A Terraform module to manage Concourse clusters on EC2.
It is unique in that it uses an EC2 AMI created by easyto that is built from the official Concourse container image. This enables a container-like approach to managing instances, but directly on EC2 instead of a container orchestrator.
See the example directory for a sample root module that uses this module.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami | Configuration of the AMI for instances. | object | {} |
no |
| database | Configuration for the Aurora PostgreSQL database. | object | N/A | yes |
| dns | Configuration of DNS. | object | N/A | yes |
| kms_key_ids | Configuration of KMS keys. | object | N/A | yes |
| ssh_key | An SSH key to assign to instances. | string | null |
no |
| subnet_ids | Configuration of subnets. | object | N/A | yes |
| ssm_prefix | The prefix of SSM parameters that will be created by the module. The full prefix will be derived from this and stack_key. |
string | /airport |
no |
| stack_key | A unique name from which to derive cloud resource names. | string | N/A | yes |
| tags | Tags to assign to cloud resources. | map(string) | null |
no |
| web | Configuration of web instances. | object | N/A | yes |
| workers | A list of configurations for worker instance groups. | list(object) | N/A | yes |
The ami object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| filters | Filters to search for an AMI. Required if name is not defined. |
object | [] |
conditional |
| most_recent | Whether or not to return the most recent image found. | bool | true |
no |
| name | Name of the AMI. Required if filters is not defined. |
string | concourse-7.11.0 |
conditional |
| owner | AWS account where the image is located. | string | 256008164056 |
no |
The ami filters object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Name of the filter. See documentation on ec2:DescribeImages for available filters. | string | N/A | yes |
| values | Values of the filter. | list(string) | N/A | yes |
The database object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| backups | Configuration for RDS backups. | object | {} |
no |
| engine | Configuration of the database engine. | object | {} |
no |
| instance_class | Class of instances. Required unless serverless_v2 is defined. |
string | null |
conditional |
| monitoring | Configuration of database monitoring. | object | {} |
no |
| parameter_group | Configuration of a cluster parameter group. | object | {} |
no |
| serverless_v2 | Configuration of a cluster parameter group. | object | null |
conditional |
| skip_final_snapshot | Whether or not to skip the final snapshot when destroying the database. | bool | null |
no |
The database backups object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| retention_period | How long to retain backups. | number | null |
no |
| preferred_window | Preferred window of time in which to run backups. See documentation on rds:CreateDBCluster for the format. | string | null |
no |
The database engine object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| type | The engine type. | string | aurora-postgresql |
no |
| version | The engine version. | string | 16.2 |
no |
The database monitoring object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| interval | The monitoring interval. | number | 0 |
no |
| role_arn | ARN of a role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. | string | null |
no |
The database parameter group object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| family | The family for the parameter group. | string | aurora-postgresql16 |
no |
| parameters | A list of parameter objects. | list(object) | N/A | yes |
The database parameter group parameters object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apply_method | When to apply the parameters. Choice of immediate, pending-reboot. |
string | null |
no |
| name | Name of the parameter. | string | N/A | yes |
| value | Value of the parameter. | string | N/A | yes |
The database serverless_v2 object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| max_capacity | Maximum capacity of serverless instances. | number | N/A | yes |
| min_capacity | Minimum capacity of serverless instances. | number | N/A | yes |
The dns object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| domain | The domain where records will be added. This must be the name of a Route53 zone. | string | N/A | yes |
| hostname_web | The short hostname of the web load balancer. The default is derived from stack_key. |
string | null |
no |
| hostname_tsa | The short hostname of the TSA load balancer. The default is derived from stack_key. |
string | null |
no |
The kms key ids object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| credentials | The KMS key used for encrypting credentials. | string | N/A | yes |
| storage | The KMS key used for encrypting storage. | string | N/A | yes |
The subnet ids object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| application | Subnets for application instances, database, and TSA load balancer. | list(string) | N/A | yes |
| load_balancer | Subnets for the web load balancer. | list(string) | N/A | yes |
The web object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| autoscaling | Configuration of the web autoscaling group. | object | N/A | yes |
| concourse | Configuration of the Concourse web process. | object | N/A | yes |
| external_url | The external URL of the web load balancer. The default is derived from stack_key and dns.domain |
string | null |
