aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment')
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md106
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf12
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf9
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf3
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf23
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf9
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf567
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf7
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf311
-rw-r--r--fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf12
10 files changed, 1059 insertions, 0 deletions
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md
new file mode 100644
index 0000000000..f3bc3e23ec
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md
@@ -0,0 +1,106 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.4 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | ~> 4.3.0 |
+| <a name="requirement_vault"></a> [vault](#requirement\_vault) | >= 3.2.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | ~> 4.3.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_elastic_beanstalk_environment.environment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elastic_beanstalk_environment) | resource |
+| [aws_iam_instance_profile.ec2_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
+| [aws_iam_role.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
+| [aws_iam_role_policy_attachment.ecr_readonly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.enhanced_health](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.multicontainer_docker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.ssm_automation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.ssm_ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.web_tier](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.worker_tier](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_internet_gateway.internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource |
+| [aws_route.route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource |
+| [aws_ssm_activation.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_activation) | resource |
+| [aws_subnet.subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource |
+| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource |
+| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_application_description"></a> [application\_description](#input\_application\_description) | Short description of the application. | `string` | `"Beanstalk Application"` | no |
+| <a name="input_application_name"></a> [application\_name](#input\_application\_name) | The name of the application, must be unique within account. | `string` | `"Beanstalk"` | no |
+| <a name="input_appversion_lifecycle_delete_source_from_s3"></a> [appversion\_lifecycle\_delete\_source\_from\_s3](#input\_appversion\_lifecycle\_delete\_source\_from\_s3) | Whether to delete application versions from S3 source | `bool` | `false` | no |
+| <a name="input_appversion_lifecycle_max_count"></a> [appversion\_lifecycle\_max\_count](#input\_appversion\_lifecycle\_max\_count) | The max number of application versions to keep | `number` | `2` | no |
+| <a name="input_appversion_lifecycle_service_role_arn"></a> [appversion\_lifecycle\_service\_role\_arn](#input\_appversion\_lifecycle\_service\_role\_arn) | The service role ARN to use for application version cleanup. If left empty, the `appversion_lifecycle` block will not be created. | `string` | `""` | no |
+| <a name="input_associate_public_ip_address"></a> [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate public IP addresses to the instances. | `bool` | `true` | no |
+| <a name="input_autoscaling_asg_maxsize"></a> [autoscaling\_asg\_maxsize](#input\_autoscaling\_asg\_maxsize) | Maximum instances to launch | `number` | `2` | no |
+| <a name="input_autoscaling_asg_minsize"></a> [autoscaling\_asg\_minsize](#input\_autoscaling\_asg\_minsize) | Minumum instances to launch | `number` | `1` | no |
+| <a name="input_autoscaling_trigger_lower_breach_scale_increment"></a> [autoscaling\_trigger\_lower\_breach\_scale\_increment](#input\_autoscaling\_trigger\_lower\_breach\_scale\_increment) | How many Amazon EC2 instances to remove when performing a scaling activity. | `number` | `-1` | no |
+| <a name="input_autoscaling_trigger_lower_threshold"></a> [autoscaling\_trigger\_lower\_threshold](#input\_autoscaling\_trigger\_lower\_threshold) | Minimum level of autoscale metric to remove an instance | `number` | `20` | no |
+| <a name="input_autoscaling_trigger_measure_name"></a> [autoscaling\_trigger\_measure\_name](#input\_autoscaling\_trigger\_measure\_name) | Metric used for your Auto Scaling trigger | `string` | `"CPUUtilization"` | no |
+| <a name="input_autoscaling_trigger_statistic"></a> [autoscaling\_trigger\_statistic](#input\_autoscaling\_trigger\_statistic) | Statistic the trigger should use, such as Average | `string` | `"Average"` | no |
+| <a name="input_autoscaling_trigger_unit"></a> [autoscaling\_trigger\_unit](#input\_autoscaling\_trigger\_unit) | Unit for the trigger measurement, such as Bytes | `string` | `"Percent"` | no |
+| <a name="input_autoscaling_trigger_upper_breach_scale_increment"></a> [autoscaling\_trigger\_upper\_breach\_scale\_increment](#input\_autoscaling\_trigger\_upper\_breach\_scale\_increment) | How many Amazon EC2 instances to add when performing a scaling activity | `number` | `1` | no |
