| atlanits_repo_whitelist |
the address for the github repo. do not include http://. just 'github.com/org/repo' is needed |
string |
"" |
no |
| atlantis_gh_token |
The github token to use for the access to the github repo |
string |
"" |
no |
| atlantis_gh_user |
The github user to use for the access to the github repo |
string |
"" |
no |
| atlantis_gh_webhook_secret |
The github webhook to use for the access to the github |
string |
"" |
no |
| atlantis_ui_basic_auth |
if you answer true this will enable a user/pass defined in atlantis_ui_user and atlantis_ui_pass variables as a basic auth to the atlantis UI. However right now this feature seems to be broken on current docker images. don't enable this until it's fixed |
bool |
false |
no |
| atlantis_ui_pass |
the password to use in the atlantis_ui_pass auth |
string |
"" |
no |
| atlantis_ui_user |
the user name to use in the atlantis_ui_user auth |
string |
"" |
no |
| atlantis_whitelist_ips |
We are protecting Atlantis with a WAFv2 App gateway. Git webhook IP's are being automatically added to the WAFv2 policy. Here you should include any public IP CIDR's you want to access the atlantis UI with . I.E. Home connection, Data centers, offices, etc. |
list(string) |
[
""
] |
no |
| az_subscription_id |
the subscription ID for Azure |
string |
"" |
no |
| az_tenant_id |
the tenant_id for azure subscription |
string |
"" |
no |
| create_and_attach_storage |
if you do not want blob storage created and mapped to the container change this to false |
bool |
true |
no |
| enable_ssl |
if you answer true this will enable SSL config for atlantis and the WAFv2. you will need pfx, pem and crt files. you can create your own self signed for testing but be sure to disable SSL verification on github webhook |
bool |
false |
no |
| infracost_api_key |
the api key from infracost. if you do not have one , install infracost locally and run go to https://www.infracost.io/ and download , then run 'infracost register' to get the key |
string |
"" |
no |
| infracost_repos_json |
this is the JSON config for infracost workflow. it needs to be added as a environment variable to the atlantis container. this is the standard template per project commit but you can customize it if you want to, directions and options are here : https://github.com/infracost/infracost-atlantis |
string |
" {\r\n \"repos\": [\r\n {\r\n \"id\": \"/.*/\",\r\n \"workflow\": \"terraform-infracost\"\r\n }\r\n ],\r\n \"workflows\": {\r\n \"terraform-infracost\": {\r\n \"plan\": {\r\n \"steps\": [\r\n {\r\n \"env\": {\r\n \"name\": \"INFRACOST_OUTPUT\",\r\n \"command\": \"echo \\\"/tmp/$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\\\\//-}-infracost.json\\\"\"\r\n }\r\n },\r\n {\r\n \"env\": {\r\n \"name\": \"INFRACOST_COMMENT_TAG\",\r\n \"command\": \"echo \\\"$BASE_REPO_OWNER-$BASE_REPO_NAME-$PULL_NUM-$WORKSPACE-${REPO_REL_DIR//\\\\//-}\\\"\"\r\n }\r\n },\r\n \"init\",\r\n \"plan\",\r\n \"show\",\r\n {\r\n \"run\": \"infracost breakdown --path=$SHOWFILE \\\\\\n --format=json \\\\\\n --log-level=info \\\\\\n --out-file=$INFRACOST_OUTPUT\\n\"\r\n },\r\n {\r\n \"run\": \"# Choose the commenting behavior, 'new' is a good default:\\n# new: Create a new cost estimate comment on every run of Atlantis for each project.\\n# update: Create a single comment and update it. The \\\"quietest\\\" option.\\n# hide-and-new: Minimize previous comments and create a new one.\\n# delete-and-new: Delete previous comments and create a new one.\\n# You can use tag to customize the hidden markdown tag used to detect comments posted by Infracost. We pass in the project directory here\\n# so that there are no conflicts across projects when posting to the pull request. This is especially important if you\\n# use a comment behavior other than \\\"new\\\".\\ninfracost comment github --repo $BASE_REPO_OWNER/$BASE_REPO_NAME \\\\\\n --pull-request $PULL_NUM \\\\\\n --path $INFRACOST_OUTPUT \\\\\\n --github-token $GITHUB_TOKEN \\\\\\n --tag $INFRACOST_COMMENT_TAG \\\\\\n --behavior new\\n\"\r\n },\r\n {\r\n \"run\": \"terraform fmt -check=true -diff=true -write=false\"\r\n }\r\n ]\r\n }\r\n }\r\n }\r\n}\r\n" |
no |
| location |
Azure region you want to deploy atlantis |
string |
"eastus" |
no |
| ssl_pfx_file |
filename for the ssl pfx file.f.f put this in the same folder you are running the module from |
string |
"" |
no |
| ssl_pfx_file_password |
filename for the ssl pfx file.f.f put this in the same folder you are running the module from |
string |
"" |
no |
| subscription_name |
the name of the subscription. This will be used as a prefix for resource group and resource names. |
string |
"" |
no |
| vnet_cidr |
The CIDR of the vnet that will be used for the frontend and backend subnets. this cidr will be split in to 2 subnets. it is suggested to use /23 cidr for the vnets and they will be split int two /24 subnets. you could use a smaller cidr like a /28 if you want |
string |
"" |
no |