shared_credentials_file = { file = "xxx" profile = "default" } system_desc = { vpc_cidr_block = "10.0.0.0/16" group = "dev" program = "bank" deploy_region = "us-east-1" zone_count = 2 rdp_file_key_pair = "xxx" provisioning_bucket = "xxx-provisioning-dev-bank" network_lb_static_ips = false global_instance_role = "AmazonSSMRoleForInstancesQuickSetup" limit_nat_gateways = true bucket_name_global_prefix = "newco" shared_resource_environment = "std" #waf_rule_set = ["AWSManagedRulesAmazonIpReputationList", "AWSManagedRulesCommonRuleSet", "AWSManagedRulesSQLiRuleSet", "AWSManagedRulesWindowsRuleSet"] isolate_environments = false } machine_images = [ { name = "WindowsServer2019" owner = ["amazon"] filter = { name = "name", value = "Windows_Server-2019-English-Full-Base*" } }, ] environments = [ { name = "std" id = 88 production_system = false configuration_folder = "CloudBase" buckets = ["images", "folders"] user_data_ad_hoc = "/stored/issuancepwd,/stored/rlpwd" subsystems = [ { # public load balancer name = "publb" }, { # web tier name = "web" ingress = [ { port = 3001 protocol = "HTTP" stickiness_duration = 600 description = "nodejs" listens_to = ["publb"] }] machines = [{ scaling_groups = [{ machine_image = "WindowsServer2019" instance_role = "AmazonSSMRoleForInstancesQuickSetup" instance_type = "t3a.large" additional_ingress = ["endpt", "tkn"] count = 2 user_data = "userData.txt" health_check = { path = "/proxy-api/config/versions" } }, ] }] }, { # private load balancer name = "prvlb" ingress = [ { port = 80 protocol = "HTTP" description = "reports" listens_to = ["web"] }] }, { # app tier name = "app" ingress = [ { port = 8080 protocol = "HTTP" description = "wildfly" listens_to = ["prvlb"] }] machines = [{ scaling_groups = [{ machine_image = "WindowsServer2019" instance_type = "c5.xlarge" additional_ingress = ["endpt", "tkn"] count = 2 max = 10 target_cpu = 70 user_data = "userData.txt" health_check = { path = "/issuance/" } }, ] }] }, { # database security group name = "dbs" ingress = [ { port = 5432 protocol = "TCP" description = "postgresql" listens_to = ["app"] }] }, { # security group for aws vpc endpoints name = "endpt" ingress = [ { port = 443 protocol = "HTTPS" description = "secure socket" listens_to = ["endpt"] } ] }, { name = "tkn" description = "allows server to receive tkn from jwt service" ingress = [ { port = 8088 protocol = "TCP" description = "app tkn" listens_to = ["app"] }, { port = 7080 protocol = "TCP" description = "app tkn" listens_to = ["app"] } ] }, ] load_balancers = [ { name = "public" public = true type = "application" add_to_waf = true subsystems = ["publb"] listeners = [ { port = 3001 protocol = "HTTP" rules = [ { forward = "web" } ] } ] }, { name = "private" public = false type = "application" subsystems = ["prvlb"] listeners = [ { port = 8080 protocol = "HTTP" rules = [ { forward = "app" } ] } ] } ] databases = [ { type = "aurora postgresql" subsystem = "dbs" name = "issuance" username = "administrator" password = "/stored/administratorpwd" instance_type = "db.r4.large" read_replicas = 0 }, ] }, ]