ecs-fsx-sftp
andreswebs/ecs-fsx-sftp/aws
Deploys an ECS cluster running an SFTP service as a daemon
terraform-aws-ecs-fsx-sftp Deploys an AWS ECS cluster running an SFTP service as a daemon. This is a proof-of-concept for how to deploy a highly-available fleet of SFTP servers with an AWS FSx Windows file share, with multiple user folders from the share mounted in ECS-optimized Amazon Linux 2 instances. This module deploys a _subset_ of the resources described in the diagram below. Namely, it deploys the ECS cluster and SFTP daemon containers in the following architecture: !Example SFTP service Pre-requisites FSx The AWS FSx for Windows file system must be configured with access for a domain user with permissions to read and write to the file share. This user's credentials will be stored in plaintext in the ECS container instance. An example module to deploy FSx with Active Directory can
| Name | Type | Description | Default |
|---|---|---|---|
| subnet_ids | list(string) | Subnet IDs | |
| instance_role_arn | string | ECS container-instance IAM role ARN; overrides `instance_role_name` | |
| ami_id | string | AMI ID for ECS container-instances | |
| task_role_arn | string | ECS 'Task Role' ARN; overrides `task_role_name` | |
| ssh_key_name | string | ECS container-instance SSH key-pair name; must be an existing key-pair | |
| execution_role_arn | string | ECS 'Task Execution Role' ARN; overrides `execution_role_name` | |
| cidr_whitelist | list(string) | CIDR whitelist for allowed container-instance ingress traffic for SSH and SFTP | |
| sftp_users | string | Comma-separated list of SFTP users to add | |
| vpc_id | string | VPC ID | |
| sftp_volume_name_storage | string | SFTP storage-volumes name prefix; user names will be added as suffixes | "sftp-storage" |
| sftp_volume_name_host | string | SFTP host-volume name | "sftp-host" |
| sftp_volume_name_config | string | SFTP config-volume name | "sftp-config" |
| fsx_ssm_param_prefix | string | Prefix for SSM parameters used for FSx configuration | "/fsx" |
| fsx_file_share | string | Name of the Windows file share to use | "share" |
| cluster_name | string | ECS cluster name | "sftp" |
| sftp_ssm_param_config_users_conf | string | SSM param path for the `/etc/sftp/users.conf` file | "/config/users-conf" |
| fsx_ssm_param_domain | string | FSx domain SSM param path | "/domain" |
| fsx_ssm_param_username | string | FSx username SSM param path | "/username" |
| fsx_mount_point | string | Filesystem path prefix for FSx shared stores; each SFTP user will have its own m | "/mnt/fsx" |
| instance_profile_name | string | ECS container-instance IAM profile name; if `instance_role_arn` is set, this mus | "ecs-sftp-instance" |
| sftp_volume_name_user | string | SFTP user-volumes name prefix; user names will be added as suffixes | "sftp-user" |
| fsx_smb_version | string | SMB protocol version; if in doubt, leave it as default | "3.0" |
| task_role_name | string | ECS 'Task Role' name; overriden by `task_role_arn` | "ecs-task" |
| sftp_ssm_param_user_pub_key | string | SSM param path for users' public keys | "/user/public-key" |
| sftp_volume_name_scripts | string | SFTP scripts-volume name | "sftp-scripts" |
| sftp_main_container_image | string | Main SFTP container image | "atmoz/sftp:latest" |
| fsx_ssm_param_password | string | FSx password SSM param path | "/password" |
| fsx_creds_path | string | FSx credentials filesystem path | "/home/ec2-user/.fsx-credentials" |
| fsx_cifs_max_buf_size | string | CIFS maximum buffer size; find it with the command: `modinfo cifs | grep` | "130048" |
| … and 5 more inputs | |||
ecs_cluster — The aws_ecs_cluster resourcelaunch_template — The aws_launch_template resourcetask_definition — The aws_ecs_task_definition resourceTerraform module for building and deploying Next.js apps to AWS. Supports SSR (L
Terraform module for provisioning an EKS cluster
Terraform module to generate well-formed JSON documents (container definitions)
Terraform module that provision an S3 bucket to store the terraform.tfstate file