Creates an Atlassian Bitbucket instance, optionally bootstrapping the configuration.
module "bitbucket" {
source = "rhythmictech/atlassian-bitbucket/aws"
admin_email = "me@rhythmic.dev"
admin_password = "hunter2"
ami_id = data.aws_ami.bitbucket.id
asg_additional_iam_policies = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
asg_instance_type = "m6g.large"
asg_subnet = "subnet-123456789"
availability_zone = "us-east-1a"
data_volume_size = 50
db_instance_class = "db.m5.large"
db_storage_size = 50
db_subnet_group = "database"
dns_prefix = "bitbucket"
elb_certificate = "arn:aws:acm:us-east-1:012345678901:certificate/618601f5-bf87-13d4-a0f6-8a243a54af93"
elb_subnets = ["subnet-123456789", "subnet-012345678"]
site_name = "Bitbucket Demo"
vpc_id = "vpc-123456789"
zone_id = "zone-123456789"
}
A bit about this module
Name | Version |
---|---|
terraform | >= 0.12.19 |
aws | >= 5 |
random | >= 1.2 |
template | >= 2.1 |
Name | Version |
---|---|
aws | 3.39.0 |
random | 3.1.0 |
template | 2.2.0 |
Name | Source | Version |
---|---|---|
bitbucketdb | rhythmictech/rds-postgres/aws | ~> 5.0 |
Name | Description | Type | Default | Required |
---|---|---|---|---|
access_logs_bucket | The name of the bucket to store LB access logs in. Required if access_logs_enabled is true |
string |
null |
no |
access_logs_enabled | Whether to enable LB access logging | bool |
false |
no |
access_logs_interval | The log publishing interval in minutes | number |
60 |
no |
access_logs_prefix | The path prefix to apply to the LB access logs. | string |
null |
no |
admin_email | email address for administrator | string |
n/a | yes |
admin_password | initial password to use for administrator (only used when bootstrapping a new instance, otherwise ignored) | string |
null |
no |
alb_additional_sg_tags | Additional tags to apply to the LB security group. Useful if you use an external process to manage ingress rules. | map(string) |
{} |
no |
alb_allowed_https_cidr_blocks | List of allowed CIDR blocks. If [] is specified, no inbound ingress rules will be created |
list(string) |
[ |
no |
alb_allowed_ssh_cidr_blocks | List of allowed CIDR blocks for SSH access. If [] is specified, no inbound ingress rules will be created |
list(string) |
[ |
no |
alb_certificate | ARN of certificate to associate with LB | string |
n/a | yes |
alb_https_internal | Create as an internal or internet-facing LB | bool |
true |
no |
alb_https_port | Port that the Load Balancer for Bitbucket should listen for HTTPS on (Default is 443.) | number |
443 |
no |
alb_https_subnets | Subnets to associate HTTPS LB to | list(string) |
n/a | yes |
alb_ssh_internal | Create as an internal or internet-facing LB for SSH | bool |
true |
no |
alb_ssh_port | Port that the Load Balancer for Bitbucket should listen for SSH on (Default is 22.) | number |
22 |
no |
alb_ssh_subnets | Subnets to associate SSH LB to | list(string) |
null |
no |
alb_ssl_policy | SSL policy for ALB | string |
"ELBSecurityPolicy-TLS-1-2-2017-01" |
no |
ami_id | AMI to build on (must have ansible-role-atlassian-bitbucket module installed) |
string |
n/a | yes |
asg_additional_iam_policies | Additional IAM policies to attach to the ASG instance profile | list(string) |
[] |
no |
asg_additional_security_groups | Additional security group IDs to attach to ASG instances | list(string) |
[] |
no |
asg_additional_user_data | Additional User Data to attach to the launch template | string |
"" |
no |
asg_allow_outbound_egress | whether or not the default SG should allow outbound egress | bool |
true |
no |
asg_desired_capacity | The number of Amazon EC2 instances that should be running in the group. | number |
1 |
no |
asg_instance_type | Instance type for app | string |
"t3a.micro" |
no |
asg_key_name | Optional ssh keypair to associate with instances | string |
null |
no |
asg_max_size | Maximum number of instances in the autoscaling group | number |
1 |
no |
asg_min_size | Minimum number of instances in the autoscaling group | number |
1 |
no |
asg_root_volume_size | size of root volume (includes app install but not data dir) | number |
20 |
no |
asg_subnet | Subnet to associate ASG instances with (specify no more than 1) | string |
n/a | yes |
availability_zone | Specify the availability zone that the instance will be deployed in. Because Bitbucket requires an EBS volume for data and can't use EFS, the value of availability_zone must match the AZ associated with the value of asg_subnet . |