+| <a name="input_autoscaling_trigger_upper_threshold"></a> [autoscaling\_trigger\_upper\_threshold](#input\_autoscaling\_trigger\_upper\_threshold) | Maximum level of autoscale metric to add an instance | `number` | `80` | no |
+| <a name="input_cloudwatch_logs_delete_on_terminate"></a> [cloudwatch\_logs\_delete\_on\_terminate](#input\_cloudwatch\_logs\_delete\_on\_terminate) | Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days | `bool` | `true` | no |
+| <a name="input_cloudwatch_logs_health_delete_on_terminate"></a> [cloudwatch\_logs\_health\_delete\_on\_terminate](#input\_cloudwatch\_logs\_health\_delete\_on\_terminate) | Whether to delete the log group when the environment is terminated. If false, the health data is kept RetentionInDays days. | `bool` | `true` | no |
+| <a name="input_cloudwatch_logs_health_health_streaming_enabled"></a> [cloudwatch\_logs\_health\_health\_streaming\_enabled](#input\_cloudwatch\_logs\_health\_health\_streaming\_enabled) | For environments with enhanced health reporting enabled, whether to create a group in CloudWatch Logs for environment health and archive Elastic Beanstalk environment health data. For information about enabling enhanced health, see aws:elasticbeanstalk:healthreporting:system. | `bool` | `true` | no |
+| <a name="input_cloudwatch_logs_health_retention_in_days"></a> [cloudwatch\_logs\_health\_retention\_in\_days](#input\_cloudwatch\_logs\_health\_retention\_in\_days) | The number of days to keep the archived health data before it expires. | `number` | `3` | no |
+| <a name="input_cloudwatch_logs_retention_in_days"></a> [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | The number of days to keep log events before they expire. | `number` | `3` | no |
+| <a name="input_cloudwatch_logs_stream_logs"></a> [cloudwatch\_logs\_stream\_logs](#input\_cloudwatch\_logs\_stream\_logs) | Whether to create groups in CloudWatch Logs for proxy and deployment logs, and stream logs from each instance in your environment | `bool` | `true` | no |
+| <a name="input_default_listener_enabled"></a> [default\_listener\_enabled](#input\_default\_listener\_enabled) | Set to false to disable the listener. You can use this option to disable the default listener on port 80. | `bool` | `true` | no |
+| <a name="input_elb_scheme"></a> [elb\_scheme](#input\_elb\_scheme) | Specify `internal` if you want to create an internal load balancer in your Amazon VPC so that your Elastic Beanstalk application cannot be accessed from outside your Amazon VPC. | `string` | `"public"` | no |
+| <a name="input_environment_application"></a> [environment\_application](#input\_environment\_application) | The name of the application, must be unique within account. | `string` | `"Beanstalk Application"` | no |
+| <a name="input_environment_description"></a> [environment\_description](#input\_environment\_description) | Short description of the environment. | `string` | `"Beanstalk Environment"` | no |
+| <a name="input_environment_loadbalancer_type"></a> [environment\_loadbalancer\_type](#input\_environment\_loadbalancer\_type) | Load Balancer type, e.g. 'application' or 'classic'. | `string` | `"network"` | no |
+| <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | A unique name for this Environment. This name is used in the application URL. | `string` | `"Beanstalk-env"` | no |
+| <a name="input_environment_process_default_healthcheck_interval"></a> [environment\_process\_default\_healthcheck\_interval](#input\_environment\_process\_default\_healthcheck\_interval) | The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application. | `number` | `10` | no |
+| <a name="input_environment_process_default_healthy_threshold_count"></a> [environment\_process\_default\_healthy\_threshold\_count](#input\_environment\_process\_default\_healthy\_threshold\_count) | The number of consecutive successful requests before Elastic Load Balancing changes the instance health status. | `number` | `3` | no |
+| <a name="input_environment_process_default_port"></a> [environment\_process\_default\_port](#input\_environment\_process\_default\_port) | Port application is listening on. | `number` | `5000` | no |
+| <a name="input_environment_process_default_unhealthy_threshold_count"></a> [environment\_process\_default\_unhealthy\_threshold\_count](#input\_environment\_process\_default\_unhealthy\_threshold\_count) | The number of consecutive unsuccessful requests before Elastic Load Balancing changes the instance health status. | `number` | `3` | no |
+| <a name="input_environment_solution_stack_name"></a> [environment\_solution\_stack\_name](#input\_environment\_solution\_stack\_name) | A solution stack to base your environment off of. | `string` | `"64bit Amazon Linux 2 v3.3.11 running Python 3.8"` | no |
+| <a name="input_environment_tier"></a> [environment\_tier](#input\_environment\_tier) | The environment tier specified. | `string` | `"WebServer"` | no |
+| <a name="input_environment_type"></a> [environment\_type](#input\_environment\_type) | Environment type, e.g. 'LoadBalanced' or 'SingleInstance'. If setting to 'SingleInstance', `rolling_update_type` must be set to 'Time', `updating_min_in_service` must be set to 0, and `loadbalancer_subnets` will be unused (it applies to the ELB, which does not exist in SingleInstance environments). | `string` | `"LoadBalanced"` | no |
+| <a name="input_environment_variables"></a> [environment\_variables](#input\_environment\_variables) | Map of custom ENV variables to be provided to the application. | `map(string)` | `{}` | no |
