AWS-Reference-Architecture

Requirements

Name	Version
terraform	>= 1.3.0, < 1.6.0
aws	>= 5.17.0

Providers

Name	Version
aws	5.17.0

Modules

Name	Source	Version
acm_route53	shamimice03/acm-route53/aws	1.1.0
alb	terraform-aws-modules/alb/aws	8.7.0
alb_route53_record	./modules/alb-route53	n/a
alb_sg	terraform-aws-modules/security-group/aws	5.1.0
asg	terraform-aws-modules/autoscaling/aws	6.10.0
custom_iam_policy	terraform-aws-modules/iam/aws//modules/iam-policy	5.30.0
ec2_sg	terraform-aws-modules/security-group/aws	5.1.0
efs	./modules/efs	n/a
efs_parameters	shamimice03/ssm-parameter/aws	0.5.0
efs_sg	terraform-aws-modules/security-group/aws	5.1.0
instance_profile	./modules/iam-instance-profile	n/a
launch_template	./modules/launch-template	n/a
primary_db_parameters	shamimice03/ssm-parameter/aws	0.5.0
rds	shamimice03/rds-blueprint/aws	1.3.0
rds_replica	shamimice03/rds-blueprint/aws	1.3.0
rds_sg	terraform-aws-modules/security-group/aws	5.1.0
replica_db_parameters	shamimice03/ssm-parameter/aws	0.5.0
ssh_sg	terraform-aws-modules/security-group/aws	5.1.0
vpc	shamimice03/vpc/aws	1.2.1

Resources

Name	Type
aws_acm_certificate.issued	data source
aws_ami.amazonlinux2	data source

