AWS RabbitMQ Terraform Module

SquareOps Technologies Your DevOps Partner for Accelerating cloud journey.

This module provides an easy and efficient way to provision and manage RabbitMQ clusters on AWS. It simplifies the process of creating highly available and scalable RabbitMQ infrastructures by automating the deployment and configuration tasks. Features

1. Easy Configuration: The module allows you to define your RabbitMQ clusters and related resources using a concise and declarative syntax.

2. High Availability: It supports the creation of RabbitMQ clusters with multiple nodes distributed across availability zones, ensuring fault tolerance and high availability.

3. Security: The module integrates with AWS security features, allowing you to define security groups and control access to your RabbitMQ clusters.

4. Scalability: You can easily scale your RabbitMQ clusters up or down by adjusting the number of nodes and instance types.

5. Monitoring and Alerting: It provides integration with CloudWatch, enabling you to monitor key metrics and set up alerts for your RabbitMQ clusters.

6. Logging: The module supports logging of RabbitMQ server logs to CloudWatch Logs or other specified destinations.

7. Maintenance: You can configure maintenance windows for your RabbitMQ clusters to control the timing of maintenance activities.

8. Secrets Management: The module supports the use of AWS Secrets Manager to securely store and manage RabbitMQ credentials.

9. Customization: It offers a wide range of customizable parameters, allowing you to tailor the RabbitMQ configuration to your specific needs.

10. CloudWatch Alerts: Set up CloudWatch alarms to monitor the health and performance of your Redis cluster. Integrate these alarms with AWS Simple Notification Service (SNS) to receive real-time alerts. Use AWS Lambda functions to customize your alerting logic, and send notifications to Slack channels for immediate visibility into your AWS RabbitMQ status.

Uses Example

module "rabbitmq_broker" {
  source = "gitlab.com/sq-ia/aws/rabbitmq.git"
  environment                      = "production"
  name                             = "skaf"
  vpc_id                           = "vpc-xyz5ed3skaf"
  username                         = "admin"
  subnet_ids                       = ["subnet-xyz355fskaf"]
  engine_version                   = "3.10.20"
  storage_type                     = "ebs"
  host_instance_type               = "mq.m5.large"
  deployment_mode                  = "SINGLE_INSTANCE"
  apply_immediately                = true
  publicly_accessible              = false
  authentication_strategy          = "simple"
  allowed_security_groups          = ["sg-xyzf8bdc01fd9skaf"]
  auto_minor_version_upgrade       = false
  cloudwatch_metric_alarms_enabled = true
  alarm_cpu_threshold_percent      = 70
  alarm_memory_used_threshold      = "10000000" # in bytes
  slack_username                   = "John"
  slack_channel                    = "skaf"
  slack_webhook_url                = "https://hooks.slack.com/services/xxxxxxxxx"
  maintenance_window_start_time = {
    day_of_week = "SUNDAY"
    time_of_day = "00:30"
    time_zone   = "GMT"
  }
}

Important Notes

1. This module permit safety institution regulations to permit access to the broker.
2. By default, the variable create_random_password is set to true. Therefore, even if the user provides a password, it will not be read. The create_random_password variable should be set to false and the password variable should have a non-null value to be read and used.

Requirements

Name	Version
terraform	>= 1.0
aws	>= 4.23
random	>= 3.0.0

Providers

Name	Version
archive	n/a
aws	>= 4.23
random	>= 3.0.0

Modules

Name	Source	Version
cw_sns_slack	./lambda	n/a
security_group_mq	terraform-aws-modules/security-group/aws	4.13.0

Resources

Name	Type
aws_cloudwatch_metric_alarm.cache_cpu	resource
aws_cloudwatch_metric_alarm.memory_used	resource
aws_kms_ciphertext.slack_url	resource
aws_kms_key.this	resource
aws_lambda_permission.sns_lambda_slack_invoke	resource
aws_mq_broker.amazonmq	resource
aws_secretsmanager_secret.secret_mq	resource
aws_secretsmanager_secret_version.secret	resource
aws_security_group_rule.cidr_ingress	resource
aws_security_group_rule.default_ingress	resource
aws_security_group_rule.https_ingress	resource
aws_sns_topic.slack_topic	resource
aws_sns_topic_subscription.slack-endpoint	resource
random_password.password	resource
archive_file.lambdazip	data source

