This Terraform module deploys a SonarQube community server on AWS. Based on official Sonarqube Docker image https://hub.docker.com/_/sonarqube.
Check valid versions on:
- Github Releases: https://github.com/cn-terraform/terraform-aws-sonarqube/releases
- Terraform Module Registry: https://registry.terraform.io/modules/cn-terraform/sonarqube/aws
Pleas run this command right after cloning the repository.
pre-commit install
For that you may need to install the following tools:
In order to run all checks at any point run the following command:
pre-commit run --all-files
Name | Version |
---|---|
terraform | >= 0.13 |
aws | >= 4 |
random | >= 3 |
Name | Version |
---|---|
aws | >= 4 |
random | >= 3 |
Name | Source | Version |
---|---|---|
acm | terraform-aws-modules/acm/aws | ~> 4.0 |
aws_cw_logs | cn-terraform/cloudwatch-logs/aws | 1.0.12 |
ecs_fargate | cn-terraform/ecs-fargate/aws | 2.0.52 |
Name | Type |
---|---|
aws_db_subnet_group.aurora_db_subnet_group | resource |
aws_kms_key.encryption_key | resource |
aws_rds_cluster.aurora_db | resource |
aws_rds_cluster_instance.aurora_db_cluster_instances | resource |
aws_route53_record.record_dns | resource |
aws_security_group.aurora_sg | resource |
random_password.master_password | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
block_s3_bucket_public_access | (Optional) If true, public access to the S3 bucket will be blocked. | bool |
true |
no |
container_cpu | (Optional) The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value | number |
4096 |
no |
container_memory | (Optional) The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value | number |
8192 |
no |
container_memory_reservation | (Optional) The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit | number |
4096 |
no |
create_kms_key | If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable log_group_kms_key_id |
bool |
false |
no |
custom_lb_arn | ARN of the Load Balancer to use in the ECS service. If provided, this module will not create a load balancer and will use the one provided in this variable | string |
null |
no |
db_backup_retention_period | The days to retain backups for. Default 3 | number |
3 |
no |
db_deletion_protection | If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false. | bool |
false |
no |
db_engine_version | DB engine version | string |
"14.4" |
no |
db_instance_number | Number of instance deployed on Aurora. By default, number of subnet in private_subnets_ids | number |
null |
no |
db_instance_size | DB instance size | string |
"db.r4.large" |
no |
db_name | Default DB name | string |
"sonar" |
no |
db_password | DB password | string |
"" |
no |
db_username | Default DB username | string |
"sonar" |
no |
default_certificate_arn | ACM certificate ARN if you plan to manage it yourself | string |
"" |
no |
deployment_circuit_breaker_enabled | (Optional) You can enable the deployment circuit breaker to cause a service deployment to transition to a failed state if tasks are persistently failing to reach RUNNING state or are failing healthcheck. | bool |
false |
no |
deployment_circuit_breaker_rollback | (Optional) The optional rollback option causes Amazon ECS to roll back to the last completed deployment upon a deployment failure. | bool |
false |
no |
dns_zone_id | Route 53 zone id | string |
"" |
no |
enable_autoscaling | Enable auto scaling for datacenter edition | bool |
false |
no |
enable_s3_bucket_server_side_encryption | (Optional) If true, server side encryption will be applied. | bool |
true |
no |
enable_s3_logs | (Optional) If true, all resources to send LB logs to S3 will be created | bool |
true |
no |
enable_ssl | Enable SSL | bool |
true |
no |
ephemeral_storage_size | The number of GBs to provision for ephemeral storage on Fargate tasks. Must be greater than or equal to 21 and less than or equal to 200 | number |
0 |
no |
https_record_domain_name | Route 53 domain name | string |
"" |
no |
https_record_name | Route 53 dns name | string |
"" |
no |
lb_enable_cross_zone_load_balancing | Enable cross zone support for LB | string |
"true" |
no |
lb_http_ports | Map containing objects to define listeners behaviour based on type field. If type field is forward , include listener_port and the target_group_port. For redirect type, include listener port, host, path, port, protocol, query and status_code. For fixed-response , include listener_port, content_type, message_body and status_code |
map(any) |
{} |
no |
lb_https_ports | Map containing objects to define listeners behaviour based on type field. If type field is forward , include listener_port and the target_group_port. For redirect type, include listener port, host, path, port, protocol, query and status_code. For fixed-response , include listener_port, content_type, message_body and status_code |
map(any) |
{ |
no |
lb_waf_web_acl_arn | ARN of a WAFV2 to associate with the ALB | string |
"" |
no |
log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested. | string |
null |
no |
log_group_retention_in_days | (Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days. | number |
30 |
no |
mount_points | Container mount points. This is a list of maps, where each map should contain a containerPath and sourceVolume . The readOnly key is optional. |
list(any) |
[] |
no |
name_prefix | Name prefix for resources on AWS | string |
n/a | yes |
permissions_boundary | (Optional) The ARN of the policy that is used to set the permissions boundary for the ecs_task_execution_role role. |
string |
null |
no |
private_subnets_ids | List of Private Subnets IDs | list(string) |
n/a | yes |
public_subnets_ids | List of Public Subnets IDs | list(string) |
n/a | yes |
region | AWS Region the infrastructure is hosted in | string |
n/a | yes |
s3_bucket_server_side_encryption_key | (Optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms. | string |
null |
no |
s3_bucket_server_side_encryption_sse_algorithm | (Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms | string |
"AES256" |
no |
sonarqube_image | Sonarqube image | string |
"sonarqube:lts" |
no |
tags | Resource tags | map(string) |
{} |
no |
volumes | (Optional) A set of volume blocks that containers in your task may use | list(object({ |
[] |
no |
vpc_id | ID of the VPC | string |
n/a | yes |
Name | Description |
---|---|
ecs_tasks_sg_id | SonarQube ECS Tasks Security Group - The ID of the security group |
sonar_lb_arn | SonarQube Load Balancer ARN |
sonar_lb_arn_suffix | SonarQube Load Balancer ARN Suffix |
sonar_lb_dns_name | SonarQube Load Balancer DNS Name |
sonar_lb_id | SonarQube Load Balancer ID |
sonar_lb_zone_id | SonarQube Load Balancer Zone ID |