+| <a name="input_environment_version_label"></a> [environment\_version\_label](#input\_environment\_version\_label) | The name of the Elastic Beanstalk Application Version to use in deployment. | `string` | `""` | no |
+| <a name="input_environment_wait_for_ready_timeout"></a> [environment\_wait\_for\_ready\_timeout](#input\_environment\_wait\_for\_ready\_timeout) | The maximum duration to wait for the Elastic Beanstalk Environment to be in a ready state before timing out | `string` | `"20m"` | no |
+| <a name="input_healthreporting_system_type"></a> [healthreporting\_system\_type](#input\_healthreporting\_system\_type) | Whether to enable enhanced health reporting for this environment | `string` | `"enhanced"` | no |
+| <a name="input_hostmanager_log_publication_control"></a> [hostmanager\_log\_publication\_control](#input\_hostmanager\_log\_publication\_control) | Copy the log files for your application's Amazon EC2 instances to the Amazon S3 bucket associated with your application | `bool` | `true` | no |
+| <a name="input_instances_instance_types"></a> [instances\_instance\_types](#input\_instances\_instance\_types) | Instances type | `string` | `"t3.medium"` | no |
+| <a name="input_managedactions_managed_actions_enabled"></a> [managedactions\_managed\_actions\_enabled](#input\_managedactions\_managed\_actions\_enabled) | Enable managed platform updates. When you set this to true, you must also specify a `PreferredStartTime` and `UpdateLevel` | `bool` | `true` | no |
+| <a name="input_managedactions_platformupdate_instance_refresh_enabled"></a> [managedactions\_platformupdate\_instance\_refresh\_enabled](#input\_managedactions\_platformupdate\_instance\_refresh\_enabled) | Enable weekly instance replacement. | `bool` | `true` | no |
+| <a name="input_managedactions_platformupdate_update_level"></a> [managedactions\_platformupdate\_update\_level](#input\_managedactions\_platformupdate\_update\_level) | The highest level of update to apply with managed platform updates | `string` | `"minor"` | no |
+| <a name="input_managedactions_preferred_start_time"></a> [managedactions\_preferred\_start\_time](#input\_managedactions\_preferred\_start\_time) | Configure a maintenance window for managed actions in UTC | `string` | `"Sun:10:00"` | no |
+| <a name="input_subnet_availability_zone"></a> [subnet\_availability\_zone](#input\_subnet\_availability\_zone) | AWS availability zone | `string` | `"us-east-1a"` | no |
+| <a name="input_vpc_cidr_block"></a> [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | The CIDR block for the association. | `string` | `"192.168.0.0/24"` | no |
+| <a name="input_vpc_enable_dns_hostnames"></a> [vpc\_enable\_dns\_hostnames](#input\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support. | `bool` | `true` | no |
+| <a name="input_vpc_enable_dns_support"></a> [vpc\_enable\_dns\_support](#input\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support. | `bool` | `true` | no |
+| <a name="input_vpc_instance_tenancy"></a> [vpc\_instance\_tenancy](#input\_vpc\_instance\_tenancy) | The allowed tenancy of instances launched into the selected VPC. | `string` | `"default"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_environment_cname"></a> [environment\_cname](#output\_environment\_cname) | n/a |
+| <a name="output_environment_name"></a> [environment\_name](#output\_environment\_name) | n/a |
+<!-- END_TF_DOCS --> \ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf
new file mode 100644
index 0000000000..c6fcbf858b
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf
@@ -0,0 +1,12 @@
+module "elastic_beanstalk_application" {
+ source = "../../terraform-aws-elastic-beanstalk-application"
+ application_description = "FD.io CSIT Results Dashboard"
+ application_name = "fdio-csit-dash-app"
+}
+
+module "elastic_beanstalk_environment" {
+ source = "../"
+ environment_application = module.elastic_beanstalk_application.application_name
+ environment_description = module.elastic_beanstalk_application.application_description
+ environment_name = "fdio-csit-dash-env"
+}
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf
new file mode 100644
index 0000000000..290e2a1c5a
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf
@@ -0,0 +1,9 @@
+output "elastic_beanstalk_application_name" {
+ value = module.elastic_beanstalk_application.application_name
+ description = "Elastic Beanstalk Application name"
+}
+
+output "elastic_beanstalk_application_description" {
+ value = module.elastic_beanstalk_application.application_description
+ description = "Elastic Beanstalk Application description"
+}
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf
new file mode 100644
index 0000000000..5ff54f0d65
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+ region = var.region
+} \ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf
new file mode 100644
index 0000000000..3c07178e06
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf
@@ -0,0 +1,23 @@
+variable "region" {
+ description = "AWS Region."
+ type = string
+ default = "us-east-1"
+}
+
+variable "environment_application" {
+ description = "The name of the application, must be unique within account."
+ type = string
+ default = "Beanstalk Application"
+}
+
+variable "application_description" {
+ description = "Short description of the application."
+ type = string
+ default = "Beanstalk Application"
+}
+
+variable "application_name" {
+ description = "The name of the application, must be unique within account."
