Backup_Repos/code-server
1
0
Fork 0
mirror of https://github.com/cdr/code-server.git synced 2025-12-09 18:02:16 +01:00
Code Issues Projects Releases Wiki Activity
code-server/terraform/deployments/ec2/outputs.tf
Claude b8094ac6a0
Add comprehensive Terraform infrastructure for code-server deployment on AWS 
This commit adds complete Terraform infrastructure as code for deploying
code-server on both EC2 and EKS platforms with enterprise-grade security
and SAML/OIDC authentication.

Features:
- EC2 deployment with Auto Scaling Groups and Application Load Balancer
- EKS deployment with managed node groups and AWS Load Balancer Controller
- Private network setup with VPC, private subnets, and NAT gateways
- SAML/OIDC authentication using OAuth2 Proxy
- Security hardening:
  - KMS encryption for data at rest
  - TLS encryption in transit
  - IAM roles with least privilege
  - Security groups with minimal access
  - VPC Flow Logs
  - IMDSv2 enforcement
- Auto-scaling capabilities for both EC2 and EKS
- CloudWatch logging and monitoring
- Automated deployment scripts

Terraform Modules:
- modules/vpc: VPC with public/private subnets, NAT, and VPC endpoints
- modules/security: Security groups, IAM roles, and KMS keys
- modules/ec2: EC2 Auto Scaling deployment with ALB
- modules/eks: EKS cluster with managed node groups and addons

Deployments:
- deployments/ec2: EC2 deployment configuration
- deployments/eks: EKS deployment configuration with Kubernetes manifests

Documentation:
- README.md: Comprehensive deployment and operations guide
- QUICK-START.md: Quick reference for fast deployment
- SAML-SETUP-GUIDE.md: Step-by-step IdP configuration guide

Scripts:
- scripts/deploy-ec2.sh: Automated EC2 deployment
- scripts/deploy-eks.sh: Automated EKS deployment
- scripts/destroy-ec2.sh: EC2 cleanup
- scripts/destroy-eks.sh: EKS cleanup
2025-11-15 17:29:42 +00:00

77 lines
2.4 KiB
HCL
Raw Blame History

# EC2 Deployment Outputs
output "vpc_id" {
description = "ID of the VPC"
value = module.vpc.vpc_id
}
output "private_subnet_ids" {
description = "IDs of private subnets"
value = module.vpc.private_subnet_ids
}
output "public_subnet_ids" {
description = "IDs of public subnets"
value = module.vpc.public_subnet_ids
}
output "alb_dns_name" {
description = "DNS name of the Application Load Balancer"
value = module.code_server_ec2.alb_dns_name
}
output "alb_url" {
description = "URL to access Code-Server"
value = var.certificate_arn != "" ? "https://${module.code_server_ec2.alb_dns_name}" : "http://${module.code_server_ec2.alb_dns_name}"
}
output "code_server_password_secret_arn" {
description = "ARN of the Secrets Manager secret containing code-server password"
value = module.code_server_ec2.code_server_password_secret_arn
}
output "autoscaling_group_name" {
description = "Name of the Auto Scaling Group"
value = module.code_server_ec2.autoscaling_group_name
}
output "kms_key_arn" {
description = "ARN of the KMS key for encryption"
value = module.security.kms_key_arn
}
output "next_steps" {
description = "Next steps to complete the setup"
value = <<-EOT
Code-Server EC2 Deployment Complete!
Next Steps:
1. Access Code-Server at: ${var.certificate_arn != "" ? "https" : "http"}://${module.code_server_ec2.alb_dns_name}
2. Get the code-server password:
aws secretsmanager get-secret-value \
--secret-id ${module.code_server_ec2.code_server_password_secret_arn} \
--region ${var.aws_region} \
--query SecretString \
--output text
3. Configure DNS (if using custom domain):
- Create a CNAME record pointing to: ${module.code_server_ec2.alb_dns_name}
- Update oauth2_redirect_url with your domain
4. Monitor the deployment:
- CloudWatch Logs: /aws/ec2/${local.name_prefix}-code-server
- Auto Scaling Group: ${module.code_server_ec2.autoscaling_group_name}
5. For SAML/OIDC authentication:
- Ensure your IdP is configured with the redirect URL: ${var.oauth2_redirect_url}
- Verify allowed email addresses are configured
Security Notes:
- All instances are in private subnets
- ALB is ${var.internal_alb ? "internal (private network only)" : "public"}
- Data is encrypted at rest using KMS
- VPC Flow Logs are enabled for monitoring
EOT
}
Reference in a new issue View git blame Copy permalink