The Data Integration Building Blocks (DIBBs) project is an effort to help state, local, territorial, and tribal public health departments better make sense of and utilize their data. You can read more about the project on the main DIBBs repository.
This repository is specifically to develop an AWS "starter kit" for the DIBBs project. This will enable our jurisdictional partners to build from this repository to provision their own AWS infrastructure.
This repository constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. This repository is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication. All contributions to this repository will be released under the CC0 dedication. By submitting a pull request you are agreeing to comply with this waiver of copyright interest.
The repository utilizes code licensed under the terms of the Apache Software License and therefore is licensed under ASL v2 or later.
This source code in this repository is free: you can redistribute it and/or modify it under the terms of the Apache Software License version 2, or (at your option) any later version.
This source code in this repository is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Apache Software License for more details.
You should have received a copy of the Apache Software License along with this program. If not, see http://www.apache.org/licenses/LICENSE-2.0.html.
The source code forked from other open source projects will inherit its license.
This repository contains only non-sensitive, publicly available data and information. All material and community participation is covered by the Disclaimer and Code of Conduct. For more information about CDC's privacy policy, please visit http://www.cdc.gov/other/privacy.html.
Anyone is encouraged to contribute to the repository by forking and submitting a pull request. (If you are new to GitHub, you might start with a basic tutorial.) By contributing to this project, you grant a world-wide, royalty-free, perpetual, irrevocable, non-exclusive, transferable license to all users under the terms of the Apache Software License v2 or later.
All comments, messages, pull requests, and other submissions received through CDC including this GitHub page may be subject to applicable federal law, including but not limited to the Federal Records Act, and may be archived. Learn more at http://www.cdc.gov/other/privacy.html.
This repository is not a source of government records, but is a copy to increase collaboration and collaborative potential. All government records will be published through the CDC web site.
Please refer to CDC's Template Repository for more information about contributing to this repository, public domain notices and disclaimers, and code of conduct.
The current architectural design for dibbs-aws is as follows:
| Name | Version |
|---|---|
| terraform | ~> 1.9.0 |
| aws | ~> 5.56.1 |
| dockerless | ~> 0.1.1 |
| null | ~> 3.2.3 |
| random | ~> 3.6.3 |
| Name | Version |
|---|---|
| aws | ~> 5.56.1 |
| dockerless | ~> 0.1.1 |
| null | ~> 3.2.3 |
| random | ~> 3.6.3 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| appmesh_name | Name of the AWS App Mesh | string |
"" |
no |
| certificate_arn | ARN of the SSL certificate that enables ssl termination on the ALB | string |
"" |
no |
| cloudmap_namespace_name | Name of the AWS Cloud Map namespace | string |
"" |
no |
| cw_retention_in_days | Retention period in days for CloudWatch logs | number |
30 |
no |
| disable_ecr | Flag to disable the aws ecr service for docker image storage, defaults to false | bool |
false |
no |
| ecr_viewer_app_env | The current environment that is running. This may modify behavior of auth between dev and prod. | string |
"prod" |
no |
| ecr_viewer_auth_pub_key | The public key used to validate the incoming authenication for the eCR Viewer. | string |
"-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqjrH9PprQCB5dX15zYfd\nS6K2ezNi/ZOu8vKEhQuLqwHACy1iUt1Yyp2PZLIV7FVDgBHMMVWPVx3GJ2wEyaJw\nMHkv6XNpUpWLhbs0V1T7o/OZfEIqcNua07OEoBxX9vhKIHtaksWdoMyKRXQJz0js\noWpawfOWxETnLqGvybT4yvY2RJhquTXLcLu90L4LdvIkADIZshaOtAU/OwI5ATcb\nfE3ip15E6jIoUm7FAtfRiuncpI5l/LJPP6fvwf8QCbbUJBZklLqcUuf4qe/L/nIq\npIONb8KZFWPhnGeRZ9bwIcqYWt3LAAshQLSGEYl2PGXaqbkUD2XLETSKDjisxd0g\n9j8bIMPgBKi+dBYcmBZnR7DxJe+vEDDw8prHG/+HRy5fim/BcibTKnIl8PR5yqHa\nmWQo7N+xXhILdD9e33KLRgbg97+erHqvHlNMdwDhAfrBT+W6GCdPwp3cePPsbhsc\noGSHOUDhzyAujr0J8h5WmZDGUNWjGzWqubNZD8dBXB8x+9dDoWhfM82nw0pvAeKf\nwJodvn3Qo8/S5hxJ6HyGkUTANKN8IxWh/6R5biET5BuztZP6jfPEaOAnt6sq+C38\nhR9rUr59dP2BTlcJ19ZXobLwuJEa81S5BrcbDwYNOAzC8jl2EV1i4bQIwJJaY27X\nIynom6unaheZpS4DFIh2w9UCAwEAAQ==\n-----END PUBLIC KEY-----\n" |
no |
| ecs_alb_name | Name of the Application Load Balancer (ALB) | string |
"" |
no |
| ecs_alb_tg_name | Name of the ALB Target Group | string |
"" |
no |
| ecs_cloudwatch_group | Name of the AWS CloudWatch Log Group for ECS | string |
"" |
no |
| ecs_cluster_name | Name of the ECS Cluster | string |
"" |
no |
| ecs_task_execution_role_name | Name of the ECS Task Execution Role | string |
"" |
no |
| ecs_task_role_name | Name of the ECS Task Role | string |
"" |
no |
| enable_autoscaling | Flag to enable autoscaling for the ECS services | bool |
true |
no |
| internal | Flag to determine if the several AWS resources are public (intended for external access, public internet) or private (only intended to be accessed within your AWS VPC or avaiable with other means, a transit gateway for example). | bool |
true |
no |
| owner | Owner of the resources | string |
"CDC" |
no |
| phdi_version | Version of the PHDI application | string |
"v1.6.9" |
no |
| postgres_database_data | n/a | object({ |
{ |
no |
| private_subnet_ids | List of private subnet IDs | list(string) |
n/a | yes |
| project | The project name | string |
"dibbs" |
no |
| public_subnet_ids | List of public subnet IDs | list(string) |
n/a | yes |
| region | The AWS region where resources are created | string |
n/a | yes |
| s3_viewer_bucket_name | Name of the S3 bucket for the viewer | string |
"" |
no |
| s3_viewer_bucket_role_name | Name of the IAM role for the ecr-viewer bucket | string |
"" |
no |
| service_data | Data for the DIBBS services | map(object({ |
{} |
no |
| sqlserver_database_data | n/a | object({ |
{ |
no |
| tags | Tags to apply to resources | map(string) |
{} |
no |
| vpc_id | ID of the VPC | string |
n/a | yes |
| Name | Description |
|---|---|
| alb_arn | n/a |
| alb_listener_arn | n/a |
| alb_security_group_arn | n/a |
| alb_target_groups_arns | n/a |
| ecs_cluster_arn | n/a |
| ecs_security_group_arn | n/a |
| ecs_task_definitions_arns | n/a |
| ecs_task_execution_role_arn | n/a |
| ecs_task_role_arn | n/a |
| http_alb_listener_rules_arns | n/a |
| https_alb_listener_rules_arns | n/a |
| s3_bucket_arn | The ARN of the S3 bucket |
| s3_bucket_ecr_viewer_policy_arn | n/a |
| s3_role_for_ecr_viewer_arn | n/a |
| service_data | n/a |