Skip to content

rhythmictech/terraform-aws-iqserver

BranchesTags

Repository files navigation

terraform-aws-iqserver

tflint tfsec yamllint misspell pre-commit-check

Create a Sonatype IQ Server instance. This does some neat things:

  • sonatype-work directory is managed by EFS with optional backups using AWS Backup
  • everything runs in an ASG (though HA isn't supported.. yet..) so if something happens to the instance, it'll come back up automatically.
  • updates are done by upgrading your AMI and replacing the launch config
  • automatically manages licensing

Requirements

This expects an instance that has IQ Server pre-installed using the Rhythmic ansible-role-iqserver ansible module. The easiest way to get one is to use Packer.

License File

To use auto licensing, you need to save your license file in AWS Secrets Manager. Something like this would work:

aws --region us-east-1 secretsmanager create-secret --secret-id iqserver-license --secret-binary=file:///tmp/license.lic

Tip: when you renew your license, update the secret and kill the instance. It will automatically be updated.

Example

Here's what using the module will look like

module "example" {
  source = "git::https://github.com/rhythmictech/terraform-aws-iqserver.git"

  name                           = "nexus"
  ami_id                         = "ami-12345678912"
  asg_subnets                    = ["subnet-123456789012", "subnet-123456789013"]
  efs_subnets                    = ["subnet-123456789012", "subnet-123456789013"]
  elb_certificate                = "arn:aws:acm:us-east-1:12345678912:certificate/090c1a21-f053-4aac-8b92-2c963c3c0660"
  elb_subnets                    = ["subnet-123456789012", "subnet-123456789013"]
  vpc_id                         = "vpc-123456789012"
}

Requirements

Name Version
terraform >= 0.12.19

Providers

Name Version
aws n/a
template n/a

Modules

No modules.

Resources

Name Type
aws_autoscaling_group.this resource
aws_backup_plan.this resource
aws_backup_selection.this resource
aws_backup_vault.this resource
aws_efs_file_system.this resource
aws_efs_mount_target.this resource
aws_iam_instance_profile.this resource
aws_iam_role.backup resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.backup resource
aws_iam_role_policy_attachment.this resource
aws_launch_configuration.this resource
aws_lb.this resource
aws_lb_listener.this resource
aws_lb_target_group.this resource
aws_security_group.efs resource
aws_security_group.elb resource
aws_security_group.this resource
aws_security_group_rule.allow_all resource
aws_security_group_rule.allow_inbound_http_from_lb resource
aws_security_group_rule.elb_egress resource
aws_security_group_rule.elb_ingress resource
aws_iam_policy_document.assume data source
aws_iam_policy_document.assume_backup data source
template_cloudinit_config.this data source

Inputs

Name Description Type Default Required
ami_id AMI to build on (must have ansible-role-iqserver module installed) string n/a yes
asg_additional_iam_policies Additional IAM policies to attach to the ASG instance profile list(string) [] no
asg_additional_security_groups Additional security group IDs to attach to ASG instances list(string) [] no
asg_desired_capacity The number of Amazon EC2 instances that should be running in the group. number 1 no
asg_instance_type Instance type for scim app string "t3a.micro" no
asg_key_name Optional keypair to associate with instances string null no
asg_max_size Maximum number of instances in the autoscaling group number 2 no
asg_min_size Minimum number of instances in the autoscaling group number 1 no
asg_subnets Subnets to associate ASG instances with (specify 1 or more) list(string) n/a yes
efs_additional_allowed_security_groups Additional security group IDs to attach to the EFS export list(string) [] no
efs_backup_retain_days Days to retain EFS backups for (only used if enable_efs_backups=true) number 30 no
efs_backup_schedule AWS Backup cron schedule (only used if enable_efs_backups=true) string "cron(0 5 ? * * *)" no
efs_backup_vault_name AWS Backup vault name (only used if enable_efs_backups=true) string "iqserver-efs-vault" no
efs_subnets Subnets to create EFS mountpoints in list(string) n/a yes
elb_additional_sg_tags Additional tags to apply to the ELB security group. Useful if you use an external process to manage ingress rules. map(string) {} no
elb_allowed_cidr_blocks List of allowed CIDR blocks. If [] is specified, no inbound ingress rules will be created list(string) 
[
  "0.0.0.0/0"
]
 no
elb_certificate ARN of certificate to associate with ELB string n/a yes
elb_internal Create as an internal or internet-facing ELB bool true no
elb_subnets Subnets to associate ELB to list(string) n/a yes
enable_efs_backups Enable EFS backups using AWS Backup (recommended if you aren't going to back up EFS some other way) bool false no
license_secret S3 key including any prefix that has the Sonatype IQ Server license string "" no
name Moniker to apply to all resources in the module string n/a yes
tags User-Defined tags map(string) {} no
vpc_id VPC to create associated resources in string n/a yes

Outputs

Name Description
lb_arn ARN of the ELB for Nexus access
lb_dns_name DNS Name of the ELB for Nexus access
lb_zone_id Route53 Zone ID of the ELB for Nexus access
role_arn IAM Role ARN of Nexus instance

About

Create a HA Sonatype IQ Server instance

registry.terraform.io/modules/rhythmictech/iqserver/aws

Topics

aws terraform sonatype-nexus sonatype terraform-module

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 4

v0.1.3 Latest
Dec 5, 2024
+ 3 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages