Auto Scaling Group (ASG)
Deploy an AMI across an Auto Scaling Group (ASG), with support for zero-downtime, rolling deployment, load balancing, health checks, service discovery, and auto scaling.
View on GitHubReference
- Inputs
- Outputs
alarm_sns_topic_arns_us_east_1— A list of SNS topic ARNs to notify when the health check changes to ALARM, OK, orINSUFFICIENT_DATAstate. Note: these SNS topics MUST be in us-east-1! This is because Route 53 only sends CloudWatch metrics to us-east-1, so we must create the alarm in that region, and therefore, can only notify SNS topics in that region.
alarms_sns_topic_arn— The ARNs of SNS topics where CloudWatch alarms (e.g., for CPU, memory, and disk space usage) should send notifications. Also used for the alarms if the Jenkins backup job fails.
allow_inbound_from_cidr_blocks— The CIDR blocks from which to allow access to the ports inserver_ports
allow_inbound_from_security_group_ids— The security group IDs from which to allow access to the ports inserver_ports
allow_ssh_from_cidr_blocks— The CIDR blocks from which to allow SSH access
allow_ssh_security_group_ids— The security group IDs from which to allow SSH access
ami— The ID of the AMI to run on each instance in the ASG. The AMI needs to haveec2-baselineinstalled, since by default it will run `start_ec2_baseline` on the User Data.
ami_filters— Properties on the AMI that can be used to lookup a prebuilt AMI for use with the Bastion Host. You can build the AMI using the Packer template bastion-host.json. Only used if var.ami is null. One of var.ami orami_filtersis required. Set to null if passing the ami ID directly.
cloud_init_parts— Cloud init scripts to run on the ASG instances during boot. See the part blocks inhttps://www.terraform.io/docs/providers/template/d/cloudinit_config.html for syntax
create_route53_entry— Set to true to create a DNS A record in Route 53 for this service.
custom_tags— A list of custom tags to apply to the EC2 Instances in this ASG. Each item in this list should be a map with the parameters key, value, andpropagate_at_launch.
default_forward_target_group_arns— The ARN of the Target Group to which to route traffic.
default_user— The default OS user for the service AMI. For example, for AWS Ubuntu AMIs, the default OS user is 'ubuntu'.
desired_capacity— The desired number of EC2 Instances to run in the ASG initially. Note that auto scaling policies may change this value. If you're using auto scaling policies to dynamically resize the cluster, you should actually leave this value as null.
domain_name— The domain name to register inhosted_zone_id(e.g. foo.example.com). Only used ifcreate_route53_entryis true.
enable_cloudwatch_alarms— Set to true to enable several basic CloudWatch alarms around CPU usage, memory usage, and disk space usage. If set to true, make sure to specify SNS topics to send notifications to usingalarms_sns_topic_arn.
enable_cloudwatch_log_aggregation— Set to true to add AIM permissions to send logs to CloudWatch. This is useful in combination with https://github.com/gruntwork-io/terraform-aws-monitoring/tree/master/modules/logs/cloudwatch-log-aggregation-scripts to do log aggregation in CloudWatch.
enable_cloudwatch_metrics— Set to true to add IAM permissions to send custom metrics to CloudWatch. This is useful in combination with https://github.com/gruntwork-io/terraform-aws-monitoring/tree/master/modules/agents/cloudwatch-agent to get memory and disk metrics in CloudWatch for your Auto Scaling Group
enable_fail2ban— Enable fail2ban to block brute force log in attempts. Defaults to true
enable_ip_lockdown— Enable ip-lockdown to block access to the instance metadata. Defaults to true
enable_route53_health_check— If set to true, use Route 53 to perform health checks ondomain_name.
enabled_metrics— A list of metrics the ASG should enable for monitoring all instances in a group. The allowed values are GroupMinSize, GroupMaxSize, GroupDesiredCapacity, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupTerminatingInstances, GroupTotalInstances.
external_account_ssh_grunt_role_arn— Since our IAM users are defined in a separate AWS account, this variable is used to specify the ARN of an IAM role that allows ssh-grunt to retrieve IAM group and public SSH key info from that account.
fixed_response_listener_rules— Listener rules for a fixed-response action. See comments below for information about the parameters.
forward_listener_rules— Listener rules for a forward action that distributes requests among one or more target groups. By default, sends traffic to the target groups created for the ports inserver_ports. See comments below for information about the parameters.
health_check_grace_period— Time, in seconds, after an EC2 Instance comes into service before checking health.
