Skip to content

Terraform Module Docs

Perforce Helix Authentication Service Module

Requirements

Name Version
terraform >= 1.0
aws 5.68.0
awscc 1.15.0
random 3.6.3

Providers

Name Version
aws 5.59.0
awscc 1.6.0
random 3.6.2

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.helix_authentication_service_log_group resource
aws_ecs_cluster.helix_authentication_service_cluster resource
aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers resource
aws_ecs_service.helix_authentication_service resource
aws_ecs_task_definition.helix_authentication_service_task_definition resource
aws_iam_policy.helix_authentication_service_default_policy resource
aws_iam_policy.helix_authentication_service_secrets_manager_policy resource
aws_iam_role.helix_authentication_service_default_role resource
aws_iam_role.helix_authentication_service_task_execution_role resource
aws_lb.helix_authentication_service_alb resource
aws_lb_listener.helix_authentication_service_alb_https_listener resource
aws_lb_target_group.helix_authentication_service_alb_target_group resource
aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket resource
aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration resource
aws_s3_bucket_policy.alb_access_logs_bucket_policy resource
aws_s3_bucket_public_access_block.access_logs_bucket_public_block resource
aws_security_group.helix_authentication_service_alb_sg resource
aws_security_group.helix_authentication_service_sg resource
aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service resource
aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4 resource
aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6 resource
aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb resource
awscc_secretsmanager_secret.helix_authentication_service_admin_password resource
awscc_secretsmanager_secret.helix_authentication_service_admin_username resource
random_string.helix_authentication_service resource
random_string.helix_authentication_service_alb_access_logs_bucket_suffix resource
aws_ecs_cluster.helix_authentication_service_cluster data source
aws_elb_service_account.main data source
aws_iam_policy_document.access_logs_bucket_alb_write data source
aws_iam_policy_document.ecs_tasks_trust_relationship data source
aws_iam_policy_document.helix_authentication_service_default_policy data source
aws_iam_policy_document.helix_authentication_service_secrets_manager_policy data source
aws_region.current data source

Inputs

Name Description Type Default Required
certificate_arn The TLS certificate ARN for the Helix Authentication Service load balancer. string n/a yes
cluster_name The name of the cluster to deploy the Helix Authentication Service into. Defaults to null and a cluster will be created. string null no
container_cpu The CPU allotment for the Helix Authentication Service container. number 1024 no
container_memory The memory allotment for the Helix Authentication Service container. number 4096 no
container_name The name of the Helix Authentication Service container. string "helix-auth-container" no
container_port The container port that Helix Authentication Service runs on. number 3000 no
create_helix_authentication_service_default_policy Optional creation of Helix Authentication Service default IAM Policy. Default is set to true. bool true no
create_helix_authentication_service_default_role Optional creation of Helix Authentication Service default IAM Role. Default is set to true. bool true no
custom_helix_authentication_service_role ARN of the custom IAM Role you wish to use with Helix Authentication Service. string null no
debug Set this flag to enable execute command on service containers and force redeploys. bool false no
desired_container_count The desired number of containers running the Helix Authentication Service. number 1 no
enable_helix_authentication_service_alb_access_logs Enables access logging for the Helix Authentication Service ALB. Defaults to true. bool true no
enable_helix_authentication_service_alb_deletion_protection Enables deletion protection for the Helix Authentication Service ALB. Defaults to true. bool true no
enable_web_based_administration Flag for enabling web based administration of Helix Authentication Service. bool false no
environment The current environment (e.g. dev, prod, etc.) string "dev" no
existing_security_groups A list of existing security group IDs to attach to the Helix Authentication Service load balancer. list(string) [] no
fully_qualified_domain_name The fully qualified domain name where Helix Authentication Service will be available. string "localhost" no
helix_authentication_service_admin_password_secret_arn Optionally provide the ARN of an AWS Secret for the Helix Authentication Service Administrator password. string null no
helix_authentication_service_admin_username_secret_arn Optionally provide the ARN of an AWS Secret for the Helix Authentication Service Administrator username. string null no
helix_authentication_service_alb_access_logs_bucket ID of the S3 bucket for Helix Authentication Service ALB access log storage. If access logging is enabled and this is null the module creates a bucket. string null no
helix_authentication_service_alb_access_logs_prefix Log prefix for Helix Authentication Service ALB access logs. If null the project prefix and module name are used. string null no
helix_authentication_service_alb_subnets A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended. list(string) n/a yes
helix_authentication_service_cloudwatch_log_retention_in_days The log retention in days of the cloudwatch log group for Helix Authentication Service. string 365 no
helix_authentication_service_subnets A list of subnets to deploy the Helix Authentication Service into. Private subnets are recommended. list(string) n/a yes
internal Set this flag to true if you do not want the Helix Authentication Service load balancer to have a public IP. bool false no
name The name attached to Helix Authentication Service module resources. string "helix-auth-svc" no
project_prefix The project prefix for this workload. This is appeneded to the beginning of most resource names. string "cgd" no
tags Tags to apply to resources. map(any) 
{
  "IAC_MANAGEMENT": "CGD-Toolkit",
  "IAC_MODULE": "helix-authentication-service",
  "IAC_PROVIDER": "Terraform"
}
 no
vpc_id The ID of the existing VPC you would like to deploy Helix Authentication Service into. string n/a yes

Outputs

Name Description
alb_dns_name The DNS name of the Helix Authentication Service ALB
alb_security_group_id Security group associated with the Helix Authentication Service load balancer
alb_zone_id The hosted zone ID of the Helix Authentication Service ALB
cluster_name Name of the ECS cluster hosting helix_authentication_service
service_security_group_id Security group associated with the ECS service running Helix Authentication Service