Skip to content

perxhealth/terraform-aws-ecs-app-front

Repository files navigation

terraform-aws-ecs-app-front

Lint Status LICENSE

This terraform module is an AWS ECS Application Module (frontend component).

It's designed to be used with DNXLabs/terraform-aws-ecs (https://github.com/DNXLabs/terraform-aws-ecs). and DNXLabs/terraform-aws-ecs-app (https://github.com/DNXLabs/terraform-aws-ecs-app).

The following resources will be created:

  • Cloudwatch Metrics alarm - Provides a CloudWatch Metric Alarm resource.
  • Application Load Balancer (ALB) cloudfront key - Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront
  • ALB Dns Name - ALB DNS Name that CloudFront will point as origin
  • Certificate Amazon Resource Name (ARN) - Certificate for this app to use in CloudFront (US), must cover hostname.
  • Cloudwatch Log Groups

In addition you have the option to create or not:

  • Cloudfront 500 Errors rate threshold
  • Simple Notification Service (SNS) topic United States (US) - Alarm topics to create and alert on metrics on US region
  • Cloudfront forward headers - Headers to forward to origin from CloudFront
  • Cloudfront Logging bucket - Bucket to store logs from app
  • Cloudfront origin keepalive timeout - The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds.
  • Cloudfront origin read timeout - The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds.
  • Web Application Firewall (WAF) to attach to Cloudfront
  • IAM Certificate ID - Specifies IAM certificate id for CloudFront distribution
  • Minimum protocol version - The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
  • One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1.2_2018.

NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id),and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

Requirements

Name Version
terraform >= 0.12.0

Providers

Name Version
aws n/a
aws.us-east-1 n/a

Inputs

Name Description Type Default Required
alarm_cloudfront_500_errors_threshold Cloudfront 500 Errors rate threshold (use 0 to disable this alarm) number 5 no
alarm_sns_topics_us Alarm topics to create and alert on metrics on US region list [] no
alb_cloudfront_key Key generated by terraform-aws-ecs module to allow ALB connection from CloudFront any n/a yes
alb_dns_name ALB DNS Name that CloudFront will point as origin any n/a yes
certificate_arn Certificate for this app to use in CloudFront (US), must cover hostname. any n/a yes
cloudfront_forward_headers Headers to forward to origin from CloudFront list
[
"*"
]
no
cloudfront_logging_bucket Bucket to store logs from app string null no
cloudfront_logging_prefix Logging prefix string "" no
cloudfront_origin_keepalive_timeout The amount of time, in seconds, that CloudFront maintains an idle connection with a custom origin server before closing the connection. Valid values are from 1 to 60 seconds. number 5 no
cloudfront_origin_read_timeout The amount of time, in seconds, that CloudFront waits for a response from a custom origin. The value applies both to the time that CloudFront waits for an initial response and the time that CloudFront waits for each subsequent packet. Valid values are from 4 to 60 seconds. number 30 no
cloudfront_web_acl_id Optional web acl (WAF) to attach to CloudFront string "" no
cluster_name Name of existing ECS Cluster to deploy this app to any n/a yes
dynamic_custom_origin_config Configuration for the custom origin config to be used in dynamic block any [] no
dynamic_ordered_cache_behavior Ordered Cache Behaviors to be used in dynamic block any [] no
hosted_zone Existing Hosted Zone domain to add hostnames as DNS records any n/a yes
hostname_create Create hostnames in the hosted zone passed? bool true no
hostnames Hostnames to create DNS record for this app that the cloudfront distribution will accept any n/a yes
iam_certificate_id Specifies IAM certificate id for CloudFront distribution string null no
minimum_protocol_version The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1.2_2018.
NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id),
and have specified sni-only in ssl_support_method, TLSv1 or later must be specified.
If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified.
If you have specified cloudfront_default_certificate, TLSv1 must be specified.
string "TLSv1.2_2018" no
name Name of your ECS service any n/a yes
restriction_location The ISO 3166-1-alpha-2 codes for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist) list [] no
restriction_type The restriction type of your CloudFront distribution geolocation restriction. Options include none, whitelist, blacklist string "none" no

Outputs

Name Description
cloudfront_distribution_hostname The hostname of the CloudFront Distribution (use for DNS CNAME).
cloudfront_distribution_id The ID of the CloudFront Distribution.
cloudfront_zone_id The Zone ID of the CloudFront Distribution (use for DNS Alias).

Authors

Module managed by DNX Solutions.

License

Apache 2 Licensed. See LICENSE for full details.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages