From e25a2ffd8ef25c3ea8af6a09e1e017cba364185f Mon Sep 17 00:00:00 2001 From: Richard Jones Date: Fri, 10 May 2019 14:28:03 +0100 Subject: [PATCH 1/5] Provide SSL security policy --- main.tf | 1 + variables.tf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/main.tf b/main.tf index 8cd987d..26c3b11 100644 --- a/main.tf +++ b/main.tf @@ -35,6 +35,7 @@ module "elastic_beanstalk_environment" { healthcheck_url = "${var.healthcheck_url}" loadbalancer_type = "${var.loadbalancer_type}" loadbalancer_certificate_arn = "${var.loadbalancer_certificate_arn}" + loadbalancer_ssl_policy = "${var.loadbalancer_ssl_policy}" vpc_id = "${var.vpc_id}" public_subnets = "${var.public_subnets}" private_subnets = "${var.private_subnets}" diff --git a/variables.tf b/variables.tf index e04a5c6..ae1c1b1 100644 --- a/variables.tf +++ b/variables.tf @@ -66,6 +66,12 @@ variable "loadbalancer_certificate_arn" { description = "Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager" } +variable "loadbalancer_ssl_policy" { + type = "string" + default = "ELBSecurityPolicy-2016-08" + description = "Load Balancer SSL Security Policy" +} + variable "public_subnets" { type = "list" description = "List of public subnets to place Elastic Load Balancer" From c739bb0ae34a9c68eb0a5f1b3d40b2371300c510 Mon Sep 17 00:00:00 2001 From: Richard Jones Date: Wed, 22 May 2019 16:05:08 +0100 Subject: [PATCH 2/5] Build documentation updates --- README.md | 11 ++++++++--- docs/terraform.md | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index c359a76..3cebb7c 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,11 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are ## Usage + +**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases. +Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-jenkins/releases). + + For complete examples, see [examples](examples). @@ -303,7 +308,6 @@ Available targets: lint Lint terraform code ``` - ## Inputs | Name | Description | Type | Default | Required | @@ -327,6 +331,7 @@ Available targets: | healthcheck_url | Application Health Check URL. Elastic Beanstalk will call this URL to check the health of the application running on EC2 instances | string | `/login` | no | | image_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable $IMAGE_TAG when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html | string | `latest` | no | | loadbalancer_certificate_arn | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | string | - | yes | +| loadbalancer_ssl_policy | Load Balancer SSL Security Policy | string | `ELBSecurityPolicy-2016-08` | no | | loadbalancer_type | Load Balancer type, e.g. 'application' or 'classic' | string | `application` | no | | master_instance_type | EC2 instance type for Jenkins master, e.g. 't2.medium' | string | `t2.medium` | no | | name | Solution name, e.g. 'app' or 'jenkins' | string | `jenkins` | no | @@ -339,7 +344,7 @@ Available targets: | ssh_key_pair | Name of SSH key that will be deployed on Elastic Beanstalk and DataPipeline instance. The key should be present in AWS | string | `` | no | | stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test' | string | - | yes | | tags | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | map | `` | no | -| use_efs_ip_address | | string | `false` | no | +| use_efs_ip_address | - | string | `false` | no | | vpc_id | ID of the VPC in which to provision the AWS resources | string | - | yes | | zone_id | Route53 parent zone ID. The module will create sub-domain DNS records in the parent zone for the EB environment and EFS | string | - | yes | @@ -429,7 +434,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright -Copyright © 2017-2018 [Cloud Posse, LLC](https://cpco.io/copyright) +Copyright © 2017-2019 [Cloud Posse, LLC](https://cpco.io/copyright) diff --git a/docs/terraform.md b/docs/terraform.md index 1a9a222..e61dfbd 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -1,4 +1,3 @@ - ## Inputs | Name | Description | Type | Default | Required | @@ -22,6 +21,7 @@ | healthcheck_url | Application Health Check URL. Elastic Beanstalk will call this URL to check the health of the application running on EC2 instances | string | `/login` | no | | image_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable $IMAGE_TAG when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html | string | `latest` | no | | loadbalancer_certificate_arn | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | string | - | yes | +| loadbalancer_ssl_policy | Load Balancer SSL Security Policy | string | `ELBSecurityPolicy-2016-08` | no | | loadbalancer_type | Load Balancer type, e.g. 