3 "Name" = "${var.application_name}"
4 "Environment" = "${var.application_name}"
8 # Create elastic beanstalk VPC
9 resource "aws_vpc" "vpc" {
10 assign_generated_ipv6_cidr_block = true
11 cidr_block = var.vpc_cidr_block
12 enable_dns_hostnames = var.vpc_enable_dns_hostnames
13 enable_dns_support = var.vpc_enable_dns_support
14 instance_tenancy = var.vpc_instance_tenancy
18 # Create elastic beanstalk Subnets
19 resource "aws_subnet" "subnet" {
23 availability_zone = var.subnet_availability_zone
24 assign_ipv6_address_on_creation = true
25 cidr_block = aws_vpc.vpc.cidr_block
26 ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1)
27 map_public_ip_on_launch = true
28 vpc_id = aws_vpc.vpc.id
32 resource "aws_internet_gateway" "internet_gateway" {
36 vpc_id = aws_vpc.vpc.id
40 resource "aws_route" "route" {
43 aws_internet_gateway.internet_gateway
45 destination_cidr_block = "0.0.0.0/0"
46 gateway_id = aws_internet_gateway.internet_gateway.id
47 route_table_id = aws_vpc.vpc.main_route_table_id
50 # Create elastic beanstalk IAM mapping
51 data "aws_iam_policy_document" "service" {
58 identifiers = ["elasticbeanstalk.amazonaws.com"]
64 resource "aws_iam_role" "service" {
65 assume_role_policy = data.aws_iam_policy_document.service.json
66 name = "${var.application_name}-eb-service"
69 resource "aws_iam_role_policy_attachment" "enhanced_health" {
70 policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth"
71 role = aws_iam_role.service.name
74 resource "aws_iam_role_policy_attachment" "service" {
75 policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService"
76 role = aws_iam_role.service.name
79 data "aws_iam_policy_document" "ec2" {
86 identifiers = ["ec2.amazonaws.com"]
96 identifiers = ["ssm.amazonaws.com"]
102 resource "aws_iam_role" "ec2" {
103 assume_role_policy = data.aws_iam_policy_document.ec2.json
104 name = "${var.application_name}-eb-ec2"
107 resource "aws_iam_instance_profile" "ec2_iam_instance_profile" {
108 name = "${var.application_name}-iam-instance-profile"
109 role = aws_iam_role.ec2.name
112 resource "aws_iam_role_policy_attachment" "multicontainer_docker" {
113 policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker"
114 role = aws_iam_role.ec2.name
117 resource "aws_iam_role_policy_attachment" "web_tier" {
118 policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier"
119 role = aws_iam_role.ec2.name
122 resource "aws_iam_role_policy_attachment" "worker_tier" {
123 policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier"
124 role = aws_iam_role.ec2.name
127 resource "aws_iam_role_policy_attachment" "ssm_automation" {
128 policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole"
129 role = aws_iam_role.ec2.name
132 resource "aws_iam_role_policy_attachment" "ssm_ec2" {
133 policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
134 role = aws_iam_role.ec2.name
137 resource "aws_iam_role_policy_attachment" "ecr_readonly" {
138 policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
139 role = aws_iam_role.ec2.name
142 resource "aws_ssm_activation" "ec2" {
145 aws_iam_role_policy_attachment.ssm_ec2
147 name = "${var.application_name}-ec2-activation"
148 iam_role = aws_iam_role.ec2.id
149 registration_limit = 3
152 data "aws_iam_policy_document" "default" {
155 "elasticloadbalancing:DescribeInstanceHealth",
156 "elasticloadbalancing:DescribeLoadBalancers",
157 "elasticloadbalancing:DescribeTargetHealth",