+ type = string
+ default = "Beanstalk"
+}
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf
new file mode 100644
index 0000000000..af1be4a4e1
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf
@@ -0,0 +1,9 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 4.3.0"
+ }
+ }
+ required_version = ">= 1.1.4"
+}
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
new file mode 100644
index 0000000000..7fbf50c711
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf
@@ -0,0 +1,567 @@
+locals {
+ tags = {
+ "Name" = "${var.application_name}"
+ "Environment" = "${var.application_name}"
+ }
+}
+
+# Create elastic beanstalk VPC
+resource "aws_vpc" "vpc" {
+ assign_generated_ipv6_cidr_block = true
+ cidr_block = var.vpc_cidr_block
+ enable_dns_hostnames = var.vpc_enable_dns_hostnames
+ enable_dns_support = var.vpc_enable_dns_support
+ instance_tenancy = var.vpc_instance_tenancy
+ tags = local.tags
+}
+
+# Create elastic beanstalk Subnets
+resource "aws_subnet" "subnet" {
+ depends_on = [
+ aws_vpc.vpc
+ ]
+ availability_zone = var.subnet_availability_zone
+ assign_ipv6_address_on_creation = true
+ cidr_block = aws_vpc.vpc.cidr_block
+ ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1)
+ map_public_ip_on_launch = true
+ vpc_id = aws_vpc.vpc.id
+ tags = local.tags
+}
+
+resource "aws_internet_gateway" "internet_gateway" {
+ depends_on = [
+ aws_vpc.vpc
+ ]
+ vpc_id = aws_vpc.vpc.id
+ tags = local.tags
+}
+
+resource "aws_route" "route" {
+ depends_on = [
+ aws_vpc.vpc,
+ aws_internet_gateway.internet_gateway
+ ]
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = aws_internet_gateway.internet_gateway.id
+ route_table_id = aws_vpc.vpc.main_route_table_id
+}
+
+# Create elastic beanstalk IAM mapping
+data "aws_iam_policy_document" "service" {
+ statement {
+ actions = [
+ "sts:AssumeRole"
+ ]
+ principals {
+ type = "Service"
+ identifiers = ["elasticbeanstalk.amazonaws.com"]
+ }
+ effect = "Allow"
+ }
+}
+
+resource "aws_iam_role" "service" {
+ assume_role_policy = data.aws_iam_policy_document.service.json
+ name = "${var.application_name}-eb-service"
+}
+
+resource "aws_iam_role_policy_attachment" "enhanced_health" {
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth"
+ role = aws_iam_role.service.name
+}
+
+resource "aws_iam_role_policy_attachment" "service" {
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService"
+ role = aws_iam_role.service.name
+}
+
+data "aws_iam_policy_document" "ec2" {
+ statement {
+ actions = [
+ "sts:AssumeRole"
+ ]
+ principals {
+ type = "Service"
+ identifiers = ["ec2.amazonaws.com"]
+ }
+ effect = "Allow"
+ }
+ statement {
+ actions = [
+ "sts:AssumeRole",
+ ]
+ principals {
+ type = "Service"
+ identifiers = ["ssm.amazonaws.com"]
+ }
+ effect = "Allow"
+ }
+}
+
+resource "aws_iam_role" "ec2" {
+ assume_role_policy = data.aws_iam_policy_document.ec2.json
+ name = "${var.application_name}-eb-ec2"
+}
+
+resource "aws_iam_instance_profile" "ec2_iam_instance_profile" {
+ name = "${var.application_name}-iam-instance-profile"
+ role = aws_iam_role.ec2.name
+}
+
+resource "aws_iam_role_policy_attachment" "multicontainer_docker" {
+ policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker"
+ role = aws_iam_role.ec2.name
+}
+
+resource "aws_iam_role_policy_attachment" "web_tier" {
+ policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier"
+ role = aws_iam_role.ec2.name
+}
+
+resource "aws_iam_role_policy_attachment" "worker_tier" {
+ policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier"
+ role = aws_iam_role.ec2.name
+}
+
+resource "aws_iam_role_policy_attachment" "ssm_automation" {
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole"
+ role = aws_iam_role.ec2.name
+}
+
+resource "aws_iam_role_policy_attachment" "ssm_ec2" {
+ policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+ role = aws_iam_role.ec2.name
+}
+
+resource "aws_iam_role_policy_attachment" "ecr_readonly" {
+ policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+ role = aws_iam_role.ec2.name
+}
+
+resource "aws_ssm_activation" "ec2" {
+ depends_on = [
+ aws_iam_role.ec2,
+ aws_iam_role_policy_attachment.ssm_ec2
+ ]
+ name = "${var.application_name}-ec2-activation"
+ iam_role = aws_iam_role.ec2.id
+ registration_limit = 3
+}
+
+data "aws_iam_policy_document" "default" {
+ statement {
+ actions = [
+ "elasticloadbalancing:DescribeInstanceHealth",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeTargetHealth",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceStatus",
+ "ec2:GetConsoleOutput",
+ "ec2:AssociateAddress",
+ "ec2:DescribeAddresses",
+ "ec2:DescribeSecurityGroups",
+ "sqs:GetQueueAttributes",
+ "sqs:GetQueueUrl",
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeAutoScalingInstances",
+ "autoscaling:DescribeScalingActivities",
+ "autoscaling:DescribeNotificationConfigurations",
+ ]
+ resources = ["*"]
+ effect = "Allow"
+ }
+
+ statement {
+ sid = "AllowOperations"
+ actions = [
+ "autoscaling:AttachInstances",
+ "autoscaling:CreateAutoScalingGroup",
+ "autoscaling:CreateLaunchConfiguration",
+ "autoscaling:DeleteLaunchConfiguration",
+ "autoscaling:DeleteAutoScalingGroup",
+ "autoscaling:DeleteScheduledAction",
+ "autoscaling:DescribeAccountLimits",
