tf-cloud-agents
aws-ia/tf-cloud-agents/aws
Creates self-hosted Terraform Cloud Agent on AWS (https://registry.terraform.io/modules/aws-ia/tf-cloud-agents/aws/latest)
Terraform Cloud Agent on Amazon ECS This solution creates self-hosted HashiCorp Cloud Platform (HCP) Terraform agent on Amazon ECS cluster. HCP Terraform allows you to manage isolated, private, or on-premises infrastructure using self-hosted HCP Terraform agents. The agent polls HCP Terraform or HCP Terraform Enterprise for any changes to your configuration and executes the changes locally, so you do not need to allow public ingress traffic to your resources. Agents allow you to control infrastructure in private environments without modifying your network perimeter. Architecture !Terraform Cloud Agent on Amazon ECS architecture Prerequisites To use this module you need to have the following: 1. HashiCorp Cloud Platform (HCP) Terraform subscription 2. Terraform API token with permission to
| Name | Type | Description | Default |
|---|---|---|---|
| hcp_terraform_org_name | string | The name of the HCP Terraform or HCP Terraform Enterprise organization where the | |
| subnet_ids | list(string) | IDs of the subnet(s) where agents can be deployed | |
| name | string | A name to apply to resources. The combination of `name` and `hcp_terraform_org_n | |
| vpc_id | string | ID of the VPC where the cluster is running. | |
| agent_memory | number | The amount of memory, in MB, allocated to the agent container(s). | 512 |
| agent_image | string | The Docker image to launch. | "hashicorp/tfc-agent:latest" |
| agent_auto_update | string | Whether the agent should auto-update. Valid values are minor, patch, and disable | "minor" |
| task_policy_arns | list(string) | ARN(s) of IAM policies to attach to the agent task. Determines what actions the | [] |
| kms_key_arn | string | The ARN of the KMS key to create. If empty, a new key will be created. | "" |
| assign_public_ip | bool | Whether to assign a public IP address to the ECS tasks. Set to true when using p | false |
| hcp_terraform_address | string | The HTTPS address of the HCP Terraform or HCP Terraform Enterprise instance. | "https://app.terraform.io" |
| tfe_agent_pool_name | string | Terraform agent pool name to be used when agent creation is omitted | "" |
| agent_log_level | string | The logging verbosity for the agent. Valid values are trace, debug, info (defaul | "info" |
| agent_egress_ports | set(string) | Egress ports to allow the agent to communicate with the HCP Terraform instance. | [
"443",
"7146"
] |
| agent_cidr_blocks | list(string) | CIDR blocks to allow the agent to communicate with the HCP Terraform instance. | [
"0.0.0.0/0"
] |
| cloudwatch_log_group_retention | number | The number of days to retain logs in the CloudWatch log group. | 365 |
| cloudwatch_log_group_name | string | The name of the CloudWatch log group where agent logs will be sent. | "/hcp/hcp-terraform-agent" |
| create_ecs_cluster | bool | Whether to create a new ECS cluster for the agent. | true |
| create_cloudwatch_log_group | bool | Whether the CloudWatch log group should be created. | true |
| ecs_cluster_arn | string | ARN of the ECS cluster where the agent will be deployed. | "arn:aws:ecs:us-west-2:000000000000:clus |
| create_tfe_agent_pool | bool | Whether to omit agent pool/token creation | true |
| agent_cpu | number | The CPU units allocated to the agent container(s). See https://docs.aws.amazon.c | 256 |
| agent_single_execution | bool | Whether to use single-execution mode. | true |
| extra_env_vars | list(object({ name = stri | Extra environment variables to pass to the agent container. | [] |
ecs_task_revision — Revision number of the ECS task definition.security_group_name — Name of the VPC security group attached to the service.security_group_id — ID of the VPC security group attached to the service.task_role_name — Name of the IAM role attached to the task containers.task_role_arn — ARN of the IAM role attached to the task containers.ecs_service_arn — ARN of the ECS service.log_stream_prefix — Prefix for the CloudWatch log stream.kms_key_arn — The ARN of the created KMS keyagent_pool_name — Name of the HCP Terraform agent pool.agent_pool_id — ID of the HCP Terraform agent pool.ecs_task_arn — ARN of the ECS task definition.