'application' or 'classic' | string | `application` | no | | master_instance_type | EC2 instance type for Jenkins master, e.g. 't2.medium' | string | `t2.medium` | no | | name | Solution name, e.g. 'app' or 'jenkins' | string | `jenkins` | no | @@ -34,7 +34,7 @@ | ssh_key_pair | Name of SSH key that will be deployed on Elastic Beanstalk and DataPipeline instance. The key should be present in AWS | string | `` | no | | stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test' | string | - | yes | | tags | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | map | `` | no | -| use_efs_ip_address | | string | `false` | no | +| use_efs_ip_address | - | string | `false` | no | | vpc_id | ID of the VPC in which to provision the AWS resources | string | - | yes | | zone_id | Route53 parent zone ID. The module will create sub-domain DNS records in the parent zone for the EB environment and EFS | string | - | yes | From 154de01558828744561b064ef2b43ec1430cc1fb Mon Sep 17 00:00:00 2001 From: nitrocode <7775707+nitrocode@users.noreply.github.com> Date: Mon, 20 Jun 2022 19:02:09 -0400 Subject: [PATCH 3/5] Update variables.tf --- variables.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/variables.tf b/variables.tf index 6b8c6b2..591866e 100644 --- a/variables.tf +++ b/variables.tf @@ -57,11 +57,6 @@ variable "loadbalancer_ssl_policy" { description = "Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer" } -variable "public_subnets" { - type = "list" - description = "List of public subnets to place Elastic Load Balancer" -} - variable "loadbalancer_subnets" { type = list(string) description = "List of subnets to place Elastic Load Balancer" From 61d3efa1cca38f2fb0dcae2505552f4d12dae369 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Mon, 20 Jun 2022 23:02:21 +0000 Subject: [PATCH 4/5] Auto Format --- README.md | 198 ++++++++++++++++++++++++++++++++++++---------- docs/terraform.md | 1 + main.tf | 2 +- 3 files changed, 158 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index 0156c95..272830a 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,18 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. - +| Benchmark | Description | +|--------|---------------| +| [![Infrastructure Security](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=INFRASTRUCTURE+SECURITY) | Infrastructure Security Compliance | +| [![CIS KUBERNETES](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/cis_kubernetes)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=CIS+KUBERNETES+V1.5) | Center for Internet Security, KUBERNETES Compliance | +| [![CIS AWS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=CIS+AWS+V1.2) | Center for Internet Security, AWS Compliance | +| [![CIS AZURE](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/cis_azure)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=CIS+AZURE+V1.1) | Center for Internet Security, AZURE Compliance | +| [![PCI-DSS](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/pci)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=PCI-DSS+V3.2) | Payment Card Industry Data Security Standards Compliance | +| [![NIST-800-53](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/nist)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=NIST-800-53) | National Institute of Standards and Technology Compliance | +| [![ISO27001](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/iso)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=ISO27001) | Information Security Management System, ISO/IEC 27001 Compliance | +| [![SOC2](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/soc2)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=SOC2)| Service Organization Control 2 Compliance | +| [![CIS GCP](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/cis_gcp)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=CIS+GCP+V1.1) | Center for Internet Security, GCP Compliance | +| [![HIPAA](https://www.bridgecrew.cloud/badges/github/cloudposse/terraform-aws-jenkins/hipaa)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=cloudposse%2Fterraform-aws-jenkins&benchmark=HIPAA) | Health Insurance Portability and Accountability Compliance | @@ -214,53 +225,155 @@ Available targets: lint Lint terraform code ``` + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | >= 2.0 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [cicd](#module\_cicd) | cloudposse/cicd/aws | 0.12.0 | +| [ecr](#module\_ecr) | cloudposse/ecr/aws | 0.34.0 | +| [efs](#module\_efs) | cloudposse/efs/aws | 0.25.0 | +| [efs\_backup](#module\_efs\_backup) | cloudposse/backup/aws | 0.13.1 | +| [elastic\_beanstalk\_application](#module\_elastic\_beanstalk\_application) | cloudposse/elastic-beanstalk-application/aws | 0.11.1 | +| [elastic\_beanstalk\_environment](#module\_elastic\_beanstalk\_environment) | cloudposse/elastic-beanstalk-environment/aws | 0.36.1 | +| [label\_slaves](#module\_label\_slaves) | cloudposse/label/null | 0.25.0 | +| [this](#module\_this) | cloudposse/label/null | 0.25.0 | + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_policy.slaves](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role_policy_attachment.slaves](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_security_group.slaves](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_iam_policy_document.slaves](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| attributes | Additional attributes (e.g. `policy` or `role`) | list | `` | no | -| availability_zones | List of Availability Zones for EFS | list | - | yes | -| aws_account_id | AWS Account ID. Used as CodeBuild ENV variable $AWS_ACCOUNT_ID when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html | string | - | yes | -| aws_region | AWS region in which to provision the AWS resources | string | `us-west-2` | no | -| build_compute_type | CodeBuild compute type, e.g. 'BUILD_GENERAL1_SMALL'. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html#build-env-ref-compute-types | string | `BUILD_GENERAL1_SMALL` | no | -| build_image | CodeBuild build image, e.g. 'aws/codebuild/docker:1.12.1'. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html#build-env-ref-available | string | `aws/codebuild/docker:1.12.1` | no | -| datapipeline_config | DataPipeline configuration options | map | `` | no | -| delimiter | Delimiter to be used between `name`, `namespace`, `stage`, etc. | string | `-` | no | -| description | Will be used as Elastic Beanstalk application description | string | `Jenkins server as Docker container running on Elastic Benastalk` | no | -| env_default_key | Default ENV variable key for Elastic Beanstalk `aws:elasticbeanstalk:application:environment` setting | string | `DEFAULT_ENV_%d` | no | -| env_default_value | Default ENV variable value for Elastic Beanstalk `aws:elasticbeanstalk:application:environment` setting | string | `UNSET` | no | -| env_vars | Map of custom ENV variables to be provided to the Jenkins application running on Elastic Beanstalk, e.g. env_vars = { JENKINS_USER = 'admin' JENKINS_PASS = 'xxxxxx' } | map | `` | no | -| github_branch | GitHub repository branch, e.g. 'master'. By default, this module will deploy 'https://github.com/cloudposse/jenkins' master branch | string | `master` | no | -| github_oauth_token | GitHub Oauth Token for accessing private repositories. Leave it empty when deploying a public 'Jenkins' repository, e.g. https://github.com/cloudposse/jenkins | string | `` | no | -| github_organization | GitHub organization, e.g. 'cloudposse'. By default, this module will deploy 'https://github.com/cloudposse/jenkins' repository | string | `cloudposse` | no | -| github_repo_name | GitHub repository name, e.g. 'jenkins'. By default, this module will deploy 'https://github.com/cloudposse/jenkins' repository | string | `jenkins` | no | -| healthcheck_url | Application Health Check URL. Elastic Beanstalk will call this URL to check the health of the application running on EC2 instances | string | `/login` | no | -| image_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable $IMAGE_TAG when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html | string | `latest` | no | -| loadbalancer_certificate_arn | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | string | - | yes | -| loadbalancer_ssl_policy | Load Balancer SSL Security Policy | string | `ELBSecurityPolicy-2016-08` | no | -| loadbalancer_type | Load Balancer type, e.g. 'application' or 'classic' | string | `application` | no | -| master_instance_type | EC2 instance type for Jenkins master, e.g. 't2.medium' | string | `t2.medium` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | string | `jenkins` | no | -| namespace | Namespace, which could be your organization name, e.g. 'cp' or 'cloudposse' | string | - | yes | -| noncurrent_version_expiration_days | Backup S3 bucket noncurrent version expiration days | string | `35` | no | -| private_subnets | List of private subnets to place EC2 instances and EFS | list | - | yes | -| public_subnets | List of public subnets to place Elastic Load Balancer | list | - | yes | -| security_groups | List of security groups to be allowed to connect to the EC2 instances | list | `` | no | -| solution_stack_name | Elastic Beanstalk stack, e.g. Docker, Go, Node, Java, IIS. For more info: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html | string | `64bit Amazon Linux 2017.09 v2.8.4 running Docker 17.09.1-ce` | no | -| ssh_key_pair | Name of SSH key that will be deployed on Elastic Beanstalk and DataPipeline instance. The key should be present in AWS | string | `` | no | -| stage | Stage, e.g. 