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeAutoScalingInstances",
+ "autoscaling:DescribeLaunchConfigurations",
+ "autoscaling:DescribeLoadBalancers",
+ "autoscaling:DescribeNotificationConfigurations",
+ "autoscaling:DescribeScalingActivities",
+ "autoscaling:DescribeScheduledActions",
+ "autoscaling:DetachInstances",
+ "autoscaling:PutScheduledUpdateGroupAction",
+ "autoscaling:ResumeProcesses",
+ "autoscaling:SetDesiredCapacity",
+ "autoscaling:SetInstanceProtection",
+ "autoscaling:SuspendProcesses",
+ "autoscaling:TerminateInstanceInAutoScalingGroup",
+ "autoscaling:UpdateAutoScalingGroup",
+ "cloudwatch:PutMetricAlarm",
+ "ec2:AssociateAddress",
+ "ec2:AllocateAddress",
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:CreateSecurityGroup",
+ "ec2:DeleteSecurityGroup",
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeAddresses",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeKeyPairs",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:DisassociateAddress",
+ "ec2:ReleaseAddress",
+ "ec2:RevokeSecurityGroupEgress",
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:TerminateInstances",
+ "ecs:CreateCluster",
+ "ecs:DeleteCluster",
+ "ecs:DescribeClusters",
+ "ecs:RegisterTaskDefinition",
+ "elasticbeanstalk:*",
+ "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
+ "elasticloadbalancing:ConfigureHealthCheck",
+ "elasticloadbalancing:CreateLoadBalancer",
+ "elasticloadbalancing:DeleteLoadBalancer",
+ "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+ "elasticloadbalancing:DescribeInstanceHealth",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeTargetHealth",
+ "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
+ "elasticloadbalancing:DescribeTargetGroups",
+ "elasticloadbalancing:RegisterTargets",
+ "elasticloadbalancing:DeregisterTargets",
+ "iam:ListRoles",
+ "iam:PassRole",
+ "logs:CreateLogGroup",
+ "logs:PutRetentionPolicy",
+ "rds:DescribeDBEngineVersions",
+ "rds:DescribeDBInstances",
+ "rds:DescribeOrderableDBInstanceOptions",
+ "s3:GetObject",
+ "s3:GetObjectAcl",
+ "s3:ListBucket",
+ "sns:CreateTopic",
+ "sns:GetTopicAttributes",
+ "sns:ListSubscriptionsByTopic",
+ "sns:Subscribe",
+ "sqs:GetQueueAttributes",
+ "sqs:GetQueueUrl",
+ "codebuild:CreateProject",
+ "codebuild:DeleteProject",
+ "codebuild:BatchGetBuilds",
+ "codebuild:StartBuild",
+ ]
+ resources = ["*"]
+ effect = "Allow"
+ }
+
+ statement {
+ sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
+ actions = [
+ "s3:*"
+ ]
+ resources = [
+ "arn:aws:s3:::*"
+ ]
+ effect = "Allow"
+ }
+
+ statement {
+ sid = "AllowDeleteCloudwatchLogGroups"
+ actions = [
+ "logs:DeleteLogGroup"
+ ]
+ resources = [
+ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
+ ]
+ effect = "Allow"
+ }
+
+ statement {
+ sid = "AllowCloudformationOperationsOnElasticBeanstalkStacks"
+ actions = [
+ "cloudformation:*"
+ ]
+ resources = [
+ "arn:aws:cloudformation:*:*:stack/awseb-*",
+ "arn:aws:cloudformation:*:*:stack/eb-*"
+ ]
+ effect = "Allow"
+ }
+}
+
+resource "aws_iam_role_policy" "default" {
+ depends_on = [
+ aws_iam_role.ec2
+ ]
+ name = "${var.application_name}-eb-default"
+ policy = data.aws_iam_policy_document.default.json
+ role = aws_iam_role.ec2.id
+}
+
+# Create elastic beanstalk Environment
+resource "aws_elastic_beanstalk_environment" "environment" {
+ depends_on = [
+ aws_vpc.vpc,
+ aws_subnet.subnet,
+ aws_ssm_activation.ec2
+ ]
+ application = var.environment_application
+ description = var.environment_description
+ name = var.environment_name
+ solution_stack_name = var.environment_solution_stack_name
+ tier = var.environment_tier
+ wait_for_ready_timeout = var.environment_wait_for_ready_timeout
+ version_label = var.environment_version_label
+ tags = local.tags
+
+ # aws:ec2:instances
+ setting {
+ namespace = "aws:ec2:instances"
+ name = "InstanceTypes"
+ value = var.instances_instance_types
+ }
+
+ # aws:ec2:vpc
+ setting {
+ namespace = "aws:ec2:vpc"
+ name = "VPCId"
+ value = aws_vpc.vpc.id
+ }
+
+ setting {
+ namespace = "aws:ec2:vpc"
+ name = "Subnets"
+ value = aws_subnet.subnet.id
+ }
+
+ setting {
+ namespace = "aws:ec2:vpc"
+ name = "ELBSubnets"
+ value = aws_subnet.subnet.id
+ }
+
+ setting {
+ namespace = "aws:ec2:vpc"
+ name = "ELBScheme"
+ value = var.environment_type == "LoadBalanced" ? var.elb_scheme : ""
+ }
+
+ setting {
+ namespace = "aws:ec2:vpc"
+ name = "AssociatePublicIpAddress"
+ value = var.associate_public_ip_address
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:application"
+ name = "Application Healthcheck URL"
+ value = "/"
+ }
+
+ # aws:elbv2:listener:default
+ setting {
+ namespace = "aws:elbv2:listener:default"
+ name = "ListenerEnabled"
+ value = var.default_listener_enabled
+ }
+
+ # aws:elasticbeanstalk:environment
+ setting {
+ namespace = "aws:elasticbeanstalk:environment"
+ name = "LoadBalancerType"
+ value = var.environment_loadbalancer_type
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:environment"
+ name = "ServiceRole"
+ value = aws_iam_role.service.name
+ }
+
+ # aws:elasticbeanstalk:environment:process:default
+ setting {
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthCheckInterval"
