Create a Nexus OSS or Nexus Pro instance. This does some neat things:
sonatype-workdirectory is managed by EFS with optional backups using AWS Backup- everything runs in an ASG (though HA isn't supported.. yet..) so if something happens to the instance, it'll come back up automatically.
- updates are done by upgrading your AMI and replacing the launch config
- automatically manages licensing pro installs and enabling the modules
This expects an instance that has Nexus pre-installed using the Rhythmic ansible-role-nexus ansible module. The easiest way to get one is to use Packer.
To use Pro, you need to save your license file in AWS Secrets Manager. Something like this would work:
aws --region us-east-1 secretsmanager create-secret --secret-id nexus-license --secret-binary=file:///tmp/nexus.lic
Tip: when you renew your license, update the secret and kill the instance. It will automatically be updated.
Here's what using the module will look like
module "example" {
source = "git::https://github.com/rhythmictech/terraform-aws-nexus.git"
name = "nexus"
ami_id = "ami-12345678912"
asg_subnets = ["subnet-123456789012", "subnet-123456789013"]
efs_subnets = ["subnet-123456789012", "subnet-123456789013"]
elb_certificate = "arn:aws:acm:us-east-1:12345678912:certificate/090c1a21-f053-4aac-8b92-2c963c3c0660"
elb_subnets = ["subnet-123456789012", "subnet-123456789013"]
vpc_id = "vpc-123456789012"
}
| Name | Version |
|---|---|
| terraform | >= 0.12.26 |
| aws | >= 2.45.0, < 4.0.0 |
| template | ~>2.1.2 |
| Name | Version |
|---|---|
| aws | >= 2.45.0, < 4.0.0 |
| template | ~>2.1.2 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami_id | AMI to build on (must have ansible-role-nexus module installed) |
string |
n/a | yes |
| asg_subnets | Subnets to associate ASG instances with (specify 1 or more) | list(string) |
n/a | yes |
| efs_subnets | Subnets to create EFS mountpoints in | list(string) |
n/a | yes |
| elb_certificate | ARN of certificate to associate with ELB | string |
n/a | yes |
| elb_subnets | Subnets to associate ELB to | list(string) |
n/a | yes |
| name | Moniker to apply to all resources in the module | string |
n/a | yes |
| vpc_id | VPC to create associated resources in | string |
n/a | yes |
| access_logs_bucket | The name of the bucket to store LB access logs in. Required if access_logs_enabled is true |
string |
null |
no |
| access_logs_enabled | Whether to enable LB access logging | bool |
false |
no |
| access_logs_prefix | The path prefix to apply to the LB access logs. | string |
null |
no |
| additional_ports | Additional ports (besides 80/443 for the UI) to open on the nexus instance and create listeners for | list(number) |
[] |
no |
| additional_ports_protocol | Protocol [HTTP, HTTPS] to use for the additional ports | string |
"HTTPS" |
no |
| asg_additional_iam_policies | Additional IAM policies to attach to the ASG instance profile | list(string) |
[] |
no |
| asg_additional_security_groups | Additional security group IDs to attach to ASG instances | list(string) |
[] |
no |
| asg_additional_target_group_arns | ARNs of additional target groups to attach to the ASG | list(string) |
[] |
no |
| asg_additional_user_data | Additional User Data to attach to the launch template | string |
"" |
no |
| asg_desired_capacity | The number of Amazon EC2 instances that should be running in the group. | number |
1 |
no |
| asg_instance_type | Instance type for scim app | string |
"t3a.micro" |
no |
| asg_key_name | Optional keypair to associate with instances | string |
null |
no |
| asg_max_size | Maximum number of instances in the autoscaling group | number |
2 |
no |
| asg_min_size | Minimum number of instances in the autoscaling group | number |
1 |
no |
| asg_root_volume_type | This should match the root volume type of the AMI | string |
"gp3" |
no |
| efs_additional_allowed_security_groups | Additional security group IDs to attach to the EFS export | list(string) |
[] |
no |
| efs_backup_retain_days | Days to retain EFS backups for (only used if enable_efs_backups=true) |
number |
30 |
no |
| efs_backup_schedule | AWS Backup cron schedule (only used if enable_efs_backups=true) |
string |
"cron(0 5 ? * * *)" |
no |
| efs_backup_vault_name | AWS Backup vault name (only used if enable_efs_backups=true) |
string |
"nexus-efs-vault" |
no |
| elb_additional_sg_tags | Additional tags to apply to the ELB security group. Useful if you use an external process to manage ingress rules. | map(string) |
{} |
no |
| elb_allowed_cidr_blocks | List of allowed CIDR blocks. If [] is specified, no inbound ingress rules will be created |
list(string) |
[ |
no |
| elb_internal | Create as an internal or internet-facing ELB | bool |
true |
no |
| enable_efs_backups | Enable EFS backups using AWS Backup (recommended if you aren't going to back up EFS some other way) | bool |
false |
no |
| license_secret | S3 key including any prefix that has the Nexus Pro license (omit for OSS installs) | string |
"" |
no |
| tags | User-Defined tags | map(string) |
{} |
no |
| Name | Description |
|---|---|
| instance_sg_arn | Security Group ARN attached to instance launch config and thereby the nexus EC2 instance |
| lb_arn | ARN of the ELB for Nexus access |
| lb_dns_name | DNS Name of the ELB for Nexus access |
| lb_sg_arn | Security Group ARN attached to ELB |
| lb_zone_id | Route53 Zone ID of the ELB for Nexus access |
| role_arn | IAM Role ARN of Nexus instance |