158 "ec2:DescribeInstances",
159 "ec2:DescribeInstanceStatus",
160 "ec2:GetConsoleOutput",
161 "ec2:AssociateAddress",
162 "ec2:DescribeAddresses",
163 "ec2:DescribeSecurityGroups",
164 "sqs:GetQueueAttributes",
166 "autoscaling:DescribeAutoScalingGroups",
167 "autoscaling:DescribeAutoScalingInstances",
168 "autoscaling:DescribeScalingActivities",
169 "autoscaling:DescribeNotificationConfigurations",
176 sid = "AllowOperations"
178 "autoscaling:AttachInstances",
179 "autoscaling:CreateAutoScalingGroup",
180 "autoscaling:CreateLaunchConfiguration",
181 "autoscaling:DeleteLaunchConfiguration",
182 "autoscaling:DeleteAutoScalingGroup",
183 "autoscaling:DeleteScheduledAction",
184 "autoscaling:DescribeAccountLimits",
185 "autoscaling:DescribeAutoScalingGroups",
186 "autoscaling:DescribeAutoScalingInstances",
187 "autoscaling:DescribeLaunchConfigurations",
188 "autoscaling:DescribeLoadBalancers",
189 "autoscaling:DescribeNotificationConfigurations",
190 "autoscaling:DescribeScalingActivities",
191 "autoscaling:DescribeScheduledActions",
192 "autoscaling:DetachInstances",
193 "autoscaling:PutScheduledUpdateGroupAction",
194 "autoscaling:ResumeProcesses",
195 "autoscaling:SetDesiredCapacity",
196 "autoscaling:SetInstanceProtection",
197 "autoscaling:SuspendProcesses",
198 "autoscaling:TerminateInstanceInAutoScalingGroup",
199 "autoscaling:UpdateAutoScalingGroup",
200 "cloudwatch:PutMetricAlarm",
201 "ec2:AssociateAddress",
202 "ec2:AllocateAddress",
203 "ec2:AuthorizeSecurityGroupEgress",
204 "ec2:AuthorizeSecurityGroupIngress",
205 "ec2:CreateSecurityGroup",
206 "ec2:DeleteSecurityGroup",
207 "ec2:DescribeAccountAttributes",
208 "ec2:DescribeAddresses",
209 "ec2:DescribeImages",
210 "ec2:DescribeInstances",
211 "ec2:DescribeKeyPairs",
212 "ec2:DescribeSecurityGroups",
213 "ec2:DescribeSnapshots",
214 "ec2:DescribeSubnets",
216 "ec2:DisassociateAddress",
217 "ec2:ReleaseAddress",
218 "ec2:RevokeSecurityGroupEgress",
219 "ec2:RevokeSecurityGroupIngress",
220 "ec2:TerminateInstances",
223 "ecs:DescribeClusters",
224 "ecs:RegisterTaskDefinition",
225 "elasticbeanstalk:*",
226 "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
227 "elasticloadbalancing:ConfigureHealthCheck",
228 "elasticloadbalancing:CreateLoadBalancer",
229 "elasticloadbalancing:DeleteLoadBalancer",
230 "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
231 "elasticloadbalancing:DescribeInstanceHealth",
232 "elasticloadbalancing:DescribeLoadBalancers",
233 "elasticloadbalancing:DescribeTargetHealth",
234 "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
235 "elasticloadbalancing:DescribeTargetGroups",
236 "elasticloadbalancing:RegisterTargets",
237 "elasticloadbalancing:DeregisterTargets",
240 "logs:CreateLogGroup",
241 "logs:PutRetentionPolicy",
242 "rds:DescribeDBEngineVersions",
243 "rds:DescribeDBInstances",
244 "rds:DescribeOrderableDBInstanceOptions",
249 "sns:GetTopicAttributes",
250 "sns:ListSubscriptionsByTopic",
252 "sqs:GetQueueAttributes",
254 "codebuild:CreateProject",
255 "codebuild:DeleteProject",
256 "codebuild:BatchGetBuilds",
257 "codebuild:StartBuild",
264 sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
275 sid = "AllowDeleteCloudwatchLogGroups"
277 "logs:DeleteLogGroup"
280 "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
286 sid = "AllowCloudformationOperationsOnElasticBeanstalkStacks"
291 "arn:aws:cloudformation:*:*:stack/awseb-*",