'prod', 'staging', 'dev', or 'test' | string | - | yes | -| tags | Additional tags (e.g. `map('BusinessUnit`,`XYZ`) | map | `` | no | -| use_efs_ip_address | - | string | `false` | no | -| vpc_id | ID of the VPC in which to provision the AWS resources | string | - | yes | -| zone_id | Route53 parent zone ID. The module will create sub-domain DNS records in the parent zone for the EB environment and EFS | string | - | yes | - - - - -## Share the Love +|------|-------------|------|---------|:--------:| +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no | +| [allowed\_security\_groups](#input\_allowed\_security\_groups) | List of security groups to be allowed to connect to Jenkins master EC2 instances | `list(string)` | `[]` | no | +| [application\_subnets](#input\_application\_subnets) | List of subnets to place EC2 instances and EFS | `list(string)` | n/a | yes | +| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no | +| [availability\_zone\_selector](#input\_availability\_zone\_selector) | Availability Zone selector | `string` | `"Any"` | no | +| [availability\_zones](#input\_availability\_zones) | List of Availability Zones for EFS | `list(string)` | n/a | yes | +| [aws\_account\_id](#input\_aws\_account\_id) | AWS Account ID. Used as CodeBuild ENV variable $AWS\_ACCOUNT\_ID when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html | `string` | n/a | yes | +| [build\_compute\_type](#input\_build\_compute\_type) | CodeBuild compute type, e.g. 'BUILD\_GENERAL1\_SMALL'. For more info: https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [build\_image](#input\_build\_image) | CodeBuild build image, e.g. 'aws/codebuild/amazonlinux2-x86\_64-standard:1.0'. For more info: https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html | `string` | `"aws/codebuild/docker:1.12.1"` | no | +| [cicd\_bucket\_force\_destroy](#input\_cicd\_bucket\_force\_destroy) | Force destroy the CI/CD S3 bucket even if it's not empty | `bool` | `false` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between ID elements.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [description](#input\_description) | Will be used as Elastic Beanstalk application description | `string` | `"Jenkins server as Docker container running on Elastic Benastalk"` | no | +| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no | +| [dns\_zone\_id](#input\_dns\_zone\_id) | Route53 parent zone ID. The module will create sub-domain DNS records in the parent zone for the EB environment and EFS | `string` | n/a | yes | +| [efs\_backup\_cold\_storage\_after](#input\_efs\_backup\_cold\_storage\_after) | Specifies the number of days after creation that a recovery point is moved to cold storage | `number` | `null` | no | +| [efs\_backup\_completion\_window](#input\_efs\_backup\_completion\_window) | The amount of time AWS Backup attempts a backup before canceling the job and returning an error. Must be at least 60 minutes greater than `start_window` | `number` | `null` | no | +| [efs\_backup\_delete\_after](#input\_efs\_backup\_delete\_after) | Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after` | `number` | `null` | no | +| [efs\_backup\_schedule](#input\_efs\_backup\_schedule) | A CRON expression specifying when AWS Backup initiates a backup job | `string` | `null` | no | +| [efs\_backup\_start\_window](#input\_efs\_backup\_start\_window) | The amount of time in minutes before beginning a backup. Minimum value is 60 minutes | `number` | `null` | no | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [env\_vars](#input\_env\_vars) | Map of custom ENV variables to be provided to the Jenkins application running on Elastic Beanstalk, e.g. env\_vars = { JENKINS\_USER = 'admin' JENKINS\_PASS = 'xxxxxx' } | `map(string)` | `{}` | no | +| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment\_type](#input\_environment\_type) | Environment type, e.g. 'LoadBalanced' or 'SingleInstance'. If setting to 'SingleInstance', `rolling_update_type` must be set to 'Time' or `Immutable`, and `loadbalancer_subnets` will be unused (it applies to the ELB, which does not exist in SingleInstance environments) | `string` | `"LoadBalanced"` | no | +| [github\_branch](#input\_github\_branch) | GitHub repository branch, e.g. 