empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

terraform module: some fixes for byo-vpc and below (#13553)

Browse Source 
# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes (docs/Using
Fleet/manage-access.md)
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).
This commit is contained in:
Robert Fairburn 2023-09-01 16:06:45 -05:00 committed by GitHub
parent 03caba2030
commit 1d0aa1f318
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 290 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
terraform/.header.md
View File

@ -1,7 +1,12 @@
This module provides a basic Fleet setup. This assumes that you bring nothing to the installation.
If you want to bring your own VPC/database/cache nodes/ECS cluster, then use one of the submodules provided.
The following is the module layout so you can navigate to the module that you want:
To quickly list all available module versions you can run:
```shell
git tag |grep '^tf'
```
The following is the module layout, so you can navigate to the module that you want:
* Root module (use this to get a Fleet instance ASAP with minimal setup)
* BYO-VPC (use this if you want to install Fleet inside an existing VPC)

20
terraform/README.md
View File

File diff suppressed because one or more lines are too long

19
terraform/byo-vpc/README.md
View File

File diff suppressed because one or more lines are too long

17
terraform/byo-vpc/byo-db/README.md
View File

File diff suppressed because one or more lines are too long

14
terraform/byo-vpc/byo-db/byo-ecs/README.md
View File

@ -6,7 +6,7 @@ No requirements.
| Name | Version |
|------|---------|
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.39.0 |
| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.14.0 |
## Modules
@ -39,12 +39,12 @@ No modules.
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|:--------:|
| <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The name of the ECS cluster to use | `string` | n/a | yes |
| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br> mem = optional(number, 4096)<br> cpu = optional(number, 512)<br> image = optional(string, "fleetdm/fleet:v4.31.1")<br> family = optional(string, "fleet")<br> extra_environment_variables = optional(map(string), {})<br> extra_iam_policies = optional(list(string), [])<br> extra_execution_iam_policies = optional(list(string), [])<br> extra_secrets = optional(map(string), {})<br> security_groups = optional(list(string), null)<br> security_group_name = optional(string, "fleet")<br> iam_role_arn = optional(string, null)<br> service = optional(object({<br> name = optional(string, "fleet")<br> }), {<br> name = "fleet"<br> })<br> database = object({<br> password_secret_arn = string<br> user = string<br> database = string<br> address = string<br> rr_address = optional(string, null)<br> })<br> redis = object({<br> address = string<br> use_tls = optional(bool, true)<br> })<br> awslogs = optional(object({<br> name = optional(string, null)<br> region = optional(string, null)<br> create = optional(bool, true)<br> prefix = optional(string, "fleet")<br> retention = optional(number, 5)<br> }), {<br> name = null<br> region = null<br> prefix = "fleet"<br> retention = 5<br> })<br> loadbalancer = object({<br> arn = string<br> })<br> networking = object({<br> subnets = list(string)<br> security_groups = optional(list(string), null)<br> })<br> autoscaling = optional(object({<br> max_capacity = optional(number, 5)<br> min_capacity = optional(number, 1)<br> memory_tracking_target_value = optional(number, 80)<br> cpu_tracking_target_value = optional(number, 80)<br> }), {<br> max_capacity = 5<br> min_capacity = 1<br> memory_tracking_target_value = 80<br> cpu_tracking_target_value = 80<br> })<br> iam = optional(object({<br> role = optional(object({<br> name = optional(string, "fleet-role")<br> policy_name = optional(string, "fleet-iam-policy")<br> }), {<br> name = "fleet-role"<br> policy_name = "fleet-iam-policy"<br> })<br> execution = optional(object({<br> name = optional(string, "fleet-execution-role")<br> policy_name = optional(string, "fleet-execution-role")<br> }), {<br> name = "fleet-execution-role"<br> policy_name = "fleet-iam-policy-execution"<br> })<br> }), {<br> name = "fleetdm-execution-role"<br> })<br> })</pre> | <pre>{<br> "autoscaling": {<br> "cpu_tracking_target_value": 80,<br> "max_capacity": 5,<br> "memory_tracking_target_value": 80,<br> "min_capacity": 1<br> },<br> "awslogs": {<br> "create": true,<br> "name": null,<br> "prefix": "fleet",<br> "region": null,<br> "retention": 5<br> },<br> "cpu": 256,<br> "database": {<br> "address": null,<br> "database": null,<br> "password_secret_arn": null,<br> "rr_address": null,<br> "user": null<br> },<br> "extra_environment_variables": {},<br> "extra_execution_iam_policies": [],<br> "extra_iam_policies": [],<br> "extra_secrets": {},<br> "family": "fleet",<br> "iam": {<br> "execution": {<br> "name": "fleet-execution-role",<br> "policy_name": "fleet-iam-policy-execution"<br> },<br> "role": {<br> "name": "fleet-role",<br> "policy_name": "fleet-iam-policy"<br> }<br> },<br> "iam_role_arn": null,<br> "image": "fleetdm/fleet:v4.22.1",<br> "loadbalancer": {<br> "arn": null<br> },<br> "mem": 512,<br> "networking": {<br> "security_groups": null,<br> "subnets": null<br> },<br> "redis": {<br> "address": null,<br> "use_tls": true<br> },<br> "security_group_name": "fleet",<br> "security_groups": null,<br> "service": {<br> "name": "fleet"<br> }<br>}</pre> | no |