string |
n/a | yes |
create_alb | Create an ALB. This will by requirement create an NLB for SSH access on a separate address. | bool |
false |
no |
data_volume_size | Size in GB of the data volume | number |
n/a | yes |
db_additional_security_groups | SGs permitted access to RDS | list(string) |
[] |
no |
db_allowed_access_cidrs | CIDRs permitted access to RDS | list(string) |
[] |
no |
db_engine_version | engine version to run | string |
"11" |
no |
db_instance_class | DB Instance Size | string |
"db.t3.large" |
no |
db_monitoring_interval | Enhanced monitoring interval (5-60 seconds, 0 to disable) | number |
0 |
no |
db_monitoring_role_arn | IAM Role ARN for Database Monitoring permissions (if db_monitoring_interval > 0 and this is omitted, a role will be created automatically) |
string |
null |
no |
db_multi_az | If true, DB will be configured in multi-AZ mode | bool |
false |
no |
db_parameters | DB parameters (by default only sets utf8 as required by Bitbucket) | list(object({ |
[ |
no |
db_password_version | Increment to force master user password change | number |
1 |
no |
db_performance_insights_enabled | Whether or not to enable DB performance insights | bool |
false |
no |
db_storage_size | Size of DB (in GB) | number |
n/a | yes |
db_subnet_group | Database subnet group | string |
n/a | yes |
db_vpc_id | VPC ID for database (if omitted, the value for vpc_id is used instead) |
string |
null |
no |
dns_prefix | Hostname that will be used for bitbucket. This will be combined with the domain in zone_id or the value of domain_name to form the base url. |
string |
null |
no |
dns_ssh_prefix | Hostname that will be used for bitbucket SSH access. This is only used when create_alb == true |
string |
null |
no |
domain_name | domain name, which is only used if zone_id is not specified to compute the base url |
string |
null |
no |
elb_additional_sg_tags | Additional tags to apply to the ELB security group. Useful if you use an external process to manage ingress rules. | map(string) |
{} |
no |
elb_allowed_cidr_blocks | List of allowed CIDR blocks. If [] is specified, no inbound ingress rules will be created |
list(string) |
[ |
no |
elb_certificate | ARN of certificate to associate with ELB | string |
null |
no |
elb_internal | Create as an internal or internet-facing ELB | bool |
true |
no |
elb_port | Port that the Elastic Load Balancer for Bitbucket should listen for HTTPS on (Default is 443.) | number |
443 |
no |
elb_ssh_port | Port that the Elastic Load Balancer for Bitbucket should listen for SSH on (Default is 22.) | number |
22 |
no |
elb_subnets | Subnets to associate ELB to | list(string) |
null |
no |
license_key | Bitbucket license key (optional, must be a single line) | string |
"" |
no |
name | Moniker to apply to all resources in the module | string |
"bitbucket" |
no |
site_name | Bitbucket site name | string |
"Bitbucket" |
no |
tags | User-Defined tags | map(string) |
{} |
no |
volume_key | This value is set to a key on the EBS volume and must be present for the bitbucket instance to be permitted to attach it. | string |
"bitbucket-volume" |
no |
vpc_id | VPC to create associated resources in | string |
n/a | yes |
zone_id | Zone ID to make Route53 entry for bitbucket in. If not specified, domain_name must be specified so that the base URL can be determined. |
string |
null |
no |
Name | Description |
---|---|
asg_arn | ARN of the ASG for the Bitbucket instance |
asg_id | ID of the ASG for the Bitbucket instance |
asg_name | Name of the ASG for the Bitbucket instance |
db_instance_connection_info | DB Instance Connect Info (object) |
db_instance_id | DB Instance ID |
db_password_secretsmanager_arn | Secret ARN for DB password |
db_password_secretsmanager_version | Secret Version for DB password |
db_username | Master username |
iam_role_arn | IAM Role ARN of Bitbucket instance |
lb_arn | ARN of the ELB for Bitbucket access (HTTPS when ALB is used) |
lb_dns_name | DNS Name of the ELB for Bitbucket access |
lb_zone_id | Route53 Zone ID of the ELB for Bitbucket access |
ssh_lb_arn | ARN of the LB for Bitbucket SSH access (only valid when ALB is used) |
ssh_lb_dns_name | DNS Name of the LB for Bitbucket access (only valid when ALB is used) |
ssh_lb_zone_id | Route53 Zone ID of the LB for Bitbucket SSH access |
url | Bitbucket Server URL |