'master'. By default, this module will deploy 'https://github.com/cloudposse/jenkins' master branch | `string` | `"master"` | no | +| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub Oauth Token | `string` | n/a | yes | +| [github\_organization](#input\_github\_organization) | GitHub organization, e.g. 'cloudposse'. By default, this module will deploy 'https://github.com/cloudposse/jenkins' repository | `string` | `"cloudposse"` | no | +| [github\_repo\_name](#input\_github\_repo\_name) | GitHub repository name, e.g. 'jenkins'. By default, this module will deploy 'https://github.com/cloudposse/jenkins' repository | `string` | `"jenkins"` | no | +| [healthcheck\_url](#input\_healthcheck\_url) | Application Health Check URL. Elastic Beanstalk will call this URL to check the health of the application running on EC2 instances | `string` | `"/login"` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [image\_tag](#input\_image\_tag) | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable $IMAGE\_TAG when building Docker images. For more info: http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html | `string` | `"latest"` | no | +| [label\_key\_case](#input\_label\_key\_case) | Controls the letter case of the `tags` keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The order in which the labels (ID elements) appear in the `id`.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | Controls the letter case of ID elements (labels) as included in `id`,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the `tags` input.
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Set this to `title` and set `delimiter` to `""` to yield Pascal Case IDs.
Default value: `lower`. | `string` | `null` | no | +| [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | +| [loadbalancer\_certificate\_arn](#input\_loadbalancer\_certificate\_arn) | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | `string` | `""` | no | +| [loadbalancer\_logs\_bucket\_force\_destroy](#input\_loadbalancer\_logs\_bucket\_force\_destroy) | Force destroy the S3 bucket for load balancer logs even if it's not empty | `bool` | `false` | no | +| [loadbalancer\_ssl\_policy](#input\_loadbalancer\_ssl\_policy) | Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer | `string` | `""` | no | +| [loadbalancer\_subnets](#input\_loadbalancer\_subnets) | List of subnets to place Elastic Load Balancer | `list(string)` | n/a | yes | +| [loadbalancer\_type](#input\_loadbalancer\_type) | Load Balancer type, e.g. 'application' or 'classic' | `string` | `"application"` | no | +| [master\_instance\_type](#input\_master\_instance\_type) | EC2 instance type for Jenkins master, e.g. 't2.medium' | `string` | `"t2.medium"` | no | +| [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a `tag`.
The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no | +| [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [region](#input\_region) | AWS region in which to provision the AWS resources | `string` | n/a | yes | +| [rolling\_update\_type](#input\_rolling\_update\_type) | `Health`, `Time` or `Immutable`. Set it to `Immutable` to apply the configuration change to a fresh group of instances. For more details, see https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-autoscalingupdatepolicyrollingupdate | `string` | `"Health"` | no | +| [solution\_stack\_name](#input\_solution\_stack\_name) | Elastic Beanstalk stack, e.g. Docker, Go, Node, Java, IIS. For more info: http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html | `string` | `"64bit Amazon Linux 2018.03 v2.12.17 running Docker 18.06.1-ce"` | no | +| [ssh\_key\_pair](#input\_ssh\_key\_pair) | Name of SSH key that will be deployed on Elastic Beanstalk instances. The key should be present in AWS | `string` | `""` | no | +| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | +| [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no | +| [use\_efs\_ip\_address](#input\_use\_efs\_ip\_address) | If set to `true`, will provide the EFS IP address instead of DNS name to Jenkins as ENV var | `bool` | `false` | no | +| [vpc\_id](#input\_vpc\_id) | ID of the VPC in which to provision the AWS resources | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN | +| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name | +| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID | +| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name | +| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN | +| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID | +| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN | +| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID | +| [ecr\_registry\_id](#output\_ecr\_registry\_id) | Registry ID | +| [ecr\_repository\_name](#output\_ecr\_repository\_name) | Repository name | +| [ecr\_repository\_url](#output\_ecr\_repository\_url) | Repository URL | +| [efs\_arn](#output\_efs\_arn) | EFS ARN | +| [efs\_backup\_plan\_arn](#output\_efs\_backup\_plan\_arn) | Backup Plan ARN | +| [efs\_backup\_plan\_version](#output\_efs\_backup\_plan\_version) | Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan | +| [efs\_backup\_selection\_id](#output\_efs\_backup\_selection\_id) | Backup Selection ID | +| [efs\_backup\_vault\_arn](#output\_efs\_backup\_vault\_arn) | Backup Vault ARN | +| [efs\_backup\_vault\_id](#output\_efs\_backup\_vault\_id) | Backup Vault ID | +| [efs\_dns\_name](#output\_efs\_dns\_name) | EFS DNS name | +| [efs\_host](#output\_efs\_host) | Route53 DNS hostname for the EFS | +| [efs\_id](#output\_efs\_id) | EFS ID | +| [efs\_mount\_target\_dns\_names](#output\_efs\_mount\_target\_dns\_names) | List of EFS mount target DNS names | +| [efs\_mount\_target\_ids](#output\_efs\_mount\_target\_ids) | List of EFS mount target IDs (one per Availability Zone) | +| [efs\_mount\_target\_ips](#output\_efs\_mount\_target\_ips) | List of EFS mount target IPs (one per Availability Zone) | +| [efs\_network\_interface\_ids](#output\_efs\_network\_interface\_ids) | List of mount target network interface IDs | +| [elastic\_beanstalk\_application\_name](#output\_elastic\_beanstalk\_application\_name) | Elastic Beanstalk Application name | +| [elastic\_beanstalk\_environment\_all\_settings](#output\_elastic\_beanstalk\_environment\_all\_settings) | List of all option settings configured in the environment. These are a combination of default settings and their overrides from setting in the configuration | +| [elastic\_beanstalk\_environment\_application](#output\_elastic\_beanstalk\_environment\_application) | The Elastic Beanstalk Application specified for this environment | +| [elastic\_beanstalk\_environment\_autoscaling\_groups](#output\_elastic\_beanstalk\_environment\_autoscaling\_groups) | The autoscaling groups used by this environment | +| [elastic\_beanstalk\_environment\_ec2\_instance\_profile\_role\_name](#output\_elastic\_beanstalk\_environment\_ec2\_instance\_profile\_role\_name) | Instance IAM role name | +| [elastic\_beanstalk\_environment\_elb\_zone\_id](#output\_elastic\_beanstalk\_environment\_elb\_zone\_id) | ELB zone id | +| [elastic\_beanstalk\_environment\_endpoint](#output\_elastic\_beanstalk\_environment\_endpoint) | Fully qualified DNS name for the environment | +| [elastic\_beanstalk\_environment\_hostname](#output\_elastic\_beanstalk\_environment\_hostname) | DNS hostname | +| [elastic\_beanstalk\_environment\_id](#output\_elastic\_beanstalk\_environment\_id) | ID of the Elastic Beanstalk environment | +| [elastic\_beanstalk\_environment\_instances](#output\_elastic\_beanstalk\_environment\_instances) | Instances used by this environment | +| [elastic\_beanstalk\_environment\_launch\_configurations](#output\_elastic\_beanstalk\_environment\_launch\_configurations) | Launch configurations in use by this environment | +| [elastic\_beanstalk\_environment\_load\_balancers](#output\_elastic\_beanstalk\_environment\_load\_balancers) | Elastic Load Balancers in use by this environment | +| [elastic\_beanstalk\_environment\_name](#output\_elastic\_beanstalk\_environment\_name) | Name | +| [elastic\_beanstalk\_environment\_queues](#output\_elastic\_beanstalk\_environment\_queues) | SQS queues in use by this environment | +| [elastic\_beanstalk\_environment\_security\_group\_id](#output\_elastic\_beanstalk\_environment\_security\_group\_id) | Security group id | +| [elastic\_beanstalk\_environment\_setting](#output\_elastic\_beanstalk\_environment\_setting) | Settings specifically set for this environment | +| [elastic\_beanstalk\_environment\_tier](#output\_elastic\_beanstalk\_environment\_tier) | The environment tier | +| [elastic\_beanstalk\_environment\_triggers](#output\_elastic\_beanstalk\_environment\_triggers) | Autoscaling triggers in use by this environment | + + + +## Share the Love +Like this project? Please give it a ★ on [our GitHub](https://github.com/cloudposse/terraform-aws-jenkins)! (it helps us **a lot**) Are you using this project or any of our other projects? Consider [leaving a testimonial][testimonial]. =) @@ -349,6 +462,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow. ## Copyright +Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright) diff --git a/docs/terraform.md b/docs/terraform.md index 28b16b7..34dc6a6 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -75,6 +75,7 @@ | [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.
