A comprehensive Terraform module for deploying Spacelift Flows on AWS using Amazon EKS. This module provides a complete infrastructure setup with flexible configuration options to accommodate various deployment scenarios.
- Complete Infrastructure Setup: VPC, EKS cluster, RDS database, S3 buckets, and all necessary AWS resources
- Flexible Configuration: Use existing Spacelift Self-Hosted infrastructure or create new resources as needed
- Security Best Practices: KMS encryption, secure networking, IAM roles with least privilege
- Multiple SMTP Options: Support for AWS SES or custom SMTP servers
- SSL/TLS Support: Automatic ACM certificate creation or use existing certificates
- Production Ready: Configurable deletion protection, backup retention, and monitoring support
This module deploys:
- EKS Cluster: Kubernetes cluster for running Spacelift Flows workloads
- VPC & Networking: Private and public subnets across multiple AZs with security groups
- RDS Database: PostgreSQL database for Spacelift Flows data storage
- S3 Buckets: Object storage for flow artifacts and logs
- KMS Encryption: Customer-managed keys for encrypting data at rest
- IAM Roles: Properly scoped service accounts and permissions
module "spacelift_flows" {
source = "github.com/spacelift-io/terraform-aws-eks-spacelift-flows-selfhosted?ref=main"
# Required variables
app_domain = "flows.example.com"
organization_name = "Your Organization"
admin_email = "admin@example.com"
aws_region = "us-east-1"
license_token = "your-spacelift-flows-license-token"
}module "spacelift_flows" {
source = "github.com/spacelift-io/terraform-aws-eks-spacelift-flows-selfhosted?ref=main"
# Required variables
app_domain = "flows.example.com"
organization_name = "Your Organization"
admin_email = "admin@example.com"
aws_region = "us-east-1"
license_token = "your-spacelift-flows-license-token"
# Optional customizations
k8s_namespace = "spacelift-flows"
eks_cluster_version = "1.33"
rds_delete_protection_enabled = false
s3_retain_on_destroy = false
# SMTP configuration (choose one option)
enable_ses = true # Use AWS SES
# OR use custom SMTP
# smtp_host = "smtp.gmail.com"
# smtp_username = "your-email@gmail.com"
# smtp_password = "your-app-password"
# smtp_from_address = "noreply@example.com"
}This repository includes several examples demonstrating different deployment scenarios:
Standard deployment creating all new infrastructure.
Deploy with custom SMTP server instead of AWS SES.
Use an existing ACM certificate instead of creating a new one.
Deploy to an existing EKS cluster without creating new compute resources.
Use existing VPC and networking infrastructure.
Connect to an existing PostgreSQL database.
Deploy using entirely existing Spacelift Self-Hosted AWS infrastructure (VPC, EKS, and database).
- Configure Variables: Create a
terraform.tfvarsfile with your configuration - Initialize: Run
tofu initto initialize the module - Plan: Run
tofu planto review the planned changes - Apply: Run
tofu applyto create the infrastructure - Deploy to Kubernetes: Apply the generated manifests to your cluster
# Initialize and apply infrastructure
tofu init
tofu plan
tofu apply
# Deploy to Kubernetes cluster
kubectl apply -f <(echo "$(tofu output -raw config_secret_manifest)")
kubectl apply -f <(echo "$(tofu output -raw ingress_manifest)")
kubectl apply -f <(echo "$(tofu output -raw agent_pool_secret_manifest)")- OpenTofu >= 1.5.0
- AWS Provider >= 6.0
- Sufficient AWS permissions to create VPC, EKS, RDS, S3, and IAM resources
- kubectl configured for Kubernetes manifest deployment
To release a new version of the module, just create a new release with an appropriate tag in GitHub releases.