292 "arn:aws:cloudformation:*:*:stack/eb-*"
298 resource "aws_iam_role_policy" "default" {
302 name = "${var.application_name}-eb-default"
303 policy = data.aws_iam_policy_document.default.json
304 role = aws_iam_role.ec2.id
307 # Create elastic beanstalk Environment
308 resource "aws_elastic_beanstalk_environment" "environment" {
312 aws_ssm_activation.ec2
314 application = var.environment_application
315 description = var.environment_description
316 name = var.environment_name
317 solution_stack_name = var.environment_solution_stack_name
318 tier = var.environment_tier
319 wait_for_ready_timeout = var.environment_wait_for_ready_timeout
320 version_label = var.environment_version_label
325 namespace = "aws:ec2:instances"
326 name = "InstanceTypes"
327 value = var.instances_instance_types
332 namespace = "aws:ec2:vpc"
334 value = aws_vpc.vpc.id
338 namespace = "aws:ec2:vpc"
340 value = aws_subnet.subnet.id
344 namespace = "aws:ec2:vpc"
346 value = aws_subnet.subnet.id
350 namespace = "aws:ec2:vpc"
352 value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
356 namespace = "aws:ec2:vpc"
357 name = "AssociatePublicIpAddress"
358 value = var.associate_public_ip_address
362 namespace = "aws:elasticbeanstalk:application"
363 name = "Application Healthcheck URL"
367 # aws:elbv2:listener:default
369 namespace = "aws:elbv2:listener:default"
370 name = "ListenerEnabled"
371 value = var.default_listener_enabled
374 # aws:elasticbeanstalk:environment
376 namespace = "aws:elasticbeanstalk:environment"
377 name = "LoadBalancerType"
378 value = var.environment_loadbalancer_type
382 namespace = "aws:elasticbeanstalk:environment"
384 value = aws_iam_role.service.name
387 # aws:elasticbeanstalk:environment:process:default
389 namespace = "aws:elasticbeanstalk:environment:process:default"
390 name = "HealthCheckInterval"
391 value = var.environment_process_default_healthcheck_interval
395 namespace = "aws:elasticbeanstalk:environment:process:default"
396 name = "HealthyThresholdCount"
397 value = var.environment_process_default_healthy_threshold_count
401 namespace = "aws:elasticbeanstalk:environment:process:default"
403 value = var.environment_process_default_port
407 namespace = "aws:elasticbeanstalk:environment:process:default"
409 value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
413 namespace = "aws:elasticbeanstalk:environment:process:default"
414 name = "UnhealthyThresholdCount"
415 value = var.environment_process_default_unhealthy_threshold_count
418 # aws:autoscaling:launchconfiguration
420 namespace = "aws:autoscaling:launchconfiguration"
421 name = "IamInstanceProfile"
422 value = aws_iam_instance_profile.ec2_iam_instance_profile.name
425 # aws:autoscaling:updatepolicy:rollingupdate
427 namespace = "aws:autoscaling:updatepolicy:rollingupdate"
428 name = "RollingUpdateEnabled"
429 value = var.autoscaling_updatepolicy_rolling_update_enabled
433 namespace = "aws:autoscaling:updatepolicy:rollingupdate"
434 name = "RollingUpdateType"
435 value = var.autoscaling_updatepolicy_rolling_update_type
439 namespace = "aws:autoscaling:updatepolicy:rollingupdate"
440 name = "MinInstancesInService"
441 value = var.autoscaling_updatepolicy_min_instance_in_service
444 # aws:elasticbeanstalk:command
446 namespace = "aws:elasticbeanstalk:command"
447 name = "DeploymentPolicy"
448 value = var.command_deployment_policy