Inputs

Name	Description	Type	Default	Required
acm_allow_record_overwrite	Allow record overwrite in DNS validation	bool	true	no
acm_domain_names	Domain name for ACM certificate	list(string)	[]	no
acm_hosted_zone_name	Hosted zone name for DNS validation	string	""	no
acm_private_zone	Whether the hosted zone is private or not	bool	false	no
acm_ttl	Time to live (TTL) for DNS records	number	60	no
acm_validation_method	Validation method for ACM certificate	string	"DNS"	no
alb_acm_certificate_domain_name	ACM Certificate domain name	string	""	no
alb_name_prefix	Prefix for the Application Load Balancer name	string	""	no
alb_route53_allow_record_overwrite	Allow creation of this record in Terraform to overwrite an existing record	bool	false	no
alb_route53_evaluate_target_health	Whether to evaluate the target health of the ALB	bool	true	no
alb_route53_private_zone	Whether the DNS zone is private or not	bool	false	no
alb_route53_record_names	The DNS record name for the first ALB record	list(string)	[]	no
alb_route53_record_type	The DNS record type for ALB records	string	"A"	no
alb_route53_zone_name	The DNS zone name	string	""	no
alb_security_groups	List of security group IDs for the Application Load Balancer (ALB)	list(string)	[]	no
alb_sg_name	Name of the ALB security group	string	"aws-ref-alb-sg"	no
alb_subnets	List of subnet IDs for the Application Load Balancer (ALB)	list(string)	[]	no
alb_target_group_name_prefix	Prefix for the ALB target group name	string	""	no
allocated_storage	Allocated storage for the RDS instance (in GB)	string	"20"	no
apply_immediately	Apply changes immediately or during the next maintenance window	bool	true	no
asg_create	Whether to create asg or not. asg dependent on Launch Template	bool	true	no
asg_desired_capacity	Desired capacity of the Auto Scaling Group	number	1	no
asg_enable_monitoring	Enable monitoring for the Auto Scaling Group	bool	true	no
asg_health_check_grace_period	Health check grace period for instances in the Auto Scaling Group	number	300	no
asg_health_check_type	Health check type for the Auto Scaling Group	string	"ELB"	no
asg_max_size	Maximum size of the Auto Scaling Group	number	2	no
asg_min_size	Minimum size of the Auto Scaling Group	number	1	no
asg_name	Name of the Auto Scaling Group	string	""	no
asg_vpc_zone_identifier	List of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Required if VPC is not created as part of this project	list(string)	[]	no
asg_wait_for_capacity_timeout	Timeout for waiting for the desired capacity to be reached	string	"10m"	no
azs	Availability Zones for subnets	list(string)	[]	no
backup_retention_period	Backup retention period (in days) for the RDS instance	number	7	no
backup_window	Preferred backup window for the RDS instance	string	"03:00-05:00"	no
cidr	CIDR block for the VPC	string	""	no
create_alb_route53_record	Whether to create ALB - Route53 record	bool	true	no
create_alb_sg	Whether to create the Application Load Balancer (ALB) security group.	bool	false	no
create_certificates	Controls if certificate should be generated	bool	true	no
create_custom_policy	Whether to create custom policy	bool	false	no
create_db_subnet_group	Create a new DB subnet group	bool	true	no
create_ec2_sg	Whether to create the EC2 instance security group.	bool	false	no
create_efs_parameters	Whether to store efs parameters on SSM parameter store	bool	false	no
create_efs_sg	Whether to create the Elastic File System (EFS) security group.	bool	false	no
create_instance_profile	Whether to create an instance profile	bool	true	no
create_launch_template	Whether to create new launch template	bool	true	no
create_lb	Controls if the Load Balancer should be created	bool	true	no
create_primary_database	Whether to create primary database	bool	true	no
create_primary_db_parameters	Whether to store primary database parameters on SSM parameter store	bool	false	no
create_rds_sg	Whether to create the RDS security group.	bool	false	no
create_replica_database	Whether to create replica database. create_primary_database must be true	bool	true	no
create_replica_db_parameters	Whether to store replica database parameters on SSM parameter store	bool	false	no
create_ssh_sg	Whether to create the SSH security group	bool	false	no
create_vpc	Controls if VPC should be created	bool	true	no
custom_iam_policy_description	Description for the IAM policy. Required if create_custom_policy set to true	string	"custom policy"	no
custom_iam_policy_json	JSON policy document. Required if create_custom_policy set to true	string	""	no
custom_iam_policy_name_prefix	Prefix for the IAM policy name. Required if create_custom_policy set to true	string	""	no
custom_iam_policy_path	The path for the IAM policy. Required if create_custom_policy set to true	string	"/"	no
database_port	Port for the RDS instance	number	3306	no
db_identifier	The name of the RDS instance	string	"aws-ref-arch-db"	no
db_master_username	Master username for the RDS instance	string	""	no
db_name	Name of the initial database	string	""	no
db_security_groups	List of security group IDs for the RDS instance	list(string)	[]	no
db_subnet_cidr	CIDR blocks for database subnets	list(string)	[]	no
db_subnet_group_name	Name for the DB subnet group	string	"aws-ref-arch-db-subnet"	no
db_subnets	List of DB subnets for the RDS instance	list(string)	[]	no
delete_automated_backups	Delete automated backups when the RDS instance is deleted	bool	true	no
deletion_protection	Enable or disable deletion protection for the RDS instance	bool	false	no
ec2_sg_name	Name of the ec2 security group	string	"aws-ref-ec2-sg"	no
efs_create	Whether to create Elastic File System	bool	false	no
efs_encrypted	Whether to enable encryption for the EFS file system	bool	true	no
efs_mount_target_security_group_ids	List of security group IDs for EFS mount targets	list(string)	[]	no
efs_mount_target_subnet_ids	List of subnet IDs for EFS mount targets	list(string)	[]	no
efs_name	Name of the Elastic File System	string	""	no
efs_performance_mode	The performance mode for the EFS file system (e.g., 'generalPurpose' or 'maxIO')	string	"generalPurpose"	no
efs_sg_name	Name of the EFS security group	string	"aws-ref-efs-sg"	no
efs_throughput_mode	The throughput mode for the EFS file system (e.g., 'bursting' or 'provisioned')	string	"bursting"	no
