SonarQube Terraform Module for AWS

This Terraform module deploys a SonarQube community server on AWS. Based on official Sonarqube Docker image https://hub.docker.com/_/sonarqube.

Usage

Check valid versions on:

Github Releases: https://github.com/cn-terraform/terraform-aws-sonarqube/releases
Terraform Module Registry: https://registry.terraform.io/modules/cn-terraform/sonarqube/aws

Install pre commit hooks.

Pleas run this command right after cloning the repository.

    pre-commit install

For that you may need to install the folowwing tools:

In order to run all checks at any point run the following command:

    pre-commit run --all-files

Requirements

Name	Version
terraform	>= 0.13
aws	>= 4
random	>= 3

Providers

Name	Version
aws	4.29.0
random	3.4.2

Modules

Name	Source	Version
acm	terraform-aws-modules/acm/aws	~> 4.0
aws_cw_logs	cn-terraform/cloudwatch-logs/aws	1.0.12
ecs_fargate	cn-terraform/ecs-fargate/aws	2.0.45

Resources

Name	Type
aws_db_subnet_group.aurora_db_subnet_group	resource
aws_kms_key.encryption_key	resource
aws_rds_cluster.aurora_db	resource
aws_rds_cluster_instance.aurora_db_cluster_instances	resource
aws_route53_record.record_dns	resource
aws_security_group.aurora_sg	resource
random_password.master_password	resource

Inputs

Name	Description	Type	Default	Required
block_s3_bucket_public_access	(Optional) If true, public access to the S3 bucket will be blocked.	`bool`	`true`	no
container_cpu	(Optional) The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value	`number`	`4096`	no
container_memory	(Optional) The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value	`number`	`8192`	no
container_memory_reservation	(Optional) The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit	`number`	`4096`	no
create_kms_key	If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable `log_group_kms_key_id`	`bool`	`false`	no
db_backup_retention_period	The days to retain backups for. Default 3	`number`	`3`	no
db_deletion_protection	If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to true. The default is false.	`bool`	`false`	no
db_engine_version	DB engine version	`string`	`"14.2"`	no
db_instance_number	Number of instance deployed on Aurora. By default, number of subnet in private_subnets_ids	`number`	`null`	no
db_instance_size	DB instance size	`string`	`"db.r4.large"`	no
db_name	Default DB name	`string`	`"sonar"`	no
db_password	DB password	`string`	`""`	no
db_username	Default DB username	`string`	`"sonar"`	no
dns_zone_id	Route 53 zone id	`string`	`""`	no
enable_autoscaling	Enable auto scaling for datacenter edition	`bool`	`false`	no
enable_s3_bucket_server_side_encryption	(Optional) If true, server side encryption will be applied.	`bool`	`true`	no
enable_s3_logs	(Optional) If true, all resources to send LB logs to S3 will be created	`bool`	`true`	no
enable_ssl	Enable SSL	`bool`	`true`	no
ephemeral_storage_size	The number of GBs to provision for ephemeral storage on Fargate tasks. Must be greater than or equal to 21 and less than or equal to 200	`number`	`0`	no
https_record_domain_name	Route 53 domain name	`string`	`""`	no
https_record_name	Route 53 dns name	`string`	`""`	no
lb_enable_cross_zone_load_balancing	Enable cross zone support for LB	`string`	`"true"`	no
lb_http_ports	Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener_port and the target_group_port. For `redirect` type, include listener port, host, path, port, protocol, query and status_code. For `fixed-response`, include listener_port, content_type, message_body and status_code	`map(any)`	`{}`	no
lb_https_ports	Map containing objects to define listeners behaviour based on type field. If type field is `forward`, include listener_port and the target_group_port. For `redirect` type, include listener port, host, path, port, protocol, query and status_code. For `fixed-response`, include listener_port, content_type, message_body and status_code	`map(any)`	{ "default": { "listener_port": 443, "target_group_port": 9000, "target_group_protocol": "HTTP" } }	no
lb_waf_web_acl_arn	ARN of a WAFV2 to associate with the ALB	`string`	`""`	no
log_group_kms_key_id	The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.	`string`	`null`	no
log_group_retention_in_days	(Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days.	`number`	`30`	no
mount_points	Container mount points. This is a list of maps, where each map should contain a `containerPath` and `sourceVolume`. The `readOnly` key is optional.	`list(any)`	`[]`	no
name_prefix	Name prefix for resources on AWS	`string`	n/a	yes
permissions_boundary	(Optional) The ARN of the policy that is used to set the permissions boundary for the `ecs_task_execution_role` role.	`string`	`null`	no
private_subnets_ids	List of Private Subnets IDs	`list(string)`	n/a	yes
public_subnets_ids	List of Public Subnets IDs	`list(string)`	n/a	yes
region	AWS Region the infrastructure is hosted in	`string`	n/a	yes
s3_bucket_server_side_encryption_key	(Optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.	`string`	`null`	no
s3_bucket_server_side_encryption_sse_algorithm	(Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms	`string`	`"AES256"`	no
sonarqube_image	Sonarqube image	`string`	`"sonarqube:lts"`	no
tags	Resource tags	`map(string)`	`{}`	no
volumes	(Optional) A set of volume blocks that containers in your task may use	list(object({ host_path = string name = string docker_volume_configuration = list(object({ autoprovision = bool driver = string driver_opts = map(string) labels = map(string) scope = string })) efs_volume_configuration = list(object({ file_system_id = string root_directory = string transit_encryption = string transit_encryption_port = string authorization_config = list(object({ access_point_id = string iam = string })) })) }))	`[]`	no
vpc_id	ID of the VPC	`string`	n/a	yes

Outputs

Name	Description
ecs_tasks_sg_id	SonarQube ECS Tasks Security Group - The ID of the security group
sonar_lb_arn	SonarQube Load Balancer ARN
sonar_lb_arn_suffix	SonarQube Load Balancer ARN Suffix
sonar_lb_dns_name	SonarQube Load Balancer DNS Name
sonar_lb_id	SonarQube Load Balancer ID
sonar_lb_zone_id	SonarQube Load Balancer Zone ID

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

cn-terraform / terraform-aws-sonarqube

Programming Languages

Labels

Projects that are alternatives of or similar to terraform-aws-sonarqube