Terraform Module for AWS ECS
The following Terraform module is used to deploy Fides and Privacy Center to AWS ECS using RDS and Elasticache.
Requirements
| Name | Version |
|---|---|
| terraform | ~> 1.2 |
| aws | ~> 4.47 |
Providers
| Name | Version |
|---|---|
| aws | 4.47.0 |
| random | 3.4.3 |
Modules
No modules.
Resources
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_ips | A list of IP addresses/ranges that are allowed to make inbound requests to the Fidesops API. | list(string) | n/a | yes |
| aws_region | The AWS region to which the Fides resources will be deployed. | string | "us-east-1" | no |
| cloudwatch_log_group | The ARN of the CloudWatch Logs group to use. If not specified, one will be created. | string | "" | no |
| elasticache_auto_failover | Enable automatic failover on the Elasticache cluster. | bool | false | no |
| elasticache_node_type | The node type of the Fides Elasticache cluster. | string | "cache.t3.micro" | no |
| environment_name | The environment name or identifier used to delineate separate Fides instances, e.g. qa, staging, production, etc. | string | "staging" | no |
| environment_type | The environment type, prod or dev | string | "dev" | no |
| fides_additional_cors_origins | A list of CORS origins besides the privacy center and Fides Admin UI to allow. | list(string) | [] | no |
| fides_additional_environment_variables | Additional environment variables to be passed to the container. | list(object({ name = string, value = string })) | [] | no |
| fides_alternate_subnet | The subnet ID of the alternate subnet that may contain Fides resources. This subnet should be in a different availability zone from "var.fides_primary_subnet". | string | n/a | yes |
| fides_cors_origin_regex | A regex to use to allowlist CORS origins, in addition to the 'fides_additional_cors_origins' list. For example: 'https://.*.example.com (opens in a new tab)' | string | "" | no |
| fides_cpu | The number of CPU units to dedicate to the Fides container. | number | 1024 | no |
| fides_identity_verification | Whether to require subject identity verification for privacy requests. | bool | false | no |
| fides_image | The Fides Docker image to deploy. | string | "ethyca/fides" | no |
| fides_log_level | The logging level of Fides. | string | "INFO" | no |
| fides_memory | The amount of memory, in MiB, to dedicate to the Fides container. | number | 2048 | no |
| fides_primary_subnet | The subnet ID of the primary subnet that will contain Fides resources. | string | n/a | yes |
| fides_require_manual_request_approval | Whether to require privacy requests to be approved before processing. | bool | false | no |
| fides_root_password | The root user password to create. If one is not provided, one will be generated. | string | "" | no |
| fides_root_user | The root username to create. | string | "fidesroot" | no |
| fides_version | The Fides version to deploy. Must be a valid Docker tag. | string | "2.24.1" | no |
| lb_name | The name of the load balancer. If one is not provided, one will be generated. | string | "" | no |
| privacy_center_configuration_file | The file path of a config.json file with which to configure the Privacy Center. | string | "" | no |
| privacy_center_cpu | The number of CPU units to dedicate to the Privacy Center container. | number | 512 | no |
| privacy_center_css_file | The file path of a config.css file with which to style the Privacy Center. | string | "" | no |
| privacy_center_image | The Fides Docker image to deploy. | string | "ethyca/fides-privacy-center" | no |
| privacy_center_memory | The amount of memory, in MiB, to dedicate to the Privacy Center container. | number | 1024 | no |
| privacy_center_version | The Privacy Center version to deploy. Must be a valid Docker tag. | string | "2.24.1" | no |
| rds_allocated_storage | The amount of storage, in GiB, to assign to the RDS instance. | number | 10 | no |
| rds_instance_class | The instance class of the RDS instance. | string | "db.t3.micro" | no |
| rds_multi_az | Configure RDS to use a multi-AZ deployment. | bool | false | no |
| rds_name | The name of the RDS instance. If one is not provided, one will be generated. | string | "" | no |
| rds_postgres_version | The version of the RDS PostgreSQL engine. | string | "13.7" | no |
| route53_config | Route53 DNS configuration for Fides and Privacy Center. Setting these values also creates a TLS certificate and serves traffic over port 443. In order to use these, you must have a hosted zone for the root domain. | object({ existing_hosted_zone_name = string # e.g. example.com fides_subdomain = string # e.g. fides.example.com privacy_center_subdomain = string # e.g. privacy.example.com }) | n/a | yes |
| ssm_parameter_prefix | The prefix for AWS SSM Parameter Store entries related to Fides. | string | "/fides" | no |
Outputs
| Name | Description |
|---|---|
| elasticache_arn | The primary endpoint for the Fides Redis instance. |
| fides_endpoint | The URL of the Fides load balancer. |
| fides_root_password | The root Fides user's password. |
| fides_root_username | The root Fides user's username. |
| postgres_endpoint | The connection endpoint for the Fides Postgres database. |
| privacy_center_endpoint | The URL of the Privacy Center load balancer. |
| rds_arn | The ARN of the RDS instance. |
| redis_endpoint | The primary endpoint for the Fides Redis instance. |