terraform-aws-atlassian-bitbucket

Creates an Atlassian Bitbucket instance, optionally bootstrapping the configuration.

Example

module "bitbucket" {
  source = "rhythmictech/atlassian-bitbucket/aws"

  admin_email                    = "[email protected]"
  admin_password                 = "hunter2"
  ami_id                         = data.aws_ami.bitbucket.id
  asg_additional_iam_policies    = ["arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"]
  asg_instance_type              = "m6g.large"
  asg_subnet                     = "subnet-123456789"
  availability_zone              = "us-east-1a"
  data_volume_size               = 50
  db_instance_class              = "db.m5.large"
  db_storage_size                = 50
  db_subnet_group                = "database"
  dns_prefix                     = "bitbucket"
  elb_certificate                = "arn:aws:acm:us-east-1:012345678901:certificate/618601f5-bf87-13d4-a0f6-8a243a54af93"
  elb_subnets                    = ["subnet-123456789", "subnet-012345678"]
  site_name                      = "Bitbucket Demo"
  vpc_id                         = "vpc-123456789"
  zone_id                        = "zone-123456789"
}

About

A bit about this module

Requirements

Name	Version
terraform	>= 0.12.19
aws	>= 5
random	>= 1.2
template	>= 2.1

Providers

Name	Version
aws	3.39.0
random	3.1.0
template	2.2.0

Modules

Name	Source	Version
bitbucketdb	rhythmictech/rds-postgres/aws	~> 5.0

Resources

Name	Type
aws_autoscaling_group.this	resource
aws_ebs_volume.data	resource
aws_elb.this	resource
aws_iam_instance_profile.this	resource
aws_iam_policy.this	resource
aws_iam_role.this	resource
aws_iam_role_policy_attachment.additional	resource
aws_iam_role_policy_attachment.this	resource
aws_launch_configuration.this	resource
aws_lb.https	resource
aws_lb.ssh	resource
aws_lb_listener.https	resource
aws_lb_listener.ssh	resource
aws_lb_target_group.https	resource
aws_lb_target_group.ssh	resource
aws_route53_record.ssh	resource
aws_route53_record.this	resource
aws_security_group.alb_https	resource
aws_security_group.elb	resource
aws_security_group.this	resource
aws_security_group_rule.alb_https_egress	resource
aws_security_group_rule.alb_https_ingress	resource
aws_security_group_rule.allow_all	resource
aws_security_group_rule.allow_inbound_from_lb_ssh	resource
aws_security_group_rule.allow_inbound_http_from_lb	resource
aws_security_group_rule.allow_inbound_http_from_lb_ssh	resource
aws_security_group_rule.elb_egress	resource
aws_security_group_rule.elb_egress_ssh	resource
aws_security_group_rule.elb_ingress	resource
aws_security_group_rule.elb_ingress_ssh	resource
random_string.admin_password	resource
aws_iam_policy_document.assume	data source
aws_iam_policy_document.this	data source
aws_region.current	data source
aws_route53_zone.zone	data source
aws_secretsmanager_secret_version.dbpassword	data source
template_cloudinit_config.this	data source

