mirror of
https://github.com/cdr/code-server.git
synced 2025-12-07 17:02:27 +01:00
b8094ac6a0
This commit adds complete Terraform infrastructure as code for deploying code-server on both EC2 and EKS platforms with enterprise-grade security and SAML/OIDC authentication. Features: - EC2 deployment with Auto Scaling Groups and Application Load Balancer - EKS deployment with managed node groups and AWS Load Balancer Controller - Private network setup with VPC, private subnets, and NAT gateways - SAML/OIDC authentication using OAuth2 Proxy - Security hardening: - KMS encryption for data at rest - TLS encryption in transit - IAM roles with least privilege - Security groups with minimal access - VPC Flow Logs - IMDSv2 enforcement - Auto-scaling capabilities for both EC2 and EKS - CloudWatch logging and monitoring - Automated deployment scripts Terraform Modules: - modules/vpc: VPC with public/private subnets, NAT, and VPC endpoints - modules/security: Security groups, IAM roles, and KMS keys - modules/ec2: EC2 Auto Scaling deployment with ALB - modules/eks: EKS cluster with managed node groups and addons Deployments: - deployments/ec2: EC2 deployment configuration - deployments/eks: EKS deployment configuration with Kubernetes manifests Documentation: - README.md: Comprehensive deployment and operations guide - QUICK-START.md: Quick reference for fast deployment - SAML-SETUP-GUIDE.md: Step-by-step IdP configuration guide Scripts: - scripts/deploy-ec2.sh: Automated EC2 deployment - scripts/deploy-eks.sh: Automated EKS deployment - scripts/destroy-ec2.sh: EC2 cleanup - scripts/destroy-eks.sh: EKS cleanup
70 lines
1.5 KiB
HCL
70 lines
1.5 KiB
HCL
# VPC Module Variables
|
|
|
|
variable "name_prefix" {
|
|
description = "Prefix for resource names"
|
|
type = string
|
|
}
|
|
|
|
variable "vpc_cidr" {
|
|
description = "CIDR block for VPC"
|
|
type = string
|
|
default = "10.0.0.0/16"
|
|
}
|
|
|
|
variable "public_subnet_cidrs" {
|
|
description = "CIDR blocks for public subnets"
|
|
type = list(string)
|
|
default = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
|
|
}
|
|
|
|
variable "private_subnet_cidrs" {
|
|
description = "CIDR blocks for private subnets"
|
|
type = list(string)
|
|
default = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
|
|
}
|
|
|
|
variable "aws_region" {
|
|
description = "AWS region"
|
|
type = string
|
|
}
|
|
|
|
variable "cluster_name" {
|
|
description = "Name of the EKS cluster (for subnet tagging)"
|
|
type = string
|
|
}
|
|
|
|
variable "enable_nat_gateway" {
|
|
description = "Enable NAT gateway for private subnets"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "single_nat_gateway" {
|
|
description = "Use a single NAT gateway for all private subnets (cost optimization)"
|
|
type = bool
|
|
default = false
|
|
}
|
|
|
|
variable "enable_vpc_endpoints" {
|
|
description = "Enable VPC endpoints for AWS services"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "enable_flow_logs" {
|
|
description = "Enable VPC flow logs"
|
|
type = bool
|
|
default = true
|
|
}
|
|
|
|
variable "flow_logs_retention_days" {
|
|
description = "Number of days to retain VPC flow logs"
|
|
type = number
|
|
default = 30
|
|
}
|
|
|
|
variable "tags" {
|
|
description = "Tags to apply to resources"
|
|
type = map(string)
|
|
default = {}
|
|
}
|