hosted_zone_id— The ID of the Route 53 Hosted Zone in which to create a DNS A record for the Auto Scaling Group. Optional ifcreate_route53_entry= false.
iam_policy— An object defining the policy to attach to `iam_role_nameif the IAM role is going to be created. Accepts a map of objects, where the map keys are sids for IAM policy statements, and the object fields are the resources, actions, and the effect ("Allow" or "Deny") of the statement. Ignored if [``iam_role_arn](#iam_role_arn)is provided. Leave as null if you do not wish to use IAM role with Service Accounts.
instance_type— The type of instance to run in the ASG (e.g. t3.medium)
key_pair_name— The name of a Key Pair that can be used to SSH to the EC2 Instances in the ASG. Set to null if you don't want to enable Key Pair auth.
lb_hosted_zone_id— The ID of the Route 53 Hosted Zone in which to create a DNS A record for the Auto Scaling Group. Optional ifcreate_route53_entry= false.
listener_arns— A map of all the listeners on the load balancer. The keys should be the port numbers and the values should be the ARN of the listener for that port.
listener_ports— The ports the ALB listens on for requests
load_balancers— A list of Elastic Load Balancer (ELB) names to associate with this ASG. If you're using the Application Load Balancer (ALB), seetarget_group_arns.
max_size— The maximum number of EC2 Instances to run in this ASG
metadata_users— List of users on the ASG EC2 instances that should be permitted access to the EC2 metadata.
min_elb_capacity— Wait for this number of EC2 Instances to show up healthy in the load balancer on creation.
min_size— The minimum number of EC2 Instances to run in this ASG
name— The name for the ASG and all other resources created by these templates.
original_lb_dns_name— The DNS name that was assigned by AWS to the load balancer upon creation
redirect_listener_rules— Listener rules for a redirect action. See comments below for information about the parameters.
secrets_access— A list of ARNs of Secrets Manager secrets that the task should have permissions to read. The IAM role for the task will be grantedsecretsmanager:GetSecretValuefor each secret in the list. The ARN can be either the complete ARN, including the randomly generated suffix, or the ARN without the suffix. If the latter, the module will look up the full ARN automatically. This is helpful in cases where you don't yet know the randomly generated suffix because the rest of the ARN is a predictable value.
server_ports— The ports the EC2 instances listen on for requests. A Target Group will be created for each port and any rules specified inforward_ruleswill forward traffic to these Target Groups.
ssh_grunt_iam_group— If you are using ssh-grunt, this is the name of the IAM group from which users will be allowed to SSH to the instances. To omit this variable, set it to an empty string (do NOT use null, or Terraform will complain).
ssh_grunt_iam_group_sudo— If you are using ssh-grunt, this is the name of the IAM group from which users will be allowed to SSH to the instances with sudo permissions. To omit this variable, set it to an empty string (do NOT use null, or Terraform will complain).
ssh_port— The port at which SSH will be allowed fromallow_ssh_from_cidr_blocksandallow_ssh_security_group_ids
subnet_ids— The list of IDs of the subnets in which to deploy ASG. The list must only contain subnets invpc_id.
tag_asg_id_key— The key for the tag that will be used to associate a unique identifier with this ASG. This identifier will persist between redeploys of the ASG, even though the underlying ASG is being deleted and replaced with a different one.
termination_policies— A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, Default.
use_elb_health_checks— Whether or not ELB or ALB health checks should be enabled. If set to true, theload_balancersortarget_groups_arnsvariable should be set depending on the load balancer type you are using. Useful for testing connectivity before health check endpoints are available.
vpc_id— The ID of the VPC in which to deploy the Auto Scaling Group
wait_for_capacity_timeout— A maximum duration that Terraform should wait for the EC2 Instances to be healthy before timing out.
asg_name— The name of the auto scaling group.
asg_unique_id— A unique ID common to all ASGs used forget_desired_capacityon new deploys.
fully_qualified_domain_name— The Fully Qualified Domain Name built using the zone domain and name.
launch_configuration_id— The ID of the launch configuration used for the ASG.
launch_configuration_name— The name of the launch configuration used for the ASG.
lb_listener_rule_fixed_response_arns— The ARNs of the rules of type fixed-response. The key is the same key of the rule from the `fixed_response_rules` variable.
lb_listener_rule_forward_arns— The ARNs of the rules of type forward. The key is the same key of the rule from the `forward_rules` variable.
lb_listener_rule_redirect_arns— The ARNs of the rules of type redirect. The key is the same key of the rule from the `redirect_rules` variable.
security_group_id— The ID of the Security Group that belongs to the ASG.