Inputs

Name	Description	Type	Default	Required
alarm_actions	Alarm action list	list(string)	[]	no
alarm_cpu_threshold_percent	CPU threshold alarm level	number	75	no
alarm_memory_used_threshold	Alarm threshold for the 'lowFreeStorageSpace' alarm	string	"1000000000"	no
allowed_cidr_blocks	A list of CIDR blocks that are allowed to access the Amazon MQ cluster.	list(any)	[]	no
allowed_security_groups	A list of Security Group IDs that are allowed to access the Amazon MQ cluster.	list(any)	[]	no
apply_immediately	Specifies whether any broker modifications are applied immediately or during the next maintenance window.	bool	true	no
authentication_strategy	The authentication strategy used to secure the broker.	string	"simple"	no
auto_minor_version_upgrade	Whether to automatically upgrade to new minor versions of brokers as Amazon MQ makes releases available.	bool	false	no
cloudwatch_metric_alarms_enabled	Boolean flag to enable/disable CloudWatch metrics alarms	bool	false	no
cw_sns_topic_arn	The username to use when sending notifications to Slack.	string	""	no
deployment_mode	The deployment mode of the Amazon MQ cluster.	string	"SINGLE_INSTANCE"	no
engine_type	The type of broker engine used in the Amazon MQ cluster.	string	"RabbitMQ"	no
engine_version	The version of the broker engine used in the Amazon MQ cluster.	string	""	no
environment	The name of the environment where the Amazon MQ cluster is deployed.	string	""	no
host_instance_type	The instance type of the Amazon MQ broker. For example, 'mq.t3.micro' or 'mq.m5.large'.	string	""	no
maintenance_window_start_time	The configuration block for the maintenance window start time.	object({ day_of_week = string time_of_day = string time_zone = string })	{ "day_of_week": "MONDAY", "time_of_day": "22:45", "time_zone": "Europe/Berlin" }	no
name	The name of the Amazon MQ cluster. It provides a unique identifier for the cluster.	string	""	no
ok_actions	The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Number (ARN)	list(string)	[]	no
port	The port number on which the RabbitMQ cluster will be accessible.	number	5671	no
publicly_accessible	Whether to enable connections from applications outside of the VPC that hosts the broker's subnets	bool	false	no
recovery_window_aws_secret	Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days.	number	0	no
slack_channel	The Slack channel where notifications will be posted.	string	""	no
slack_notification_enabled	Whether to enable/disable slack notification.	bool	false	no
slack_username	The username to use when sending notifications to Slack.	string	""	no
slack_webhook_url	The Slack Webhook URL where notifications will be sent.	string	""	no
storage_type	(optional) Storage type of the broker, only ebs work with mq.m5.large	string	null	no
subnet_ids	The IDs of the subnets in which the Amazon MQ broker will be launched.	list(string)	[]	no
username	The username of the user for authentication.	string	""	no
vpc_id	The ID of the VPC where the Amazon MQ cluster will be created.	string	""	no

Outputs

Name	Description
rabbitmq_broker_arn	The Amazon Resource Name (ARN) of the RabbitMQ broker.
rabbitmq_broker_console_url	The URL of the RabbitMQ Web Console for managing the broker.
rabbitmq_broker_endpoint	The wire-level protocol endpoint of the RabbitMQ broker.
rabbitmq_broker_id	The unique identifier of the RabbitMQ broker.
rabbitmq_password	The password for accessing the RabbitMQ cluster. Note that Terraform does not track this password after initial creation.
rabbitmq_security_group	The security group ID associated with the RabbitMQ cluster.

Contribute & Issue Report

To report an issue with a project:

1. Check the repository's issue tracker on GitHub
2. Search to check if the issue has already been reported
3. If you can't find an answer to your question in the documentation or issue tracker, you can ask a question by creating a new issue. Make sure to provide enough context and details.

License

Apache License, Version 2.0, January 2004 (https://www.apache.org/licenses/LICENSE-2.0)

Support Us

To support our GitHub project by liking it, you can follow these steps:

1. Visit the repository: Navigate to the GitHub repository

2. Click the "Star" button: On the repository page, you'll see a "Star" button in the upper right corner. Clicking on it will star the repository, indicating your support for the project.

3. Optionally, you can also leave a comment on the repository or open an issue to give feedback or suggest changes.

Staring a repository on GitHub is a simple way to show your support and appreciation for the project. It also helps to increase the visibility of the project and make it more discoverable to others.

Who we are

We believe that the key to success in the digital age is the ability to deliver value quickly and reliably. That’s why we offer a comprehensive range of DevOps & Cloud services designed to help your organization optimize its systems & Processes for speed and agility.

1. We are an AWS Advanced consulting partner which reflects our deep expertise in AWS Cloud and helping 100+ clients over the last 5 years.
2. Expertise in Kubernetes and overall container solution helps companies expedite their journey by 10X.
3. Infrastructure Automation is a key component to the success of our Clients and our Expertise helps deliver the same in the shortest time.
4. DevSecOps as a service to implement security within the overall DevOps process and helping companies deploy securely and at speed.
5. Platform engineering which supports scalable,Cost efficient infrastructure that supports rapid development, testing, and deployment.
6. 24*7 SRE service to help you Monitor the state of your infrastructure and eradicate any issue within the SLA.

We provide support on all of our projects, no matter how small or large they may be.

To find more information about our company, visit squareops.com, follow us on Linkedin, or fill out a job application. If you have any questions or would like assistance with your cloud strategy and implementation, please don't hesitate to contact us.