+ value = var.environment_process_default_healthcheck_interval
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "HealthyThresholdCount"
+ value = var.environment_process_default_healthy_threshold_count
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Port"
+ value = var.environment_process_default_port
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "Protocol"
+ value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP"
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:environment:process:default"
+ name = "UnhealthyThresholdCount"
+ value = var.environment_process_default_unhealthy_threshold_count
+ }
+
+ # aws:autoscaling:launchconfiguration
+ setting {
+ namespace = "aws:autoscaling:launchconfiguration"
+ name = "IamInstanceProfile"
+ value = aws_iam_instance_profile.ec2_iam_instance_profile.name
+ }
+
+ # aws:elasticbeanstalk:healthreporting:system
+ setting {
+ namespace = "aws:elasticbeanstalk:healthreporting:system"
+ name = "SystemType"
+ value = var.healthreporting_system_type
+ }
+
+ # aws:elasticbeanstalk:managedactions
+ setting {
+ namespace = "aws:elasticbeanstalk:managedactions"
+ name = "ManagedActionsEnabled"
+ value = var.managedactions_managed_actions_enabled ? "true" : "false"
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:managedactions"
+ name = "PreferredStartTime"
+ value = var.managedactions_preferred_start_time
+ }
+
+ # aws:elasticbeanstalk:managedactions:platformupdate
+ setting {
+ namespace = "aws:elasticbeanstalk:managedactions:platformupdate"
+ name = "UpdateLevel"
+ value = var.managedactions_platformupdate_update_level
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:managedactions:platformupdate"
+ name = "InstanceRefreshEnabled"
+ value = var.managedactions_platformupdate_instance_refresh_enabled
+ }
+
+ # aws:autoscaling:asg
+ setting {
+ namespace = "aws:autoscaling:asg"
+ name = "MinSize"
+ value = var.autoscaling_asg_minsize
+ }
+ setting {
+ namespace = "aws:autoscaling:asg"
+ name = "MaxSize"
+ value = var.autoscaling_asg_maxsize
+ }
+
+ # aws:autoscaling:trigger
+ setting {
+ namespace = "aws:autoscaling:trigger"
+ name = "MeasureName"
+ value = var.autoscaling_trigger_measure_name
+ }
+
+ setting {
+ namespace = "aws:autoscaling:trigger"
+ name = "Statistic"
+ value = var.autoscaling_trigger_statistic
+ }
+
+ setting {
+ namespace = "aws:autoscaling:trigger"
+ name = "Unit"
+ value = var.autoscaling_trigger_unit
+ }
+
+ setting {
+ namespace = "aws:autoscaling:trigger"
+ name = "LowerThreshold"
+ value = var.autoscaling_trigger_lower_threshold
+ }
+
+ setting {
+ namespace = "aws:autoscaling:trigger"
+ name = "LowerBreachScaleIncrement"
+ value = var.autoscaling_trigger_lower_breach_scale_increment
+ }
+
+ setting {
+ namespace = "aws:autoscaling:trigger"
+ name = "UpperThreshold"
+ value = var.autoscaling_trigger_upper_threshold
+ }
+
+ setting {
+ namespace = "aws:autoscaling:trigger"
+ name = "UpperBreachScaleIncrement"
+ value = var.autoscaling_trigger_upper_breach_scale_increment
+ }
+
+ # aws:elasticbeanstalk:hostmanager
+ setting {
+ namespace = "aws:elasticbeanstalk:hostmanager"
+ name = "LogPublicationControl"
+ value = var.hostmanager_log_publication_control ? "true" : "false"
+ }
+
+ # aws:elasticbeanstalk:cloudwatch:logs
+ setting {
+ namespace = "aws:elasticbeanstalk:cloudwatch:logs"
+ name = "StreamLogs"
+ value = var.cloudwatch_logs_stream_logs ? "true" : "false"
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:cloudwatch:logs"
+ name = "DeleteOnTerminate"
+ value = var.cloudwatch_logs_delete_on_terminate ? "true" : "false"
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:cloudwatch:logs"
+ name = "RetentionInDays"
+ value = var.cloudwatch_logs_retention_in_days
+ }
+
+ # aws:elasticbeanstalk:cloudwatch:logs:health
+ setting {
+ namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
+ name = "HealthStreamingEnabled"
+ value = var.cloudwatch_logs_health_health_streaming_enabled ? "true" : "false"
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
+ name = "DeleteOnTerminate"
+ value = var.cloudwatch_logs_health_delete_on_terminate ? "true" : "false"
+ }
+
+ setting {
+ namespace = "aws:elasticbeanstalk:cloudwatch:logs:health"
+ name = "RetentionInDays"
+ value = var.cloudwatch_logs_health_retention_in_days
+ }
+
+ # aws:elasticbeanstalk:application:environment
+ dynamic "setting" {
+ for_each = var.environment_variables
+ content {
+ namespace = "aws:elasticbeanstalk:application:environment"
+ name = setting.key
+ value = setting.value
+ }
+ }
+}
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf
new file mode 100644
index 0000000000..de7cdae87b
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf
@@ -0,0 +1,7 @@
+output "environment_cname" {
+ value = aws_elastic_beanstalk_environment.environment.cname
+}
+
+output "environment_name" {
+ value = aws_elastic_beanstalk_environment.environment.name
+} \ No newline at end of file
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf
new file mode 100644
index 0000000000..c2a1ea3cf7
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf
@@ -0,0 +1,311 @@
+# Variables for elastic beanstalk VPC
+variable "vpc_cidr_block" {
+ description = "The CIDR block for the association."
