/terraform-aws-foundryvtt

A completely turn-key, secure Foundry Virtual Tabletop server in encapsulated VPC using Terraform.

Primary LanguageHCLApache License 2.0Apache-2.0

terraform-aws-foundryvtt

Stand up a completely turn-key, secure Foundry Virtual Tabletop server using Terraform.

Description

Creates a fully managed VPC housing your server utilizing ECS behind a load balancer. AWS will safely manage your secrets and Foundry data in conjunction with the server to maintain availability and consistency...while still leaving you in control.

This is the module for you if:

  1. You are looking to quickly create a containerized FoundryVTT server
  2. You enjoy the security and consistency of the AWS cloud platform
  3. You don't want to be encumbered by hefty management and configuration
  4. You just want to play D&D (or any other role playing tabletop game, of course!)

Prerequisites

  1. Foundry Virtual Tabletop license
  2. Terraform 12 or higher
  3. AWS account with an automation role for Terraform to use on your behalf

Source

First you'll need to decide which version to use. I recommend using the latest release tag if you can. Otherwise, search for the one that suits you.
You can create the module with the source and version of choice using the Terraform Registry path:

module "foundryvtt_example" {
  source  = "Justinon/foundryvtt/aws"
  version = "X.Y.Z"
  # insert the required variables here
  ...
}

Requirements

Name Version
aws ~> 2.68.0
template ~> 2.1

Inputs

Name Description Type Default Required
aws_account_id The root user of the AWS account provided will be the sole credentials KMS key administrator. string n/a yes
aws_automation_role_arn The automation role used by Terraform. Gets decrypt/encrypt access to KMS credentials key. string n/a yes
foundry_password Will be encrypted in AWS Parameter Store for exclusive use by the server to securely obtain and use the Foundry license. string n/a yes
foundry_username Will be encrypted in AWS Parameter Store for exclusive use by the server to securely obtain and use the Foundry license. string n/a yes
artifacts_bucket_public Whether or not the artifacts bucket should be public. To reuse this bucket for direct Amazon S3 asset storage in browser, set to true. bool true no
artifacts_data_expiration_days The amount of days after which non-current version of the artifacts bucket Foundry data is expired. number 30 no
foundry_admin_key The Admin Access Key to set for password-protecting administration access to the Foundry tool. Will be encrypted in AWS Parameter Store for exclusive use by the server. string "" no
foundryvtt_docker_image Probably won't work with other images yet but the option is there if you want to experiment string "felddy/foundryvtt:release" no
security_groups Any extra security groups to associate with the Foundry server. list [] no
tags Any additional AWS tags you want associated with all created and eligible resources.
list(object({
key = string,
value = string
}))
[] no
vpc_cidr_block The CIDR block of the Foundry VPC housing all created and eligible resources. string "20.0.0.0/22" no

Outputs

Name Description
artifacts_bucket_arn The ARN of the S3 bucket holding versioned Foundry data.
artifacts_bucket_name The name of the S3 bucket holding versioned Foundry data.
credentials_kms_key_arn The ARN of the KMS key used by the server to decrypt and encrypt Foundry credentials. Used exclusively to maintain consistency and legitimacy of the server and license respectively.
credentials_kms_key_id The ID of the KMS key used by the server to decrypt and encrypt Foundry credentials. Used exclusively to maintain consistency and legitimacy of the server and license respectively.
internet_gateway_arn The ARN of the Internet Gateway allowing internet access to public subnets in the Foundry VPC.
internet_gateway_id The ID of the Internet Gateway allowing internet access to public subnets in the Foundry VPC.
lb_arn The ARN of the application load balancer in front of the Fargate task serving the Foundry container.
lb_dns_name The main entrypoint to the Foundry tool for users and GMs. Is the DNS name of the application load balancer in front of the Fargate task serving the Foundry container. Can be used with Route53.
lb_zone_id The Route53 zone ID of the application load balancer in front of the Fargate task serving the Foundry container.
policy_arn The ARN of the policy attached to the Foundry server role.
policy_id The ID of the policy attached to the Foundry server role.
policy_name The name of the policy attached to the Foundry server role.
role_arn The ARN of the role the Foundry server uses to access credentials and the artifacts bucket.
role_name The name of the role the Foundry server uses to access credentials and the artifacts bucket.
subnet_private_arns The ARN of the private subnets housing the fargate foundry task.
subnet_private_azs The availability zones of the private subnets housing the fargate foundry task.
subnet_private_ids The IDs of the private subnets housing the fargate foundry task.
subnet_public_arns The ARN of the public subnets housing the server autoscaling group and load balancer.
subnet_public_azs The availability zones of the public subnets housing the server autoscaling group and load balancer.
subnet_public_ids The IDs of the public subnets housing the server autoscaling group and load balancer.
target_group_http_arn The ARN of the HTTP target group receiving traffic from the HTTP ALB listener.
target_group_http_name The name of the HTTP target group receiving traffic from the HTTP ALB listener.
target_group_https_arn The ARN of the HTTPS target group receiving traffic from the HTTPS ALB listener.
target_group_https_name The name of the HTTPS target group receiving traffic from the HTTPS ALB listener.
vpc_arn The ARN of the Foundry VPC housing all created and eligible resources.
vpc_cidr_block The CIDR block of the Foundry VPC housing all created and eligible resources.
vpc_id The ID of the Foundry VPC housing all created and eligible resources.
vpc_route_table_private_id The private route table for the Foundry VPC.
vpc_route_table_public_id The public route table for the Foundry VPC.