| <a name="input_migration_config"></a> [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | <pre>object({<br> mem = number<br> cpu = number<br> })</pre> | <pre>{<br> "cpu": 1024,<br> "mem": 2048<br>}</pre> | no |
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | `null` | no |
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_ecs_cluster"></a> [ecs\_cluster](#input\_ecs\_cluster) | The name of the ECS cluster to use | `string` | n/a | yes |
| <a name="input_fleet_config"></a> [fleet\_config](#input\_fleet\_config) | The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. | <pre>object({<br> mem = optional(number, 4096)<br> cpu = optional(number, 512)<br> image = optional(string, "fleetdm/fleet:v4.31.1")<br> family = optional(string, "fleet")<br> sidecars = optional(list(any), [])<br> depends_on = optional(list(any), [])<br> mount_points = optional(list(any), [])<br> volumes = optional(list(any), [])<br> extra_environment_variables = optional(map(string), {})<br> extra_iam_policies = optional(list(string), [])<br> extra_execution_iam_policies = optional(list(string), [])<br> extra_secrets = optional(map(string), {})<br> security_groups = optional(list(string), null)<br> security_group_name = optional(string, "fleet")<br> iam_role_arn = optional(string, null)<br> service = optional(object({<br> name = optional(string, "fleet")<br> }), {<br> name = "fleet"<br> })<br> database = object({<br> password_secret_arn = string<br> user = string<br> database = string<br> address = string<br> rr_address = optional(string, null)<br> })<br> redis = object({<br> address = string<br> use_tls = optional(bool, true)<br> })<br> awslogs = optional(object({<br> name = optional(string, null)<br> region = optional(string, null)<br> create = optional(bool, true)<br> prefix = optional(string, "fleet")<br> retention = optional(number, 5)<br> }), {<br> name = null<br> region = null<br> prefix = "fleet"<br> retention = 5<br> })<br> loadbalancer = object({<br> arn = string<br> })<br> networking = object({<br> subnets = list(string)<br> security_groups = optional(list(string), null)<br> })<br> autoscaling = optional(object({<br> max_capacity = optional(number, 5)<br> min_capacity = optional(number, 1)<br> memory_tracking_target_value = optional(number, 80)<br> cpu_tracking_target_value = optional(number, 80)<br> }), {<br> max_capacity = 5<br> min_capacity = 1<br> memory_tracking_target_value = 80<br> cpu_tracking_target_value = 80<br> })<br> iam = optional(object({<br> role = optional(object({<br> name = optional(string, "fleet-role")<br> policy_name = optional(string, "fleet-iam-policy")<br> }), {<br> name = "fleet-role"<br> policy_name = "fleet-iam-policy"<br> })<br> execution = optional(object({<br> name = optional(string, "fleet-execution-role")<br> policy_name = optional(string, "fleet-execution-role")<br> }), {<br> name = "fleet-execution-role"<br> policy_name = "fleet-iam-policy-execution"<br> })<br> }), {<br> name = "fleetdm-execution-role"<br> })<br> })</pre> | <pre>{<br> "autoscaling": {<br> "cpu_tracking_target_value": 80,<br> "max_capacity": 5,<br> "memory_tracking_target_value": 80,<br> "min_capacity": 1<br> },<br> "awslogs": {<br> "create": true,<br> "name": null,<br> "prefix": "fleet",<br> "region": null,<br> "retention": 5<br> },<br> "cpu": 256,<br> "database": {<br> "address": null,<br> "database": null,<br> "password_secret_arn": null,<br> "rr_address": null,<br> "user": null<br> },<br> "depends_on": [],<br> "extra_environment_variables": {},<br> "extra_execution_iam_policies": [],<br> "extra_iam_policies": [],<br> "extra_secrets": {},<br> "family": "fleet",<br> "iam": {<br> "execution": {<br> "name": "fleet-execution-role",<br> "policy_name": "fleet-iam-policy-execution"<br> },<br> "role": {<br> "name": "fleet-role",<br> "policy_name": "fleet-iam-policy"<br> }<br> },<br> "iam_role_arn": null,<br> "image": "fleetdm/fleet:v4.31.1",<br> "loadbalancer": {<br> "arn": null<br> },<br> "mem": 512,<br> "mount_points": [],<br> "networking": {<br> "security_groups": null,<br> "subnets": null<br> },<br> "redis": {<br> "address": null,<br> "use_tls": true<br> },<br> "security_group_name": "fleet",<br> "security_groups": null,<br> "service": {<br> "name": "fleet"<br> },<br> "sidecars": [],<br> "volumes": []<br>}</pre> | no |
| <a name="input_migration_config"></a> [migration\_config](#input\_migration\_config) | The configuration object for Fleet's migration task. | <pre>object({<br> mem = number<br> cpu = number<br> })</pre> | <pre>{<br> "cpu": 1024,<br> "mem": 2048<br>}</pre> | no |
| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | n/a | `string` | `null` | no |
## Outputs

2
terraform/byo-vpc/byo-db/byo-ecs/variables.tf
View File

@ -13,7 +13,7 @@ variable "fleet_config" {
type = object({
mem = optional(number, 4096)
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.31.1")
image = optional(string, "fleetdm/fleet:v4.36.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])

4
terraform/byo-vpc/byo-db/main.tf
View File

@ -53,7 +53,7 @@ module "alb" {
}
}
]
# Require TLS 1.2 as earlier versions are insecure
listener_ssl_policy_default = "ELBSecurityPolicy-TLS-1-2-2017-01"
@ -66,6 +66,8 @@ module "alb" {
}
]
https_listener_rules = var.alb_config.https_listener_rules
http_tcp_listeners = [
{
port = 80

53
terraform/byo-vpc/byo-db/variables.tf
View File

@ -4,14 +4,35 @@ variable "vpc_id" {
variable "ecs_cluster" {
type = object({
autoscaling_capacity_providers = any
cluster_configuration = any
cluster_name = string
cluster_settings = map(string)
create = bool
default_capacity_provider_use_fargate = bool
fargate_capacity_providers = any
tags = map(string)
autoscaling_capacity_providers = optional(any, {})
cluster_configuration = optional(any, {
execute_command_configuration = {
logging = "OVERRIDE"
log_configuration = {
cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
}
}
})
cluster_name = optional(string, "fleet")
cluster_settings = optional(map(string), {
"name" : "containerInsights",
"value" : "enabled",
})
create = optional(bool, true)
default_capacity_provider_use_fargate = optional(bool, true)
fargate_capacity_providers = optional(any, {
FARGATE = {
default_capacity_provider_strategy = {
weight = 100
}
}
FARGATE_SPOT = {
default_capacity_provider_strategy = {
weight = 0
}
}
})
tags = optional(map(string))
})
default = {
autoscaling_capacity_providers = {}
@ -48,11 +69,12 @@ variable "ecs_cluster" {
nullable = false
}
variable "fleet_config" {
type = object({
mem = optional(number, 4096)
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.31.1")
image = optional(string, "fleetdm/fleet:v4.36.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@ -224,11 +246,12 @@ variable "migration_config" {
variable "alb_config" {
type = object({
name = optional(string, "fleet")
subnets = list(string)
security_groups = optional(list(string), [])
access_logs = optional(map(string), {})
certificate_arn = string
allowed_cidrs = optional(list(string), ["0.0.0.0/0"])
name = optional(string, "fleet")
subnets = list(string)
security_groups = optional(list(string), [])
access_logs = optional(map(string), {})
certificate_arn = string
allowed_cidrs = optional(list(string), ["0.0.0.0/0"])
https_listener_rules = optional(any, [])
})
}