no |
| extra_env | Extra environment variables. See the easyto documentation for the structure of the name-value object. | list(object) | [] |
no |
| extra_env_from | Extra environment variables from external sources. See the easyto documentation for the structure of the env-from object. | list(object) | [] |
no |
| extra_security_group_ids | Extra security groups to assign to the instances. | list(string) | [] |
no |
| iam | Configuration of the IAM role of the instances. | object | {} |
no |
| public | Whether or not the load balancer should be internet facing. | bool | true |
no |
| volume_root | Configuration of the root EBS volume of the instances. | object | {} |
no |
The web concourse object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| credential_manager | Configuration of a credential manager. | object | null |
no |
| extra_args | Additional arguments to pass to the concourse web process. | list(string) | [] |
no |
| features | Concourse feature flags to enable. | list(string) | ["enable-across-step", "enable-cache-streamed-volumes", "enable-global-resources", "enable-p2p-volume-streaming", "enable-pipeline-instances", "enable-redact-secrets", "enable-rerun-when-worker-disappears"] |
no |
| log_level | The concourse log level. Choice of debug, info, error, fatal. |
string | info |
no |
The web concourse credential_manager object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ssm | Configuration of the SSM credential manager. | object | null |
no |
| secrets_manager | Configuration of the Secrets Manager credential manager. | object | null |
no |
The web concourse credential_manager ssm object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| path_prefix | The prefix to use for SSM parameters. | string | N/A | yes |
The web concourse credential_manager secrets_manager object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| path_prefix | The prefix to use for Secrets Manager secret names. | string | N/A | yes |
The worker object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| autoscaling | Configuration of the worker autoscaling group. | object | N/A | yes |
| concourse | Configuration of the Concourse worker process. | object | N/A | yes |
| extra_security_group_ids | Extra security groups to assign to the instances. | list(string) | [] |
no |
| name | Name of the worker group. | string | N/A | yes |
| iam | Configuration of the IAM role of the instances. | object | {} |
no |
| volumes | Configuration of the EBS volumes of the instances. | object | {} |
no |
The worker concourse object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| containerd_network_pool | IP address range to use for containers. | string | 10.80.0.0/16 |
no |
| extra_args | Additional arguments to pass to the concourse worker process. | list(string) | [] |
no |
| log_level | The concourse log level. Choice of debug, info, error, fatal. |
string | info |
no |
The worker volumes object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| root | Configuration of the root EBS volume of the instances. | object | {} |
no |
| work | Configuration of the work EBS volume of the instances. | object | {} |
no |
The autoscaling object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| instance_refresh | Configuration of instance refresh. See the upstream asg module for the structure. | object | { strategy = "Rolling" } |
no |
| instance_type | Type of the EC2 instances. Required if mixed_instances_overrides is not defined. |
string | null |
conditional |
| instances_desired | The initial number of instances desired. | number | N/A | yes |
| instances_max | The maximum number of instances desired. | number | N/A | yes |
| instances_min | The minimum number of instances desired. | number | N/A | yes |
| max_instance_lifetime | The maximum lifetime of instances in seconds. | number | null |
no |
| mixed_instances_distribution | The distribution of mixed instances. See the upstream asg module for the structure. | object | null |
no |
| mixed_instances_overrides | A list of override objects for mixed instances. See the upstream asg module for the structure of the object. Required if instance_type is not defined. |
list(object) | null |
conditional |
| suspended_processes | A list of autoscaling processes to suspend. | list(string) | [] |
no |
| termination_policies | A list of policies to decide how instances should be terminated. | list(string) | [] |
no |
The iam object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| extra_policy_arns | Additional policy ARNs to assign to the IAM role. | list(string) | [] |
no |
| permissions_boundary | An IAM policy ARN to use as a permissions boundary for the IAM role. | string | null |
no |
The volume object has the following structure.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| iops | Number of IOPs given to the volume. | number | null |
no |
| name | Name of the volume. This defaults to /dev/xvda for root volumes and /dev/xvdb for concourse work volumes. |
string | conditional | no |
| size | Size of the volume in GB. This defaults to 4 for root volumes and 100 for concourse work volumes. |
number | conditional | no |
| type | Type of the EBS volume. | string | gp3 |
no |
| Name | Description |
|---|---|
| database | An object representing the database. |
| lb_tsa | An object representing the TSA load balancer. |
| lb_web | An object representing the web load balancer. |
| web | An object representing the web instances. |
| workers | An object representing the worker instances. |