Unity Accelerator Module¶

Unity Accelerator is a caching service that speeds up project operations in Unity by storing and sharing asset cache data among team members, significantly reducing build times and asset imports by allowing team members to reuse previously processed assets instead of having to process the same assets independently.

This Unity Accelerator deployment uses an Elastic Container Service cluster for task deployment, with Amazon Elastic File System providing persistent storage for configurations and cache. Access is managed through two load balancers: an Application Load Balancer for secure, password-protected web dashboard access via HTTPS, and a Network Load Balancer for efficient cache-related protobuf traffic.

A Secrets Manager password entry, to be used as the Unity Accelerator's web dashboard password, is required beforehand. Password must be stored as a plaintext secret, not as key/value JSON secret, and the password's ARN must be provided as the value for the unity_accelerator_dashboard_password_arn variable.

Deployment Architecture¶

Unity Accelerator Module Architecture

Examples¶

For example configurations, please see the examples.

Requirements¶

Name	Version
terraform	>= 1.9
aws	5.89.0
awscc	1.34.0
random	3.5.1

Providers¶

Name	Version
aws	5.89.0
awscc	1.48.0
random	3.5.1

Modules¶

No modules.

Resources¶

Name	Type
aws_cloudwatch_log_group.unity_accelerator_log_group	resource
aws_ecs_cluster.unity_accelerator_cluster	resource
aws_ecs_service.unity_accelerator	resource
aws_ecs_task_definition.unity_accelerator_task_definition	resource
aws_efs_access_point.unity_accelerator_efs_data_access_point	resource
aws_efs_file_system.unity_accelerator_efs	resource
aws_efs_mount_target.unity_accelerator_efs_mount_target	resource
aws_iam_policy.cloudwatch_logs_policy	resource
aws_iam_policy.secret_access_policy	resource
aws_iam_policy.unity_accelerator_default_policy	resource
aws_iam_role.unity_accelerator_default_role	resource
aws_iam_role.unity_accelerator_task_execution_role	resource
aws_iam_role_policy_attachment.cloudwatch_logs_policy_attachment	resource
aws_iam_role_policy_attachment.task_execution_role_secret_policy	resource
aws_iam_role_policy_attachment.unity_accelerator_default_policy_attachment	resource
aws_iam_role_policy_attachment.unity_accelerator_task_execution_role_policy_attachment	resource
aws_lb.unity_accelerator_external_alb	resource
aws_lb.unity_accelerator_external_nlb	resource
aws_lb_listener.unity_accelerator_cache_listener	resource
aws_lb_listener.unity_accelerator_https_dashboard_listener	resource
aws_lb_listener.unity_accelerator_https_dashboard_redirect	resource
aws_lb_target_group.unity_accelerator_cache_target_group	resource
aws_lb_target_group.unity_accelerator_dashboard_target_group	resource
aws_s3_bucket.unity_accelerator_lb_access_logs_bucket	resource
aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration	resource
aws_s3_bucket_policy.lb_access_logs_bucket_policy	resource
aws_s3_bucket_public_access_block.access_logs_bucket_public_block	resource
aws_security_group.unity_accelerator_alb_sg	resource
aws_security_group.unity_accelerator_efs_sg	resource
aws_security_group.unity_accelerator_service_sg	resource
aws_security_group.vpc_endpoint_sg	resource
aws_vpc_endpoint.ec2messages_vpce	resource
aws_vpc_endpoint.ssm_vpce	resource
aws_vpc_endpoint.ssmmessages_vpce	resource
aws_vpc_security_group_egress_rule.unity_accelerator_alb_egress_service_80	resource
aws_vpc_security_group_egress_rule.unity_accelerator_service_egress_all	resource
aws_vpc_security_group_ingress_rule.service_efs	resource
aws_vpc_security_group_ingress_rule.unity_accelerator_ingress_to_vpce	resource
aws_vpc_security_group_ingress_rule.unity_accelerator_service_ingress_from_alb_80	resource
aws_vpc_security_group_ingress_rule.unity_accelerator_service_ingress_from_nlb_10080	resource
aws_vpc_security_group_ingress_rule.unity_accelerator_service_ingress_from_nlb_80	resource
aws_vpc_security_group_ingress_rule.vpc_endpoint_https	resource
awscc_secretsmanager_secret.dashboard_password_arn	resource
awscc_secretsmanager_secret.dashboard_username_arn	resource
random_string.unity_accelerator_lb_access_logs_bucket_suffix	resource
aws_caller_identity.current	data source
aws_ecs_cluster.unity_accelerator_cluster	data source
aws_efs_file_system.efs_file_system	data source
aws_elb_service_account.main	data source
aws_iam_policy_document.access_logs_bucket_lb_write	data source
aws_iam_policy_document.cloudwatch_logs_policy	data source
aws_iam_policy_document.ecs_tasks_trust_relationship	data source
aws_iam_policy_document.unity_accelerator_default_policy	data source
aws_region.current	data source
aws_subnet.nlb_subnets	data source

