Backup_Repos/code-server
1
0
Fork 0
mirror of https://github.com/cdr/code-server.git synced 2025-12-07 08:52:16 +01:00
Code Issues Projects Releases Wiki Activity
code-server/terraform/deployments/ec2/terraform.tfvars.example
Claude b8094ac6a0
Add comprehensive Terraform infrastructure for code-server deployment on AWS 
This commit adds complete Terraform infrastructure as code for deploying
code-server on both EC2 and EKS platforms with enterprise-grade security
and SAML/OIDC authentication.

Features:
- EC2 deployment with Auto Scaling Groups and Application Load Balancer
- EKS deployment with managed node groups and AWS Load Balancer Controller
- Private network setup with VPC, private subnets, and NAT gateways
- SAML/OIDC authentication using OAuth2 Proxy
- Security hardening:
  - KMS encryption for data at rest
  - TLS encryption in transit
  - IAM roles with least privilege
  - Security groups with minimal access
  - VPC Flow Logs
  - IMDSv2 enforcement
- Auto-scaling capabilities for both EC2 and EKS
- CloudWatch logging and monitoring
- Automated deployment scripts

Terraform Modules:
- modules/vpc: VPC with public/private subnets, NAT, and VPC endpoints
- modules/security: Security groups, IAM roles, and KMS keys
- modules/ec2: EC2 Auto Scaling deployment with ALB
- modules/eks: EKS cluster with managed node groups and addons

Deployments:
- deployments/ec2: EC2 deployment configuration
- deployments/eks: EKS deployment configuration with Kubernetes manifests

Documentation:
- README.md: Comprehensive deployment and operations guide
- QUICK-START.md: Quick reference for fast deployment
- SAML-SETUP-GUIDE.md: Step-by-step IdP configuration guide

Scripts:
- scripts/deploy-ec2.sh: Automated EC2 deployment
- scripts/deploy-eks.sh: Automated EKS deployment
- scripts/destroy-ec2.sh: EC2 cleanup
- scripts/destroy-eks.sh: EKS cleanup
2025-11-15 17:29:42 +00:00

47 lines
1.7 KiB
Text
Raw Blame History

# Example Terraform Variables for EC2 Deployment
# Copy this file to terraform.tfvars and fill in your values
aws_region = "us-east-1"
project_name = "code-server"
environment = "dev"
# VPC Configuration
vpc_cidr = "10.0.0.0/16"
public_subnet_cidrs = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
private_subnet_cidrs = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
single_nat_gateway = false # Set to true for cost optimization (single NAT gateway)
# Security Configuration
allowed_cidr_blocks = ["10.0.0.0/8"] # Restrict to private network
ssh_allowed_cidr_blocks = [] # No SSH access (use SSM instead)
# EC2 Configuration
instance_type = "t3.medium"
ebs_volume_size = 50
min_instances = 1
max_instances = 3
desired_instances = 1
code_server_version = "latest"
enable_autoscaling = true
# Load Balancer Configuration
# Get certificate ARN from ACM or leave empty for HTTP
certificate_arn = "" # Example: "arn:aws:acm:us-east-1:123456789012:certificate/xxxxx"
internal_alb = true # Set to false for internet-facing ALB
# OAuth2 / SAML Configuration
# Configure these values based on your IdP (Okta, Azure AD, etc.)
oauth2_client_id = "your-client-id-from-idp"
oauth2_client_secret = "your-client-secret-from-idp"
oauth2_issuer_url = "https://your-idp.com/.well-known/openid-configuration"
oauth2_redirect_url = "https://code-server.example.com/oauth2/callback"
# Generate cookie secret with:
# python -c 'import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())'
oauth2_cookie_secret = "generate-random-secret-here"
# Allowed email addresses (leave empty to allow all authenticated users)
oauth2_allowed_emails = [
# "user1@example.com",
# "user2@example.com"
]
Reference in a new issue View git blame Copy permalink