This page contains various deployment customizations as it relates to creating your TFE infrastructure, and their corresponding module input variables that you may additionally set to meet your own requirements where the default module values do not suffice. That said, all of the module input variables on this page are optional.
This module supports either creating a network load balancer (NLB) or an application load balancer (ALB) in front of the TFE autoscaling group. *The default is NLB, but the following input variable may be set to an ALB if desirable.
lb_type = "alb"This module supports creating a load balancer with either and internal or internet-facing load balancing scheme. The default is internal, but the following module boolean input variable may be set to configure the load balancer to be internet-facing (public) if desirable.
lb_is_internal = falseThis module supports creating an alias record in AWS Route53 for the TFE FQDN to resolve to the load balancer DNS name. To do so, the following module input variables may be set:
create_route53_tfe_dns_record = true
route53_tfe_hosted_zone_name = "<example.com>"
route53_tfe_hosted_zone_is_private = true📝 Note: If
lb_is_internalisfalse, thenroute53_tfe_hosted_zone_is_privateshould also befalse. An DNS record resolving to an internal load balancer should be created in a private Route53 Hosted Zone, and a DNS record resolving to an Internet-facing (external) load balancer should be a created in a public Route53 Hosted Zone.
If you require the use of a customer-managed key(s) (CMK) to encrypt your AWS resources, the following module input variables may be set:
ebs_kms_key_arn = "<ebs-kms-key-arn>"
rds_kms_key_arn = "<rds-kms-key-arn>"
s3_kms_key_arn = "<s3-kms-key-arn>"
redis_kms_key_arn = "<redis-kms-key-arn>"By default, this module will use the standard AWS Marketplace image based on the value of the ec2_os_distro input (either ubuntu, rhel, or al2023). If you prefer to use your own custom AMI, then you may do so by setting ec2_ami_id accordingly.
ec2_os_distro = "<rhel>"
ec2_ami_id = "<custom-rhel-ami-id>"Ensure the value you set for ec2_os_distro accurately reflects the OS distribution of your custom AMI.
By default, the tfe_user_data (cloud-init) script will attempt to install the required software dependencies to install TFE:
aws-cli(andunzipas a dependency to unpacking and installing this)dockerorpodman(depending on the value of thecontainer_runtimeinput)
If your TFE EC2 instances will not have egress connectivity to the official Linux package repositories, then you should bake those dependencies into your custom image before deploying TFE.
To configure a proxy for outbound HTTP and HTTPS requests, set the following inputs:
http_proxy = "http://proxy.example.com:3128"
https_proxy = "http://proxy.example.com:3128"
additional_no_proxy = "10.0.0.0/8,192.168.1.0/24,internal.example.com"
cidr_allow_egress_ec2_proxy = ["<proxy-ip-address/32>"] # IP address(es) of proxy serverThis configuration applies the proxy settings at both the host level and within the TFE application containers.
If either http_proxy or https_proxy (or both) are set, the module will automatically generate a base no_proxy list that includes:
localhost127.0.0.1169.254.169.254- Value of
var.tfe_fqdn - EC2 instance private IP address
- TFE S3 bucket regional domain name (e.g.,
<tfe-s3-bucket-name>.s3.<aws-region>.amazonaws.com) - Regional AWS Secrets Manager endpoint (e.g.,
secretsmanager.<aws-region>.amazonaws.com)
Setting additional_no_proxy is optional. If specified, the value will be appended to this automatically generated base no_proxy list.