+ type = string
+ default = "192.168.0.0/24"
+}
+
+variable "vpc_enable_dns_hostnames" {
+ description = "Whether or not the VPC has DNS hostname support."
+ type = bool
+ default = true
+}
+
+variable "vpc_enable_dns_support" {
+ description = "Whether or not the VPC has DNS support."
+ type = bool
+ default = true
+}
+
+variable "vpc_instance_tenancy" {
+ description = "The allowed tenancy of instances launched into the selected VPC."
+ type = string
+ default = "default"
+}
+
+# Variables for elastic beanstalk Subnet
+variable "subnet_availability_zone" {
+ description = "AWS availability zone"
+ type = string
+ default = "us-east-1a"
+}
+
+# Variables for elastic beanstalk Application
+variable "environment_application" {
+ description = "The name of the application, must be unique within account."
+ type = string
+ default = "Beanstalk Application"
+}
+
+variable "application_description" {
+ description = "Short description of the application."
+ type = string
+ default = "Beanstalk Application"
+}
+
+variable "application_name" {
+ description = "The name of the application, must be unique within account."
+ type = string
+ default = "Beanstalk"
+}
+
+variable "appversion_lifecycle_service_role_arn" {
+ description = "The service role ARN to use for application version cleanup. If left empty, the `appversion_lifecycle` block will not be created."
+ type = string
+ default = ""
+}
+
+variable "appversion_lifecycle_max_count" {
+ description = "The max number of application versions to keep"
+ type = number
+ default = 2
+}
+
+variable "appversion_lifecycle_delete_source_from_s3" {
+ description = "Whether to delete application versions from S3 source"
+ type = bool
+ default = false
+}
+
+# Variables for elastic beanstalk Environment
+variable "environment_description" {
+ description = "Short description of the environment."
+ type = string
+ default = "Beanstalk Environment"
+}
+
+variable "environment_name" {
+ description = "A unique name for this Environment. This name is used in the application URL."
+ type = string
+ default = "Beanstalk-env"
+}
+
+variable "environment_solution_stack_name" {
+ description = "A solution stack to base your environment off of."
+ type = string
+ default = "64bit Amazon Linux 2 v3.3.11 running Python 3.8"
+}
+
+variable "environment_tier" {
+ description = "The environment tier specified."
+ type = string
+ default = "WebServer"
+}
+
+variable "environment_wait_for_ready_timeout" {
+ description = "The maximum duration to wait for the Elastic Beanstalk Environment to be in a ready state before timing out"
+ type = string
+ default = "20m"
+}
+
+variable "environment_version_label" {
+ description = "The name of the Elastic Beanstalk Application Version to use in deployment."
+ type = string
+ default = ""
+}
+
+# aws:ec2:instances
+variable "instances_instance_types" {
+ description = "Instances type"
+ type = string
+ default = "t3.medium"
+}
+
+# aws:ec2:vpc
+variable "associate_public_ip_address" {
+ description = "Whether to associate public IP addresses to the instances."
+ type = bool
+ default = true
+}
+
+variable "elb_scheme" {
+ description = "Specify `internal` if you want to create an internal load balancer in your Amazon VPC so that your Elastic Beanstalk application cannot be accessed from outside your Amazon VPC."
+ type = string
+ default = "public"
+}
+
+# aws:elbv2:listener:default
+variable "default_listener_enabled" {
+ description = "Set to false to disable the listener. You can use this option to disable the default listener on port 80."
+ type = bool
+ default = true
+}
+
+# aws:elasticbeanstalk:environment
+variable "environment_loadbalancer_type" {
+ description = "Load Balancer type, e.g. 'application' or 'classic'."
+ type = string
+ default = "network"
+}
+
+# aws:elasticbeanstalk:environment:process:default
+variable "environment_process_default_healthcheck_interval" {
+ description = "The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application."
+ type = number
+ default = 10
+}
+
+variable "environment_process_default_healthy_threshold_count" {
+ description = "The number of consecutive successful requests before Elastic Load Balancing changes the instance health status."
+ type = number
+ default = 3
+}
+
+variable "environment_process_default_port" {
+ description = "Port application is listening on."
