tfe-infrastructure

Infrastructure as Code Repository to Standup TFE

Requirements

Name	Version
terraform	~> 1.1
aws	5.68.0
http	3.4.5
random	3.6.3

Providers

Name	Version
aws	5.68.0
http	3.4.5
random	3.6.3

Modules

Name	Source	Version
vpc	terraform-aws-modules/vpc/aws	5.13.0

Resources

Name	Type
aws_acm_certificate.tfe	resource
aws_acm_certificate_validation.tfe	resource
aws_autoscaling_group.tfe	resource
aws_db_instance.tfe	resource
aws_db_parameter_group.tfe	resource
aws_db_subnet_group.tfe	resource
aws_elasticache_replication_group.tfe	resource
aws_elasticache_subnet_group.tfe	resource
aws_iam_instance_profile.tfe	resource
aws_iam_policy.ec2_modify_metadata	resource
aws_iam_policy.tfe_get_parameters	resource
aws_iam_policy.tfe_put_parameters	resource
aws_iam_policy.tfe_s3	resource
aws_iam_policy.tfe_secrets_manager	resource
aws_iam_role.tfe	resource
aws_iam_role_policy_attachment.ec2_modify_metadata	resource
aws_iam_role_policy_attachment.tfe_get_parameters	resource
aws_iam_role_policy_attachment.tfe_put_parameters	resource
aws_iam_role_policy_attachment.tfe_s3	resource
aws_iam_role_policy_attachment.tfe_secrets_manager	resource
aws_instance.bastion	resource
aws_key_pair.self	resource
aws_launch_template.tfe	resource
aws_lb.tfe	resource
aws_lb_listener.tfe	resource
aws_lb_target_group.tfe	resource
aws_route53_record.alias_record	resource
aws_route53_record.cert_validation_record	resource
aws_s3_bucket.tfe	resource
aws_s3_bucket_public_access_block.tfe_public_access_block	resource
aws_s3_bucket_server_side_encryption_configuration.tfe_sse	resource
aws_s3_bucket_versioning.tfe_versioning	resource
aws_security_group.alb	resource
aws_security_group.bastion	resource
aws_security_group.elasticache	resource
aws_security_group.rds	resource
aws_security_group.tfe	resource
aws_ssm_parameter.postgresql_major_version	resource
aws_ssm_parameter.tfe_admin_token_url	resource
aws_ssm_parameter.tfe_database_host	resource
aws_ssm_parameter.tfe_database_name	resource
aws_ssm_parameter.tfe_database_password	resource
aws_ssm_parameter.tfe_database_user	resource
aws_ssm_parameter.tfe_encryption_password	resource
aws_ssm_parameter.tfe_hostname	resource
aws_ssm_parameter.tfe_license	resource
aws_ssm_parameter.tfe_object_storage_s3_bucket	resource
aws_ssm_parameter.tfe_object_storage_s3_region	resource
aws_ssm_parameter.tfe_redis_host	resource
aws_ssm_parameter.tfe_redis_password	resource
aws_ssm_parameter.tfe_version	resource
aws_vpc_endpoint.s3	resource
aws_vpc_endpoint_route_table_association.private	resource
aws_vpc_endpoint_route_table_association.public	resource
aws_vpc_security_group_egress_rule.alb	resource
aws_vpc_security_group_egress_rule.bastion	resource
aws_vpc_security_group_egress_rule.elasticache	resource
aws_vpc_security_group_egress_rule.rds	resource
aws_vpc_security_group_egress_rule.tfe	resource
aws_vpc_security_group_ingress_rule.alb	resource
aws_vpc_security_group_ingress_rule.bastion_ssh	resource
aws_vpc_security_group_ingress_rule.elasticache	resource
aws_vpc_security_group_ingress_rule.rds	resource
aws_vpc_security_group_ingress_rule.tfe_https	resource
aws_vpc_security_group_ingress_rule.tfe_ssh	resource
aws_vpc_security_group_ingress_rule.tfe_vault	resource
random_string.tfe_database_password	resource
random_string.tfe_encryption_password	resource
random_string.tfe_redis_password	resource
aws_ami.debian	data source
aws_availability_zones.all	data source
aws_caller_identity.current	data source
aws_ec2_instance_type_offering.bastion	data source
aws_ec2_instance_type_offering.tfe	data source
aws_iam_policy_document.ec2_modify_metadata	data source
aws_iam_policy_document.tfe_assume_role	data source
aws_iam_policy_document.tfe_get_parameters	data source
aws_iam_policy_document.tfe_put_parameters	data source
aws_iam_policy_document.tfe_s3	data source
aws_iam_policy_document.tfe_secrets_manager	data source
aws_kms_key.rds	data source
aws_kms_key.secretsmanager	data source
aws_kms_key.ssm	data source
aws_region.current	data source
aws_route53_zone.tfe	data source
http_http.myip	data source