158
terraform/byo-vpc/example/main.tf Normal file
View File

@ -0,0 +1,158 @@
terraform {
required_version = ">= 1.3.8"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
provider "aws" {
default_tags {
tags = {
Example = "This is a demo of the Fleet terraform module"
}
}
}
locals {
fleet_image = "fleetdm/fleet:v4.36.0"
}
resource "random_pet" "main" {}
module "acm" {
source = "terraform-aws-modules/acm/aws"
version = "4.3.1"
domain_name = "${random_pet.main.id}.loadtest.g.fleetdm.com"
zone_id = data.aws_route53_zone.main.id
wait_for_validation = true
}
resource "aws_route53_record" "main" {
zone_id = data.aws_route53_zone.main.id
name = "${random_pet.main.id}.loadtest.g.fleetdm.com"
type = "A"
alias {
name = module.byo-vpc.byo-db.alb.lb_dns_name
zone_id = module.byo-vpc.byo-db.alb.lb_zone_id
evaluate_target_health = true
}
}
data "aws_route53_zone" "main" {
name = "loadtest.g.fleetdm.com."
private_zone = false
}
module "firehose-logging" {
source = "github.com/fleetdm/fleet//terraform/addons/logging-destination-firehose?ref=tf-mod-addon-logging-destination-firehose-v1.0.0"
osquery_results_s3_bucket = {
name = "${random_pet.main.id}-results"
}
osquery_status_s3_bucket = {
name = "${random_pet.main.id}-status"
}
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.18.1"
name = random_pet.main.id
cidr = "10.10.0.0/16"
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.10.1.0/24", "10.10.2.0/24", "10.10.3.0/24"]
public_subnets = ["10.10.11.0/24", "10.10.12.0/24", "10.10.13.0/24"]
database_subnets = ["10.10.21.0/24", "10.10.22.0/24", "10.10.23.0/24"]
elasticache_subnets = ["10.10.31.0/24", "10.10.32.0/24", "10.10.33.0/24"]
create_database_subnet_group = false
create_database_subnet_route_table = true
create_elasticache_subnet_group = true
create_elasticache_subnet_route_table = true
enable_vpn_gateway = false
one_nat_gateway_per_az = false
single_nat_gateway = true
enable_nat_gateway = true
enable_flow_log = false
create_flow_log_cloudwatch_log_group = false
create_flow_log_cloudwatch_iam_role = false
flow_log_max_aggregation_interval = null
flow_log_cloudwatch_log_group_name_prefix = null
flow_log_cloudwatch_log_group_name_suffix = null
vpc_flow_log_tags = {}
enable_dns_hostnames = false
enable_dns_support = true
}
module "byo-vpc" {
source = "github.com/fleetdm/fleet//terraform/byo-vpc?ref=tf-mod-byo-vpc-v1.4.0"
vpc_config = {
vpc_id = module.vpc.vpc_id
networking = {
subnets = module.vpc.private_subnets
}
}
rds_config = {
name = random_pet.main.id
instance_class = "db.t4g.large"
subnets = module.vpc.database_subnets
}
redis_config = {
instance_size = "cache.m6g.large"
subnets = module.vpc.elasticache_subnets
elasticache_subnet_group_name = module.vpc.elasticache_subnet_group_name
availability_zones = module.vpc.azs
}
alb_config = {
subnets = module.vpc.public_subnets
certificate_arn = module.acm.acm_certificate_arn
https_listener_rules = [{
https_listener_index = 0
actions = [{
type = "fixed-response"
content_type = "text/plain"
status_code = "200"
message_body = "This message is delivered instead of Fleet."
}]
conditions = [{
http_headers = [{
http_header_name = "X-Fixed-Response"
values = ["yes", "true"]
}]
}]
}]
}
ecs_cluster = {
cluster_name = random_pet.main.id
}
fleet_config = {
image = local.fleet_image
cpu = 512
autoscaling = {
min_capacity = 2
max_capacity = 5
}
extra_secrets = {
// FLEET_LICENSE_KEY: "secret_manager_license_key_arn"
}
extra_environment_variables = module.firehose-logging.fleet_extra_environment_variables
extra_iam_policies = module.firehose-logging.fleet_extra_iam_policies
}
}
module "migrations" {
source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v1.0.0"
ecs_cluster = module.byo-vpc.byo-db.byo-ecs.service.cluster
task_definition = module.byo-vpc.byo-db.byo-ecs.task_definition.family
task_definition_revision = module.byo-vpc.byo-db.byo-ecs.task_definition.revision
subnets = module.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets
security_groups = module.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups
}

60
terraform/byo-vpc/variables.tf
View File

@ -52,10 +52,10 @@ variable "redis_config" {
type = object({
name = optional(string, "fleet")
replication_group_id = optional(string)
elasticache_subnet_group_name = optional(string)
elasticache_subnet_group_name = optional(string, "")
allowed_security_group_ids = optional(list(string), [])
subnets = list(string)
availability_zones = list(string)
availability_zones = optional(list(string), [])
cluster_size = optional(number, 3)
instance_type = optional(string, "cache.m5.large")
apply_immediately = optional(bool, true)
@ -74,10 +74,10 @@ variable "redis_config" {
default = {
name = "fleet"
replication_group_id = null
elasticache_subnet_group_name = null
elasticache_subnet_group_name = ""
allowed_security_group_ids = []
subnets = null
availability_zones = null
availability_zones = []
cluster_size = 3
instance_type = "cache.m5.large"
apply_immediately = true
@ -94,14 +94,35 @@ variable "redis_config" {
variable "ecs_cluster" {
type = object({
autoscaling_capacity_providers = any
cluster_configuration = any
cluster_name = string
cluster_settings = map(string)
create = bool
default_capacity_provider_use_fargate = bool
fargate_capacity_providers = any
tags = map(string)
autoscaling_capacity_providers = optional(any, {})
cluster_configuration = optional(any, {
execute_command_configuration = {
logging = "OVERRIDE"
log_configuration = {
cloud_watch_log_group_name = "/aws/ecs/aws-ec2"
}
}
})
cluster_name = optional(string, "fleet")
cluster_settings = optional(map(string), {
"name" : "containerInsights",
"value" : "enabled",
})
create = optional(bool, true)
default_capacity_provider_use_fargate = optional(bool, true)
fargate_capacity_providers = optional(any, {
FARGATE = {
default_capacity_provider_strategy = {
weight = 100
}
}
FARGATE_SPOT = {
default_capacity_provider_strategy = {
weight = 0
}
}
})
tags = optional(map(string))
})
default = {
autoscaling_capacity_providers = {}
@ -142,7 +163,7 @@ variable "fleet_config" {
type = object({
mem = optional(number, 4096)
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.31.1")
image = optional(string, "fleetdm/fleet:v4.36.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@ -314,11 +335,12 @@ variable "migration_config" {
variable "alb_config" {
type = object({
name = optional(string, "fleet")
subnets = list(string)
security_groups = optional(list(string), [])
access_logs = optional(map(string), {})
certificate_arn = string
allowed_cidrs = optional(list(string), ["0.0.0.0/0"])
name = optional(string, "fleet")
subnets = list(string)
security_groups = optional(list(string), [])
access_logs = optional(map(string), {})
certificate_arn = string
allowed_cidrs = optional(list(string), ["0.0.0.0/0"])
https_listener_rules = optional(any, [])
})
}

2
terraform/example/main.tf
View File

@ -73,7 +73,7 @@ module "vulnprocessing" {
ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.cluster.cluster_arn
vpc_id = module.main.vpc.vpc_id
fleet_config = {
image = "fleetdm/fleet:v4.31.1"
image = "fleetdm/fleet:v4.36.0"
database = {
password_secret_arn = module.main.byo-vpc.secrets.secret_arns["${var.rds_config.name}-database-password"]
user = module.main.byo-vpc.rds.db_instance_username

11
terraform/variables.tf
View File

@ -215,7 +215,7 @@ variable "fleet_config" {
type = object({
mem = optional(number, 4096)
cpu = optional(number, 512)
image = optional(string, "fleetdm/fleet:v4.31.1")
image = optional(string, "fleetdm/fleet:v4.36.0")
family = optional(string, "fleet")
sidecars = optional(list(any), [])
depends_on = optional(list(any), [])
@ -387,10 +387,11 @@ variable "migration_config" {
variable "alb_config" {
type = object({
name = optional(string, "fleet")
security_groups = optional(list(string), [])
access_logs = optional(map(string), {})
allowed_cidrs = optional(list(string), ["0.0.0.0/0"])
name = optional(string, "fleet")
security_groups = optional(list(string), [])
access_logs = optional(map(string), {})
allowed_cidrs = optional(list(string), ["0.0.0.0/0"])
https_listener_rules = optional(any, [])
})
default = {}
}