Skip to content

cn-terraform/terraform-aws-sonarqube

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SonarQube Terraform Module for AWS

This Terraform module deploys a SonarQube community server on AWS. Based on official Sonarqube Docker image https://hub.docker.com/_/sonarqube.

Usage

Check valid versions on:

Install pre commit hooks.

Pleas run this command right after cloning the repository.

    pre-commit install

For that you may need to install the following tools:

In order to run all checks at any point run the following command:

    pre-commit run --all-files

Requirements

Name Version
terraform >= 0.13
aws >= 4
random >= 3

Providers

Name Version
aws 4.29.0
random 3.4.2

Modules

Name Source Version
acm terraform-aws-modules/acm/aws ~> 4.0
aws_cw_logs cn-terraform/cloudwatch-logs/aws 1.0.12
ecs_fargate cn-terraform/ecs-fargate/aws 2.0.45

Resources

Name Type
aws_db_subnet_group.aurora_db_subnet_group resource
aws_kms_key.encryption_key resource
aws_rds_cluster.aurora_db resource
aws_rds_cluster_instance.aurora_db_cluster_instances resource
aws_route53_record.record_dns resource
aws_security_group.aurora_sg resource
random_password.master_password resource

Inputs

Name Description Type Default Required
block_s3_bucket_public_access (Optional) If true, public access to the S3 bucket will be blocked. bool true no
container_cpu (Optional) The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value number 4096 no
container_memory (Optional) The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value number 8192 no
container_memory_reservation (Optional) The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit number 4096 no
create_kms_key If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable log_group_kms_key_id bool false no
db_backup_retention_period The days to retain backups for. Default 3 number 3 no
db_deletion_protection If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false. bool false no
db_engine_version DB engine version string "14.2" no
db_instance_number Number of instance deployed on Aurora. By default, number of subnet in private_subnets_ids number null no
db_instance_size DB instance size string "db.r4.large" no
db_name Default DB name string "sonar" no
db_password DB password string "" no
db_username Default DB username string "sonar" no
dns_zone_id Route 53 zone id string "" no
enable_autoscaling Enable auto scaling for datacenter edition bool false no
enable_s3_bucket_server_side_encryption (Optional) If true, server side encryption will be applied. bool true no
enable_s3_logs (Optional) If true, all resources to send LB logs to S3 will be created bool true no
enable_ssl Enable SSL bool true no
ephemeral_storage_size The number of GBs to provision for ephemeral storage on Fargate tasks. Must be greater than or equal to 21 and less than or equal to 200 number 0 no
https_record_domain_name Route 53 domain name string "" no
https_record_name Route 53 dns name string "" no
lb_enable_cross_zone_load_balancing Enable cross zone support for LB string "true" no
lb_http_ports Map containing objects to define listeners behaviour based on type field. If type field is forward, include listener_port and the target_group_port. For redirect type, include listener port, host, path, port, protocol, query and status_code. For fixed-response, include listener_port, content_type, message_body and status_code map(any) {} no
lb_https_ports Map containing objects to define listeners behaviour based on type field. If type field is forward, include listener_port and the target_group_port. For redirect type, include listener port, host, path, port, protocol, query and status_code. For fixed-response, include listener_port, content_type, message_body and status_code map(any)
{
"default": {
"listener_port": 443,
"target_group_port": 9000,
"target_group_protocol": "HTTP"
}
}
no
lb_waf_web_acl_arn ARN of a WAFV2 to associate with the ALB string "" no
log_group_kms_key_id The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. string null no
log_group_retention_in_days (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days. number 30 no
mount_points Container mount points. This is a list of maps, where each map should contain a containerPath and sourceVolume. The readOnly key is optional. list(any) [] no
name_prefix Name prefix for resources on AWS string n/a yes
permissions_boundary (Optional) The ARN of the policy that is used to set the permissions boundary for the ecs_task_execution_role role. string null no
private_subnets_ids List of Private Subnets IDs list(string) n/a yes
public_subnets_ids List of Public Subnets IDs list(string) n/a yes
region AWS Region the infrastructure is hosted in string n/a yes
s3_bucket_server_side_encryption_key (Optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms. string null no
s3_bucket_server_side_encryption_sse_algorithm (Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms string "AES256" no
sonarqube_image Sonarqube image string "sonarqube:lts" no
tags Resource tags map(string) {} no
volumes (Optional) A set of volume blocks that containers in your task may use
list(object({
host_path = string
name = string
docker_volume_configuration = list(object({
autoprovision = bool
driver = string
driver_opts = map(string)
labels = map(string)
scope = string
}))
efs_volume_configuration = list(object({
file_system_id = string
root_directory = string
transit_encryption = string
transit_encryption_port = string
authorization_config = list(object({
access_point_id = string
iam = string
}))
}))
}))
[] no
vpc_id ID of the VPC string n/a yes

Outputs

Name Description
ecs_tasks_sg_id SonarQube ECS Tasks Security Group - The ID of the security group
sonar_lb_arn SonarQube Load Balancer ARN
sonar_lb_arn_suffix SonarQube Load Balancer ARN Suffix
sonar_lb_dns_name SonarQube Load Balancer DNS Name
sonar_lb_id SonarQube Load Balancer ID
sonar_lb_zone_id SonarQube Load Balancer Zone ID