Inputs

Name	Description	Type	Default	Required
alb_security_group_name	The name of the Application Load Balancer security group.	string	"alb-sg"	no
asg_desired_capacity	The desired number of hosts active in the TFE auto scaling group.	number	2	no
asg_max_size	The maximum number of hosts allowed in the TFE auto scaling group.	number	2	no
asg_min_size	The minimum number of hosts allowed in the TFE auto scaling group.	number	0	no
asg_name	The name of the ASG for the TFE hosts.	string	"tfe-asg"	no
ec2_bastion_instance_name	The name of the Bastion EC2 instance.	string	"Bastion Host"	no
ec2_bastion_instance_type	The type (size) of the Bastion EC2 instance.	string	"t3.nano"	no
ec2_bastion_security_group_name	The name of the EC2 Bastion Host security group.	string	"ec2-bastion-sg"	no
ec2_bastion_ssh_public_key	The SSH public key used to authenticate to the Bastion EC2 instance.	string	n/a	yes
ec2_iam_role_name	The name of the IAM role assigned to the EC2 instance profile assigned to the Terraform Enterprise hosts.	string	"tfe-iam-role"	no
ec2_instance_profile_name	The name of the EC2 instance profile assigned to the Terraform Enterprise hosts.	string	"tfe-instance-profile"	no
ec2_tfe_instance_name	The name of the TFE EC2 instance.	string	"TFE Host"	no
ec2_tfe_instance_type	The type (size) of the TFE EC2 instance.	string	"t3.medium"	no
elasticache_node_type	The node type (size) of the ElastiCache nodes.	string	"cache.t3.medium"	no
elasticache_replication_group_name	The name of the ElastiCache replication group used as the Terraform Enterprise Redis cache.	string	"tfe-redis-cache"	no
elasticache_security_group_name	The name of the ElastiCache security group.	string	"elasticache-sg"	no
elasticache_subnet_group_name	The name of the ElastiCache subnet group.	string	"elasticache-sg"	no
lb_name	The name of the application load balancer used to distribute HTTPS traffic across TFE hosts.	string	"tfe-web-alb"	no
lb_target_group_name	The name of the target group used to direct HTTPS traffic to TFE hosts.	string	"tfe-web-alb-tg"	no
postgresql_version	The version of the PostgreSQL engine to deploy.	string	"16.4"	no
rds_instance_class	The instance type (size) of the RDS instance.	string	"db.t3.medium"	no
rds_instance_master_user	The RDS master user.	string	"tfeadmin"	no
rds_instance_name	The name of the RDS instance used to store Terraform Enterprise data in.	string	"tfe-postgres-db"	no
rds_parameter_group_name	The name of the RDS parameter group.	string	"rds-pg"	no
rds_security_group_name	The name of the RDS security group.	string	"rds-sg"	no
rds_subnet_group_name	The name of the RDS subnet group.	string	"rds-sg"	no
redis_version	The version of the Redis engine to deploy.	string	"7.1"	no
route53_zone_name	The name of the Route53 zone used to host Terraform Enterprise.	string	n/a	yes
s3_vpc_endpoint_name	The name of the S3 VPC endpoint.	string	"tfe-vpce-s3"	no
tfe_database_name	The name of the database used to store Terraform Enterprise data in.	string	"tfe"	no
tfe_database_user	The user with access the Terraform Enterprise database.	string	"tfe"	no
tfe_license	The license for Terraform Enterprise.	string	n/a	yes
tfe_security_group_name	The name of the Terraform Enterprise EC2 hosts security group.	string	"tfe-sg"	no
tfe_subdomain	The subdomain used for Terraform Enterprise.	string	"tfe"	no
tfe_version	The version of Terraform Enterprise to deploy.	string	"v202409-2"	no
vpc_azs	A list of availability zone names to deploy to in the region.	list(string)	[ "ca-central-1a", "ca-central-1b", "ca-central-1d" ]	no
vpc_name	The name of the VPC used to host Terraform Enterprise.	string	"tfe-vpc"	no

Outputs

Name	Description
ec2_bastion_instance_type_availability	Show the list of Availability Zones that the configured EC2 instance type is available in.
ec2_tfe_instance_type_availability	Show the list of Availability Zones that the configured EC2 instance type is available in.