Inputs

Name	Description	Type	Default	Required
access_logs_bucket	The name of the bucket to store LB access logs in. Required if access_logs_enabled is true	string	null	no
access_logs_enabled	Whether to enable LB access logging	bool	false	no
access_logs_interval	The log publishing interval in minutes	number	60	no
access_logs_prefix	The path prefix to apply to the LB access logs.	string	null	no
admin_email	email address for administrator	string	n/a	yes
admin_password	initial password to use for administrator (only used when bootstrapping a new instance, otherwise ignored)	string	null	no
alb_additional_sg_tags	Additional tags to apply to the LB security group. Useful if you use an external process to manage ingress rules.	map(string)	{}	no
alb_allowed_https_cidr_blocks	List of allowed CIDR blocks. If [] is specified, no inbound ingress rules will be created	list(string)	[ "0.0.0.0/0" ]	no
alb_allowed_ssh_cidr_blocks	List of allowed CIDR blocks for SSH access. If [] is specified, no inbound ingress rules will be created	list(string)	[ "0.0.0.0/0" ]	no
alb_certificate	ARN of certificate to associate with LB	string	n/a	yes
alb_https_internal	Create as an internal or internet-facing LB	bool	true	no
alb_https_port	Port that the Load Balancer for Bitbucket should listen for HTTPS on (Default is 443.)	number	443	no
alb_https_subnets	Subnets to associate HTTPS LB to	list(string)	n/a	yes
alb_ssh_internal	Create as an internal or internet-facing LB for SSH	bool	true	no
alb_ssh_port	Port that the Load Balancer for Bitbucket should listen for SSH on (Default is 22.)	number	22	no
alb_ssh_subnets	Subnets to associate SSH LB to	list(string)	null	no
alb_ssl_policy	SSL policy for ALB	string	"ELBSecurityPolicy-TLS-1-2-2017-01"	no
ami_id	AMI to build on (must have ansible-role-atlassian-bitbucket module installed)	string	n/a	yes
asg_additional_iam_policies	Additional IAM policies to attach to the ASG instance profile	list(string)	[]	no
asg_additional_security_groups	Additional security group IDs to attach to ASG instances	list(string)	[]	no
asg_additional_user_data	Additional User Data to attach to the launch template	string	""	no
asg_allow_outbound_egress	whether or not the default SG should allow outbound egress	bool	true	no
asg_desired_capacity	The number of Amazon EC2 instances that should be running in the group.	number	1	no
asg_instance_type	Instance type for app	string	"t3a.micro"	no
asg_key_name	Optional ssh keypair to associate with instances	string	null	no
asg_max_size	Maximum number of instances in the autoscaling group	number	1	no
asg_min_size	Minimum number of instances in the autoscaling group	number	1	no
asg_root_volume_size	size of root volume (includes app install but not data dir)	number	20	no
asg_subnet	Subnet to associate ASG instances with (specify no more than 1)	string	n/a	yes
availability_zone	Specify the availability zone that the instance will be deployed in. Because Bitbucket requires an EBS volume for data and can't use EFS, the value of availability_zone must match the AZ associated with the value of asg_subnet.	string	n/a	yes
create_alb	Create an ALB. This will by requirement create an NLB for SSH access on a separate address.	bool	false	no
data_volume_size	Size in GB of the data volume	number	n/a	yes
db_additional_security_groups	SGs permitted access to RDS	list(string)	[]	no
db_allowed_access_cidrs	CIDRs permitted access to RDS	list(string)	[]	no
db_engine_version	engine version to run	string	"11"	no
db_instance_class	DB Instance Size	string	"db.t3.large"	no
db_monitoring_interval	Enhanced monitoring interval (5-60 seconds, 0 to disable)	number	0	no
db_monitoring_role_arn	IAM Role ARN for Database Monitoring permissions (if db_monitoring_interval > 0 and this is omitted, a role will be created automatically)	string	null	no
db_multi_az	If true, DB will be configured in multi-AZ mode	bool	false	no
db_parameters	DB parameters (by default only sets utf8 as required by Bitbucket)	list(object({ apply_method = string name = string value = string }))	[ { "apply_method": "immediate", "name": "client_encoding", "value": "UTF8" } ]	no
db_password_version	Increment to force master user password change	number	1	no
db_performance_insights_enabled	Whether or not to enable DB performance insights	bool	false	no
db_storage_size	Size of DB (in GB)	number	n/a	yes
db_subnet_group	Database subnet group	string	n/a	yes
db_vpc_id	VPC ID for database (if omitted, the value for vpc_id is used instead)	string	null	no
dns_prefix	Hostname that will be used for bitbucket. This will be combined with the domain in zone_id or the value of domain_name to form the base url.	string	null	no
dns_ssh_prefix	Hostname that will be used for bitbucket SSH access. This is only used when create_alb == true	string	null	no
domain_name	domain name, which is only used if zone_id is not specified to compute the base url	string	null	no
elb_additional_sg_tags	Additional tags to apply to the ELB security group. Useful if you use an external process to manage ingress rules.	map(string)	{}	no
elb_allowed_cidr_blocks	List of allowed CIDR blocks. If [] is specified, no inbound ingress rules will be created	list(string)	[ "0.0.0.0/0" ]	no
elb_certificate	ARN of certificate to associate with ELB	string	null	no
elb_internal	Create as an internal or internet-facing ELB	bool	true	no
elb_port	Port that the Elastic Load Balancer for Bitbucket should listen for HTTPS on (Default is 443.)	number	443	no
elb_ssh_port	Port that the Elastic Load Balancer for Bitbucket should listen for SSH on (Default is 22.)	number	22	no
elb_subnets	Subnets to associate ELB to	list(string)	null	no
license_key	Bitbucket license key (optional, must be a single line)	string	""	no
name	Moniker to apply to all resources in the module	string	"bitbucket"	no
site_name	Bitbucket site name	string	"Bitbucket"	no
tags	User-Defined tags	map(string)	{}	no
volume_key	This value is set to a key on the EBS volume and must be present for the bitbucket instance to be permitted to attach it.	string	"bitbucket-volume"	no
vpc_id	VPC to create associated resources in	string	n/a	yes
zone_id	Zone ID to make Route53 entry for bitbucket in. If not specified, domain_name must be specified so that the base URL can be determined.	string	null	no

Outputs

Name	Description
asg_arn	ARN of the ASG for the Bitbucket instance
asg_id	ID of the ASG for the Bitbucket instance
asg_name	Name of the ASG for the Bitbucket instance
db_instance_connection_info	DB Instance Connect Info (object)
db_instance_id	DB Instance ID
db_password_secretsmanager_arn	Secret ARN for DB password
db_password_secretsmanager_version	Secret Version for DB password
db_username	Master username
iam_role_arn	IAM Role ARN of Bitbucket instance
lb_arn	ARN of the ELB for Bitbucket access (HTTPS when ALB is used)
lb_dns_name	DNS Name of the ELB for Bitbucket access
lb_zone_id	Route53 Zone ID of the ELB for Bitbucket access
ssh_lb_arn	ARN of the LB for Bitbucket SSH access (only valid when ALB is used)
ssh_lb_dns_name	DNS Name of the LB for Bitbucket access (only valid when ALB is used)
ssh_lb_zone_id	Route53 Zone ID of the LB for Bitbucket SSH access
url	Bitbucket Server URL

The Giants Underneath this Module

• pre-commit.com
• terraform.io
• github.com/tfutils/tfenv
• github.com/segmentio/terraform-docs