efs_transition_to_ia	The lifecycle policy transition for files to Infrequent Access (IA) storage	string	"AFTER_30_DAYS"	no
enable_dns_hostnames	Enable DNS hostnames for the VPC	bool	true	no
enable_dns_support	Enable DNS resolution for the VPC	bool	true	no
enable_single_nat_gateway	Enable a single NAT gateway for all private subnets	bool	false	no
enabled_cloudwatch_logs_exports	Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine). MySQL and MariaDB: audit, error, general, slowquery. PostgreSQL: postgresql, upgrade. MSSQL: agent , error. Oracle: alert, audit, listener, trace.	list(string)	[ "audit", "error" ]	no
engine	Database engine type	string	"mysql"	no
engine_version	Database engine version	string	"8.0"	no
general_tags	General tags to apply to resources created	map(string)	{ "Env": "dev", "Project_name": "aws-ref-architecture", "Team": "platform-team" }	no
iam_database_authentication_enabled	Enable IAM database authentication	bool	false	no
instance_class	RDS instance class	string	"db.t3.micro"	no
instance_profile_custom_policy_arns	List of ARNs of custom policies(created outside of this project) to attach to the role	list(string)	[]	no
instance_profile_instance_profile_name	Name of the IAM instance profile	string	""	no
instance_profile_managed_policy_arns	List of ARNs of managed policies to attach to the role	list(string)	[]	no
instance_profile_role_name	Name of the IAM role associated with the instance profile	string	"aws-ref-instance-role"	no
instance_profile_role_path	The path for the IAM role	string	"/"	no
intra_subnet_cidr	CIDR blocks for intra subnets. Used as EFS subnets	list(string)	[]	no
launch_template_delete_on_termination	Whether the root volume should be deleted on instance termination	bool	true	no
launch_template_device_name	The device name for the root volume	string	"/dev/xvda"	no
launch_template_enable_monitoring	Whether instance monitoring should be enabled	bool	false	no
launch_template_image_id	The AMI from which to launch the instance. Default will be Amazonlinux2	string	""	no
launch_template_instance_type	The EC2 instance type for instances launched from the template	string	"t2.micro"	no
launch_template_key_name	The name of the SSH key pair to associate with instances launched from the template	string	""	no
launch_template_name_prefix	Creates a unique name beginning with the specified prefix	string	"aws-ref"	no
launch_template_resource_type	The type of resource to tag	string	"instance"	no
launch_template_sg_ids	List of security group IDs for the launch template	list(string)	[]	no
launch_template_update_default_version	Flag to update the default version of the launch template	bool	true	no
launch_template_userdata_file_path	Path to the user data script file	string	""	no
launch_template_volume_size	The size of the root volume for instances launched from the template (in GiB)	number	20	no
launch_template_volume_type	The type of volume for the root volume (e.g., 'gp2')	string	"gp2"	no
load_balancer_type	Type of the Load Balancer	string	"application"	no
maintenance_window	Maintenance window for the RDS instance	string	"Sat:05:00-Sat:07:00"	no
master_db_availability_zone	Availability zone for the RDS instance	string	""	no
max_allocated_storage	Maximum allocated storage for the RDS instance (in GB)	string	"20"	no
multi_az	Enable multi-AZ deployment for the RDS instance	bool	false	no
project_name	Name of the project	string	"aws-ref-architecture"	no
public_subnet_cidr	CIDR blocks for public subnets	list(string)	[]	no
publicly_accessible	Make the RDS instance publicly accessible	bool	false	no
rds_sg_name	Name of the RDS security group	string	"aws-ref-rds-sg"	no
replica_apply_immediately	Apply changes immediately or during the next maintenance window for the replica	bool	null	no
replica_backup_retention_period	Backup retention period (in days) for the RDS replica instance	number	null	no
replica_backup_window	Preferred backup window for the RDS replica instance	string	""	no
replica_database_port	Port for the RDS replica instance	number	null	no
replica_db_availability_zone	Availability zone for the RDS replica instance	string	""	no
replica_db_identifier	Identifier for the RDS replica instance	string	""	no
replica_delete_automated_backups	Delete automated backups when the RDS replica instance is deleted	bool	null	no
replica_deletion_protection	Enable or disable deletion protection for the RDS replica instance	bool	null	no
replica_enabled_cloudwatch_logs_exports	Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on engine). MySQL and MariaDB: audit, error, general, slowquery. PostgreSQL: postgresql, upgrade. MSSQL: agent , error. Oracle: alert, audit, listener, trace.	list(string)	[]	no
replica_engine	Database engine type for the RDS replica instance	string	""	no
replica_engine_version	Database engine version for the RDS replica instance	string	""	no
replica_iam_database_authentication_enabled	Enable IAM database authentication	bool	null	no
replica_instance_class	RDS instance class for the replica	string	""	no
replica_maintenance_window	Maintenance window for the RDS replica instance	string	""	no
replica_max_allocated_storage	Maximum allocated storage for the RDS replica instance (in GB)	string	""	no
replica_multi_az	Enable multi-AZ deployment for the RDS replica instance	bool	null	no
replica_publicly_accessible	Make the RDS replica instance publicly accessible	bool	null	no
replica_skip_final_snapshot	Skip the final DB snapshot when the RDS replica instance is deleted	bool	null	no
replica_storage_type	Storage type for the RDS replica instance	string	""	no
skip_final_snapshot	Skip the final DB snapshot when the RDS instance is deleted	bool	true	no
ssh_ingress_cidr	List of CIDR blocks allowed to SSH into the EC2 instances	list(any)	[]	no
ssh_sg_name	Name of the SSH security group	string	"aws-ref-ssh-sg"	no
storage_type	Storage type for the RDS instance	string	"gp2"	no
vpc_id	Id of the VPC.Required while provisioning on an existing VPC	string	""	no
vpc_name	Name of the VPC	string	"aws-ref-arch-vpc"	no

Outputs

Name	Description
efs_parameters	List of EFS Parameters
primary_db_parameters	List of Primary DB Parameters
replica_db_parameters	List of Primary DB Parameters