This module automates the deployment of infrastructure for the InfraHouse GitHub Backup application, which is designed to back up GitHub repositories.
The instances within the Auto Scaling Group perform the following tasks:
- Read app installations and their configurations.
- Create an in-memory backup copy of the repositories.
- Upload the backups to an S3 bucket specified in the installation configuration.
Note: The backup of a repository is stored on an ephemeral disk, meaning it is not retained after the instance is terminated. This design choice enhances safety and security.
On the client side, the backups are configured by the github-backup-configuration module.
module "terraform-aws-github-backup" {
source = "registry.infrahouse.com/infrahouse/github-backup/aws"
version = "0.7.3"
app_key_secret = module.infrahouse-github-backup-app-key.secret_name
subnets = module.management.subnet_private_ids
instance_type = "t3a.small"
environment = var.environment
root_volume_size = 60
smtp_credentials_secret = module.smtp_credentials.secret_name
}| Name | Version |
|---|---|
| terraform | ~> 1.5 |
| aws | ~> 5.11 |
| random | ~> 3.6 |
| Name | Version |
|---|---|
| aws | ~> 5.11 |
| random | ~> 3.6 |
| tls | n/a |
| Name | Source | Version |
|---|---|---|
| instance_profile | registry.infrahouse.com/infrahouse/instance-profile/aws | 1.8.1 |
| userdata | registry.infrahouse.com/infrahouse/cloud-init/aws | 1.12.4 |
| Name | Type |
|---|---|
| aws_autoscaling_group.main | resource |
| aws_key_pair.deployer | resource |
| aws_launch_template.github-backup | resource |
| aws_security_group.backend | resource |
| aws_vpc_security_group_egress_rule.backend_outgoing | resource |
| aws_vpc_security_group_ingress_rule.backend_icmp | resource |
| aws_vpc_security_group_ingress_rule.backend_ssh_local | resource |
| random_string.profile_suffix | resource |
| tls_private_key.deployer | resource |
| aws_ami.selected | data source |
| aws_ami.ubuntu_pro | data source |
| aws_caller_identity.current | data source |
| aws_default_tags.provider | data source |
| aws_iam_policy_document.default_permissions | data source |
| aws_region.current | data source |
| aws_secretsmanager_secret.app_key_secret | data source |
| aws_subnet.selected | data source |
| aws_vpc.service | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami | Image for EC2 instances | string |
null |
no |
| app_key_secret | secret name where the GitHub PEM is stored. | string |
n/a | yes |
| asg_max_healthy_percentage | Specifies the upper limit on the number of instances that are in the InService or Pending state with a healthy status during an instance replacement activity. | number |
100 |
no |
| asg_max_size | Maximum number of instances in ASG | number |
1 |
no |
| asg_min_healthy_percentage | Specifies the lower limit on the number of instances that must be in the InService state with a healthy status during an instance replacement activity. | number |
0 |
no |
| asg_min_size | Minimum number of instances in ASG | number |
1 |
no |
| environment | Name of environment | string |
"development" |
no |
| instance_role_name | If specified, the instance profile role will have this name. Otherwise, the role name will be generated. | string |
"infrahouse-github-backup" |
no |
| instance_type | EC2 instances type | string |
"t3.micro" |
no |
| key_pair_name | SSH keypair name to be deployed in EC2 instances | string |
null |
no |
| max_instance_lifetime_days | The maximum amount of time, in _days_, that an instance can be in service, values must be either equal to 0 or between 7 and 365 days. | number |
30 |
no |
| packages | List of packages to install when the instances bootstraps. | list(string) |
[] |
no |
| puppet_custom_facts | A map of custom puppet facts | any |
{} |
no |
| puppet_debug_logging | Enable debug logging if true. | bool |
false |
no |
| puppet_environmentpath | A path for directory environments. | string |
"{root_directory}/environments" |
no |
| puppet_hiera_config_path | Path to hiera configuration file. | string |
"{root_directory}/environments/{environment}/hiera.yaml" |
no |
| puppet_manifest | Path to puppet manifest. By default ih-puppet will apply {root_directory}/environments/{environment}/manifests/site.pp. | string |
null |
no |
| puppet_module_path | Path to common puppet modules. | string |
"{root_directory}/environments/{environment}/modules:{root_directory}/modules" |
no |
| puppet_root_directory | Path where the puppet code is hosted. | string |
"/opt/puppet-code" |
no |
| root_volume_size | Root volume size in EC2 instance in Gigabytes | number |
30 |
no |
| service_name | Descriptive name of a service that will use this VPC | string |
"infrahouse-github-backup" |
no |
| smtp_credentials_secret | AWS secret name with SMTP credentials. The secret must contain a JSON with user and password keys. | string |
null |
no |
| subnets | Subnet ids where EC2 instances should be present | list(string) |
n/a | yes |
| tags | Tags to apply to instances in the autoscaling group. | map(string) |
{ |
no |
| ubuntu_codename | Ubuntu version codename for the backup runner | string |
"noble" |
no |
| Name | Description |
|---|---|
| instance_role_arn | ARN of the GitHub Backup instance role. |