forked from tryretool/terraform-retool-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
107 lines (96 loc) · 3.01 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
data "aws_ssm_parameter" "retool_license_key" {
name = "/overwatch/${local.stage}/RETOOL_LICENSE_KEY"
}
data "aws_ssm_parameter" "magement_api_key" {
name = "/unify/${terraform.workspace == "production" ? "prod" : "staging"}/API_GATEWAY_API_KEY"
}
module "retool" {
source = "./modules/aws_ecs_fargate"
providers = {
aws = aws
aws.us_east_1 = aws.us_east_1
}
deployment_name = "overwatch"
aws_region = "eu-central-1"
vpc_id = module.platform_network.vpc_id
vpc_cidr_block = module.platform_network.vpc_cidr_block
private_subnet_ids = [for subnet in module.platform_network.main_private_subnets : subnet.id]
public_subnet_ids = [for subnet in module.platform_network.main_public_subnets : subnet.id]
# ssh_key_pair = "<your-key-pair>"
ecs_retool_image = "tryretool/backend:3.24.6"
domain_name = local.domain_name
retool_license_key = data.aws_ssm_parameter.retool_license_key.arn
log_retention_in_days = 7
management_api_key = data.aws_ssm_parameter.magement_api_key.arn
environment = local.environment
stage = local.stage
# ecs_insights_enabled = true
additional_env_vars = [{
name = "DOMAINS",
value = "overwatch.${local.domain_name}"
}, {
name = "BASE_DOMAIN",
value = "https://overwatch.${local.domain_name}"
}, {
name = "DISABLE_INTERCOM",
value = "true"
}, {
name = "DISABLE_USER_PASS_LOGIN",
value = "true"
}, {
name = "RESTRICTED_DOMAIN",
value = "apideck.com"
}, {
name = "HIDE_PROD_AND_STAGING_TOGGLES",
value = "true"
}, {
name = "DISABLE_GIT_SYNCING"
value = "true"
}, {
name = "TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY"
value = "true"
}, {
name = "CUSTOM_OAUTH2_SSO_CLIENT_ID"
value = var.client_id
}, {
name = "CUSTOM_OAUTH2_SSO_SCOPES"
value = "openid email profile https://www.googleapis.com/auth/userinfo.profile"
}, {
name = "CUSTOM_OAUTH2_SSO_AUTH_URL"
value = "https://accounts.google.com/o/oauth2/v2/auth?access_type=offline&prompt=consent"
}, {
name = "CUSTOM_OAUTH2_SSO_TOKEN_URL"
value = "https://oauth2.googleapis.com/token"
}, {
name = "CUSTOM_OAUTH2_SSO_JWT_EMAIL_KEY"
value = "idToken.email"
}, {
name = "CUSTOM_OAUTH2_SSO_JWT_FIRST_NAME_KEY"
value = "idToken.given_name"
}, {
name = "CUSTOM_OAUTH2_SSO_JWT_LAST_NAME_KEY"
value = "idToken.family_name"
}, {
name = "CUSTOM_OAUTH2_SSO_ACCESS_TOKEN_LIFESPAN_MINUTES"
value = "45"
}, {
name = "DATABASE_MIGRATIONS_TIMEOUT_SECONDS"
value = "900"
}
]
alb_ingress_rules = [{
description = "Global HTTPS inbound"
from_port = "443"
to_port = "443"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}]
}
module "platform_network" {
source = "./modules/platform_network"
prefix = local.prefix
project = local.project
environment = local.environment
stage = local.stage
}