloudFront backed by an S3 origin with CICD from github and protected by OIDC based login. | more details |
| static-site-signed-cookie | Deploys a simple static site on CloudFront backed by an S3 origin. Logs access request to S3. It requires signed cookies to access the content | more details |
| static-site-signed-cookie-with-cicd | Deploys a simple static site on CloudFront backed by an S3 origin with CICD from github. | more details |
| static-site-with-cicd | Deploys a simple static site on CloudFront backed by an S3 origin with CICD from github. | more details |
| web-jumpost | Deploys a browser based console protected behind OIDC login. | more details |
| web-jumpost-basic | Deploys a browser based console protected behind http basic auth using a dynamo db table to store user details. | more details |
| webdav-server | Deploys a webdav server with files kept on an EFS mount. Server is protected using http basic auth with user details stored in a dynamodb table. | more details |