Default is to include all labels.
Tags with empty values will not be included in the `tags` output.
Set to `[]` to suppress all generated tags.
**Notes:**
The value of the `name` tag, if included, will be the `id`, not the `name`.
Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be
changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | 
[
  "default"
]
| no | | [loadbalancer\_certificate\_arn](#input\_loadbalancer\_certificate\_arn) | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | `string` | `""` | no | | [loadbalancer\_logs\_bucket\_force\_destroy](#input\_loadbalancer\_logs\_bucket\_force\_destroy) | Force destroy the S3 bucket for load balancer logs even if it's not empty | `bool` | `false` | no | +| [loadbalancer\_ssl\_policy](#input\_loadbalancer\_ssl\_policy) | Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer | `string` | `""` | no | | [loadbalancer\_subnets](#input\_loadbalancer\_subnets) | List of subnets to place Elastic Load Balancer | `list(string)` | n/a | yes | | [loadbalancer\_type](#input\_loadbalancer\_type) | Load Balancer type, e.g. 'application' or 'classic' | `string` | `"application"` | no | | [master\_instance\_type](#input\_master\_instance\_type) | EC2 instance type for Jenkins master, e.g. 't2.medium' | `string` | `"t2.medium"` | no | diff --git a/main.tf b/main.tf index 59ba456..e4b122e 100644 --- a/main.tf +++ b/main.tf @@ -46,7 +46,7 @@ module "elastic_beanstalk_environment" { keypair = var.ssh_key_pair solution_stack_name = var.solution_stack_name force_destroy = var.loadbalancer_logs_bucket_force_destroy - loadbalancer_ssl_policy = "${var.loadbalancer_ssl_policy}" + loadbalancer_ssl_policy = "${var.loadbalancer_ssl_policy}" # Provide EFS DNS name to EB in the `EFS_HOST` ENV var. EC2 instance will mount to the EFS filesystem and use it to store Jenkins state # Add slaves Security Group `JENKINS_SLAVE_SECURITY_GROUPS` (comma-separated if more than one). Will be used by Jenkins to init the EC2 plugin to launch slaves inside the Security Group From 598fe42c2bcdb7474f4bf54b46f2c215d06473b8 Mon Sep 17 00:00:00 2001 From: nitrocode <7775707+nitrocode@users.noreply.github.com> Date: Mon, 20 Jun 2022 19:02:39 -0400 Subject: [PATCH 5/5] Update main.tf --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index e4b122e..ae4f61a 100644 --- a/main.tf +++ b/main.tf @@ -46,7 +46,7 @@ module "elastic_beanstalk_environment" { keypair = var.ssh_key_pair solution_stack_name = var.solution_stack_name force_destroy = var.loadbalancer_logs_bucket_force_destroy - loadbalancer_ssl_policy = "${var.loadbalancer_ssl_policy}" + loadbalancer_ssl_policy = var.loadbalancer_ssl_policy # Provide EFS DNS name to EB in the `EFS_HOST` ENV var. EC2 instance will mount to the EFS filesystem and use it to store Jenkins state # Add slaves Security Group `JENKINS_SLAVE_SECURITY_GROUPS` (comma-separated if more than one). Will be used by Jenkins to init the EC2 plugin to launch slaves inside the Security Group