+ type = number
+ default = 5000
+}
+
+variable "environment_process_default_unhealthy_threshold_count" {
+ description = "The number of consecutive unsuccessful requests before Elastic Load Balancing changes the instance health status."
+ type = number
+ default = 3
+}
+
+# aws:elasticbeanstalk:healthreporting:system
+variable "healthreporting_system_type" {
+ description = "Whether to enable enhanced health reporting for this environment"
+ type = string
+ default = "enhanced"
+}
+
+# aws:elasticbeanstalk:managedactions
+variable "managedactions_managed_actions_enabled" {
+ description = "Enable managed platform updates. When you set this to true, you must also specify a `PreferredStartTime` and `UpdateLevel`"
+ type = bool
+ default = true
+}
+
+variable "managedactions_preferred_start_time" {
+ description = "Configure a maintenance window for managed actions in UTC"
+ type = string
+ default = "Sun:10:00"
+}
+
+# aws:elasticbeanstalk:managedactions:platformupdate
+variable "managedactions_platformupdate_update_level" {
+ description = "The highest level of update to apply with managed platform updates"
+ type = string
+ default = "minor"
+}
+
+variable "managedactions_platformupdate_instance_refresh_enabled" {
+ description = "Enable weekly instance replacement."
+ type = bool
+ default = true
+}
+
+# aws:autoscaling:asg
+variable "autoscaling_asg_minsize" {
+ description = "Minumum instances to launch"
+ type = number
+ default = 1
+}
+
+variable "autoscaling_asg_maxsize" {
+ description = "Maximum instances to launch"
+ type = number
+ default = 2
+}
+
+# aws:autoscaling:trigger
+variable "autoscaling_trigger_measure_name" {
+ description = "Metric used for your Auto Scaling trigger"
+ type = string
+ default = "CPUUtilization"
+}
+
+variable "autoscaling_trigger_statistic" {
+ description = "Statistic the trigger should use, such as Average"
+ type = string
+ default = "Average"
+}
+
+variable "autoscaling_trigger_unit" {
+ description = "Unit for the trigger measurement, such as Bytes"
+ type = string
+ default = "Percent"
+}
+
+variable "autoscaling_trigger_lower_threshold" {
+ description = "Minimum level of autoscale metric to remove an instance"
+ type = number
+ default = 20
+}
+
+variable "autoscaling_trigger_lower_breach_scale_increment" {
+ description = "How many Amazon EC2 instances to remove when performing a scaling activity."
+ type = number
+ default = -1
+}
+
+variable "autoscaling_trigger_upper_threshold" {
+ description = "Maximum level of autoscale metric to add an instance"
+ type = number
+ default = 80
+}
+
+variable "autoscaling_trigger_upper_breach_scale_increment" {
+ description = "How many Amazon EC2 instances to add when performing a scaling activity"
+ type = number
+ default = 1
+}
+
+# aws:elasticbeanstalk:hostmanager
+variable "hostmanager_log_publication_control" {
+ description = "Copy the log files for your application's Amazon EC2 instances to the Amazon S3 bucket associated with your application"
+ type = bool
+ default = true
+}
+
+# aws:elasticbeanstalk:cloudwatch:logs
+variable "cloudwatch_logs_stream_logs" {
+ description = "Whether to create groups in CloudWatch Logs for proxy and deployment logs, and stream logs from each instance in your environment"
+ type = bool
+ default = true
+}
+
+variable "cloudwatch_logs_delete_on_terminate" {
+ description = "Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days"
+ type = bool
+ default = true
+}
+
+variable "cloudwatch_logs_retention_in_days" {
+ description = "The number of days to keep log events before they expire."
+ type = number
+ default = 3
+}
+
+# aws:elasticbeanstalk:cloudwatch:logs:health
+variable "cloudwatch_logs_health_health_streaming_enabled" {
+ description = "For environments with enhanced health reporting enabled, whether to create a group in CloudWatch Logs for environment health and archive Elastic Beanstalk environment health data. For information about enabling enhanced health, see aws:elasticbeanstalk:healthreporting:system."
+ type = bool
+ default = true
+}
+
+variable "cloudwatch_logs_health_delete_on_terminate" {
+ description = "Whether to delete the log group when the environment is terminated. If false, the health data is kept RetentionInDays days."
+ type = bool
+ default = true
+}
+
+variable "cloudwatch_logs_health_retention_in_days" {
+ description = "The number of days to keep the archived health data before it expires."
+ type = number
+ default = 3
+}
+
+variable "environment_type" {
+ description = "Environment type, e.g. 'LoadBalanced' or 'SingleInstance'. If setting to 'SingleInstance', `rolling_update_type` must be set to 'Time', `updating_min_in_service` must be set to 0, and `loadbalancer_subnets` will be unused (it applies to the ELB, which does not exist in SingleInstance environments)."
+ type = string
+ default = "LoadBalanced"
+}
+
+# aws:elasticbeanstalk:application:environment
+variable "environment_variables" {
+ description = "Map of custom ENV variables to be provided to the application."
+ type = map(string)
+ default = {}
+}
diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf
new file mode 100644
index 0000000000..d0e9db34f5
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 4.3.0"
+ }
+ vault = {
+ version = ">= 3.2.1"
+ }
+ }
+ required_version = ">= 1.1.4"
+}