/terraform-gce-atlantis

A set of @hashicorp Terraform configurations for running Atlantis on @googlecloud Compute Engine

Primary LanguageHCLApache License 2.0Apache-2.0

Atlantis on Google Compute Engine

This Terraform module deploys various resources to run Atlantis on Google Compute Engine.

Usage

See the examples directory.

Feature highlights

  • Container-Optimized OS - Atlantis runs as a Docker container on a container optimized VM.

  • Managed Instance Group - The VM instance is part of a MIG (Managed Instance Group), this ensures that Atlantis is always up and running.

  • External HTTPS Load Balancer - A Layer 7 load balancer is created together with a managed SSL certificate for the provided domain.

  • Custom port for Atlantis - This module features the ability to run Atlantis on a custom port, simply set the ATLANTIS_PORT environment variable.

  • Separate Persistent Data Disk - The VM instance has a separate attached persistent data disk attached to it to ensure that Atlantis data is persisted and not lost if the VM is deleted or terminated.

  • Shielded VM - A Shielded VM is a VM that's hardened by a set of security controls that help defend against rootkits and bootkits. Using a Shielded VM helps protect enterprise workloads from threats like remote attacks, privilege escalation, and malicious insiders.

Requirements

No requirements.

Providers

Name Version
google 4.47.0

Modules

Name Source Version
atlantis terraform-google-modules/container-vm/google ~> 2.0

Resources

Name Type
google_compute_backend_service.atlantis resource
google_compute_firewall.atlantis_lb_health_check resource
google_compute_global_address.atlantis resource
google_compute_global_forwarding_rule.https resource
google_compute_health_check.atlantis resource
google_compute_instance_group_manager.atlantis resource
google_compute_instance_template.atlantis resource
google_compute_managed_ssl_certificate.atlantis resource
google_compute_route.public_internet resource
google_compute_target_https_proxy.atlantis resource
google_compute_url_map.atlantis resource
google_compute_image.cos data source

Inputs

Name Description Type Default Required
block_project_ssh_keys Blocks the use of project-wide publich SSH keys bool false no
disk_kms_key_self_link The self link of the encryption key that is stored in Google Cloud KMS string null no
domain Domain to associate Atlantis with and to request a managed SSL certificate for. Without https:// string n/a yes
env_vars Key-value pairs representing environment variables and their respective values map(any) n/a yes
image Docker image. This is most often a reference to a container located in a container registry. string "ghcr.io/runatlantis/atlantis:latest" no
machine_type The machine type to run Atlantis on string "n2-standard-2" no
name Custom name that's used during resource creation string n/a yes
network Name of the network string n/a yes
persistent_disk_size_gb The size of the persistent disk that Atlantis uses to store its data on number 50 no
project The ID of the project in which the resource belongs. string null no
region The region that resources should be created in string n/a yes
service_account Service account to attach to the instance running Atlantis 
object({
    email  = string,
    scopes = list(string)
  })
 
{
  "email": "",
  "scopes": [
    "cloud-platform"
  ]
}
 no
subnetwork Name of the subnetwork to attach a network interface to string n/a yes
use_spot_machine A Spot VM is discounted Compute Engine capacity that may be preemptively stopped or deleted by Compute Engine if the capacity is needed bool false no
zone The zone that instances should be created in string n/a yes

Outputs

Name Description
ip_address The IPv4 address of the load balancer