terraform-aws-foundryvtt
Stand up a completely turn-key, secure Foundry Virtual Tabletop server using Terraform.
Description
Creates a fully managed VPC housing your server utilizing ECS behind a load balancer. AWS will safely manage your secrets and Foundry data in conjunction with the server to maintain availability and consistency...while still leaving you in control.
This is the module for you if:
- You are looking to quickly create a containerized FoundryVTT server
- You enjoy the security and consistency of the AWS cloud platform
- You don't want to be encumbered by hefty management and configuration
- You just want to play D&D (or any other role playing tabletop game, of course!)
Prerequisites
- Foundry Virtual Tabletop license
- Terraform 12 or higher
- AWS account with an automation role for Terraform to use on your behalf
Source
First you'll need to decide which version to use. I recommend using the latest release tag if you can. Otherwise, search for the one that suits you.
You can create the module with the source and version of choice using the Terraform Registry path:
module "foundryvtt_example" {
source = "Justinon/foundryvtt/aws"
version = "X.Y.Z"
# insert the required variables here
...
}
Requirements
Name | Version |
---|---|
aws | ~> 2.68.0 |
template | ~> 2.1 |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
aws_account_id | The root user of the AWS account provided will be the sole credentials KMS key administrator. | string |
n/a | yes |
aws_automation_role_arn | The automation role used by Terraform. Gets decrypt/encrypt access to KMS credentials key. | string |
n/a | yes |
foundry_password | Will be encrypted in AWS Parameter Store for exclusive use by the server to securely obtain and use the Foundry license. | string |
n/a | yes |
foundry_username | Will be encrypted in AWS Parameter Store for exclusive use by the server to securely obtain and use the Foundry license. | string |
n/a | yes |
artifacts_bucket_public | Whether or not the artifacts bucket should be public. To reuse this bucket for direct Amazon S3 asset storage in browser, set to true. | bool |
true |
no |
artifacts_data_expiration_days | The amount of days after which non-current version of the artifacts bucket Foundry data is expired. | number |
30 |
no |
foundry_admin_key | The Admin Access Key to set for password-protecting administration access to the Foundry tool. Will be encrypted in AWS Parameter Store for exclusive use by the server. | string |
"" |
no |
foundryvtt_docker_image | Probably won't work with other images yet but the option is there if you want to experiment | string |
"felddy/foundryvtt:release" |
no |
security_groups | Any extra security groups to associate with the Foundry server. | list |
[] |
no |
tags | Any additional AWS tags you want associated with all created and eligible resources. | list(object({ |
[] |
no |
vpc_cidr_block | The CIDR block of the Foundry VPC housing all created and eligible resources. | string |
"20.0.0.0/22" |
no |
Outputs
Name | Description |
---|---|
artifacts_bucket_arn | The ARN of the S3 bucket holding versioned Foundry data. |
artifacts_bucket_name | The name of the S3 bucket holding versioned Foundry data. |
credentials_kms_key_arn | The ARN of the KMS key used by the server to decrypt and encrypt Foundry credentials. Used exclusively to maintain consistency and legitimacy of the server and license respectively. |
credentials_kms_key_id | The ID of the KMS key used by the server to decrypt and encrypt Foundry credentials. Used exclusively to maintain consistency and legitimacy of the server and license respectively. |
internet_gateway_arn | The ARN of the Internet Gateway allowing internet access to public subnets in the Foundry VPC. |
internet_gateway_id | The ID of the Internet Gateway allowing internet access to public subnets in the Foundry VPC. |
lb_arn | The ARN of the application load balancer in front of the Fargate task serving the Foundry container. |
lb_dns_name | The main entrypoint to the Foundry tool for users and GMs. Is the DNS name of the application load balancer in front of the Fargate task serving the Foundry container. Can be used with Route53. |
lb_zone_id | The Route53 zone ID of the application load balancer in front of the Fargate task serving the Foundry container. |
policy_arn | The ARN of the policy attached to the Foundry server role. |
policy_id | The ID of the policy attached to the Foundry server role. |
policy_name | The name of the policy attached to the Foundry server role. |
role_arn | The ARN of the role the Foundry server uses to access credentials and the artifacts bucket. |
role_name | The name of the role the Foundry server uses to access credentials and the artifacts bucket. |
subnet_private_arns | The ARN of the private subnets housing the fargate foundry task. |
subnet_private_azs | The availability zones of the private subnets housing the fargate foundry task. |
subnet_private_ids | The IDs of the private subnets housing the fargate foundry task. |
subnet_public_arns | The ARN of the public subnets housing the server autoscaling group and load balancer. |
subnet_public_azs | The availability zones of the public subnets housing the server autoscaling group and load balancer. |
subnet_public_ids | The IDs of the public subnets housing the server autoscaling group and load balancer. |
target_group_http_arn | The ARN of the HTTP target group receiving traffic from the HTTP ALB listener. |
target_group_http_name | The name of the HTTP target group receiving traffic from the HTTP ALB listener. |
target_group_https_arn | The ARN of the HTTPS target group receiving traffic from the HTTPS ALB listener. |
target_group_https_name | The name of the HTTPS target group receiving traffic from the HTTPS ALB listener. |
vpc_arn | The ARN of the Foundry VPC housing all created and eligible resources. |
vpc_cidr_block | The CIDR block of the Foundry VPC housing all created and eligible resources. |
vpc_id | The ID of the Foundry VPC housing all created and eligible resources. |
vpc_route_table_private_id | The private route table for the Foundry VPC. |
vpc_route_table_public_id | The public route table for the Foundry VPC. |