451 # aws:autoscaling:updatepolicy:rollingupdate
453 namespace = "aws:autoscaling:updatepolicy:rollingupdate"
454 name = "MaxBatchSize"
455 value = var.updatepolicy_max_batch_size
458 # aws:elasticbeanstalk:healthreporting:system
460 namespace = "aws:elasticbeanstalk:healthreporting:system"
462 value = var.healthreporting_system_type
465 # aws:elasticbeanstalk:managedactions
467 namespace = "aws:elasticbeanstalk:managedactions"
468 name = "ManagedActionsEnabled"
469 value = var.managedactions_managed_actions_enabled ? "true" : "false"
473 namespace = "aws:elasticbeanstalk:managedactions"
474 name = "PreferredStartTime"
475 value = var.managedactions_preferred_start_time
478 # aws:elasticbeanstalk:managedactions:platformupdate
480 namespace = "aws:elasticbeanstalk:managedactions:platformupdate"
482 value = var.managedactions_platformupdate_update_level
486 namespace = "aws:elasticbeanstalk:managedactions:platformupdate"
487 name = "InstanceRefreshEnabled"
488 value = var.managedactions_platformupdate_instance_refresh_enabled
491 # aws:autoscaling:asg
493 namespace = "aws:autoscaling:asg"
495 value = var.autoscaling_asg_minsize
498 namespace = "aws:autoscaling:asg"
500 value = var.autoscaling_asg_maxsize
503 # aws:autoscaling:trigger
505 namespace = "aws:autoscaling:trigger"
507 value = var.autoscaling_trigger_measure_name
511 namespace = "aws:autoscaling:trigger"
513 value = var.autoscaling_trigger_statistic
517 namespace = "aws:autoscaling:trigger"
519 value = var.autoscaling_trigger_unit
523 namespace = "aws:autoscaling:trigger"
524 name = "LowerThreshold"
525 value = var.autoscaling_trigger_lower_threshold
529 namespace = "aws:autoscaling:trigger"
530 name = "LowerBreachScaleIncrement"
531 value = var.autoscaling_trigger_lower_breach_scale_increment
535 namespace = "aws:autoscaling:trigger"
536 name = "UpperThreshold"
537 value = var.autoscaling_trigger_upper_threshold
541 namespace = "aws:autoscaling:trigger"
542 name = "UpperBreachScaleIncrement"
543 value = var.autoscaling_trigger_upper_breach_scale_increment
546 # aws:elasticbeanstalk:hostmanager
548 namespace = "aws:elasticbeanstalk:hostmanager"
549 name = "LogPublicationControl"
550 value = var.hostmanager_log_publication_control ? "true" : "false"
553 # aws:elasticbeanstalk:cloudwatch:logs
555 namespace = "aws:elasticbeanstalk:cloudwatch:logs"
557 value = var.cloudwatch_logs_stream_logs ? "true" : "false"
561 namespace = "aws:elasticbeanstalk:cloudwatch:logs"
562 name = "DeleteOnTerminate"
563 value = var.cloudwatch_logs_delete_on_terminate ? "true" : "false"
567 namespace = "aws:elasticbeanstalk:cloudwatch:logs"
568 name = "RetentionInDays"
569 value = var.cloudwatch_logs_retention_in_days
572 # aws:elasticbeanstalk:cloudwatch:logs:health
574 namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
575 name = "HealthStreamingEnabled"
576 value = var.cloudwatch_logs_health_health_streaming_enabled ? "true" : "false"
580 namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
581 name = "DeleteOnTerminate"
582 value = var.cloudwatch_logs_health_delete_on_terminate ? "true" : "false"
586 namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
587 name = "RetentionInDays"
588 value = var.cloudwatch_logs_health_retention_in_days
591 # aws:elasticbeanstalk:application:environment
593 for_each = var.environment_variables
595 namespace = "aws:elasticbeanstalk:application:environment"
597 value = setting.value