Inputs¶

Name	Description	Type	Default	Required
alb_certificate_arn	The ARN of the SSL certificate to use for the Application Load Balancer.	`string`	`null`	no
alb_is_internal	Set this flag to determine whether the Application Load Balancer to create is internal (true) or external (false). Value is ignored if no ALB is created.	`bool`	`false`	no
cloudwatch_log_retention_in_days	The log retention in days of the cloudwatch log group for Unity Accelerator.	`string`	`365`	no
cluster_name	The name of the ECS cluster to deploy Unity Accelerator to.	`string`	`null`	no
container_cpu	The number of CPU units to allocate to the Unity Accelerator container.	`number`	`1024`	no
container_memory	The number of MB of memory to allocate to the Unity Accelerator container.	`number`	`4096`	no
container_name	The name of the Unity Accelerator container.	`string`	`"unity-accelerator"`	no
create_alb	Set this flag to true to create an Application Load Balancer for the Unity Accelerator dashboard.	`bool`	`true`	no
create_nlb	Set this flag to true to create an external Network Load Balancer for the Unity Accelerator protobuf traffic.	`bool`	`true`	no
debug	Set this flag to enable ECS execute permissions on the Unity Accelerator container and force new service deployments on Terraform apply.	`bool`	`true`	no
efs_access_point_id	The ID of the EFS access point to use for the Unity Accelerator data volume.	`string`	`null`	no
efs_encryption_enabled	Set this flag to true to enable EFS encryption.	`bool`	`true`	no
efs_id	The ID of the EFS file system to use for the Unity Accelerator service.	`string`	`null`	no
efs_performance_mode	The performance mode of the EFS file system used by the Unity Accelerator service. Defaults to general purpose.	`string`	`"generalPurpose"`	no
efs_throughput_mode	The throughput mode of the EFS file system used by the Unity Accelerator service. Defaults to bursting.	`string`	`"bursting"`	no
enable_unity_accelerator_lb_access_logs	Enables access logging for the Application Load Balancer and Network Load Balancer used by Unity Accelerator. Defaults to true.	`bool`	`true`	no
enable_unity_accelerator_lb_deletion_protection	Enables deletion protection for the Unity Accelerator Application Load Balancer and Network Load Balancer. Defaults to true.	`bool`	`true`	no
environment	The current environment (e.g. dev, prod, etc.)	`string`	`"dev"`	no
lb_subnets	The subnets in which the Application Load Balancer and Network Load Balancer will be deployed.	`list(string)`	`[]`	no
name	The name applied to resources in the Unity Accelerator module.	`string`	`"unity-accelerator"`	no
nlb_is_internal	Set this flag to determine whether the Network Load Balancer to create is internal (true) or external (false). Value is ignored if no NLB is created.	`bool`	`false`	no
service_subnets	The subnets in which the Unity Accelerator service will be deployed.	`list(string)`	n/a	yes
tags	Tags to apply to resources.	`map(any)`	{ "iac-management": "CGD-Toolkit", "iac-module": "UnityAccelerator", "iac-provider": "Terraform" }	no
unity_accelerator_alb_access_logs_prefix	Log prefix for Unity Accelerator Application Load Balancer access logs. If null the project prefix and module name are used.	`string`	`null`	no
unity_accelerator_dashboard_password_arn	ARN of the AWS Secrets Manager secret containing the Unity Accelerator web dashboard password. Password must be the only value and stored as text, not as key/value JSON. If not passed, one will be created randomly.	`string`	`null`	no
unity_accelerator_dashboard_username_arn	ARN of the AWS Secrets Manager secret containing the Unity Accelerator web dashboard username. Username must be the only value and stored as text, not as key/value JSON. If not passed, one will be created and defaulted to 'uauser'.	`string`	`null`	no
unity_accelerator_debug_mode	Enables debug output for the Unity Accelerator service.	`string`	`"false"`	no
unity_accelerator_docker_image	Docker image to use for Unity Accelerator.	`string`	`"unitytechnologies/accelerator:latest"`	no
unity_accelerator_lb_access_logs_bucket	ID of the S3 bucket for Unity Accelerator Application Load Balancer and Network Load Balancer access log storage. If access logging is enabled and this is null the module creates a bucket.	`string`	`null`	no
unity_accelerator_log_stdout	When true, outputs logs to stdout only. When false, writes logs to the persist directory.	`string`	`"true"`	no
unity_accelerator_nlb_access_logs_prefix	Log prefix for Unity Accelerator Network Load Balancer access logs. If null the project prefix and module name are used.	`string`	`null`	no
vpc_id	The ID of the VPC in which the service will be deployed.	`string`	n/a	yes

Outputs¶

Name	Description
alb_dns_name	DNS endpoint of Application Load Balancer (ALB)
alb_security_group_id	ID of the Application Load Balancer's (ALB) security group
alb_zone_id	Zone ID for Application Load Balancer (ALB)
nlb_dns_name	DNS endpoint of Network Load Balancer (NLB)
nlb_zone_id	Zone ID for Network Load Balancer (NLB)
unity_accelerator_dashboard_password_arn	AWS Secrets Manager secret's ARN containing the Unity Accelerator web dashboard's username.
unity_accelerator_dashboard_username_arn	AWS Secrets Manager secret's ARN containing the Unity Accelerator web dashboard's password.