Sonatype Nexus Terraform Module for AWS

This Terraform module deploys a Sonatype Nexus OOS on AWS. Based on official Sonatype Nexus Docker image https://hub.docker.com/r/sonatype/nexus/.

Usage

Check valid versions on:

• Github Releases: https://github.com/cn-terraform/terraform-aws-nexus/releases
• Terraform Module Registry: https://registry.terraform.io/modules/cn-terraform/nexus/aws

Other modules that you may need to use this module

The Networking module:

• Github Releases: https://github.com/cn-terraform/terraform-aws-networking/releases
• Terraform Module Registry: https://registry.terraform.io/modules/cn-terraform/networking/aws

Install pre commit hooks.

Pleas run this command right after cloning the repository.

    pre-commit install

For that you may need to install the folowwing tools:

• Pre-commit
• Terraform Docs

In order to run all checks at any point run the following command:

    pre-commit run --all-files

Requirements

Name	Version
terraform	>= 0.13
aws	>= 4

Providers

Name	Version
aws	4.27.0

Modules

Name	Source	Version
acm	terraform-aws-modules/acm/aws	4.0.1
aws_cw_logs	cn-terraform/cloudwatch-logs/aws	1.0.12
ecs_fargate	cn-terraform/ecs-fargate/aws	2.0.45

Resources

Name	Type
aws_route53_record.record_dns	resource

Inputs

Name	Description	Type	Default	Required
block_s3_bucket_public_access	(Optional) If true, public access to the S3 bucket will be blocked.	bool	true	no
configure_loadbalancer_ssl	Enable SSL, and configure the loadbalancer to use the certificate	object({ enable_ssl = bool dns_zone_id = string https_record_name = string https_record_domain_name = string })	{ "dns_zone_id": "", "enable_ssl": false, "https_record_domain_name": "", "https_record_name": "" }	no
container_cpu	(Optional) The number of cpu units to reserve for the container. This is optional for tasks using Fargate launch type and the total amount of container_cpu of all containers in a task will need to be lower than the task-level cpu value	number	4096	no
container_memory	(Optional) The amount of memory (in MiB) to allow the container to use. This is a hard limit, if the container attempts to exceed the container_memory, the container is killed. This field is optional for Fargate launch type and the total amount of container_memory of all containers in a task will need to be lower than the task memory value	number	8192	no
container_memory_reservation	(Optional) The amount of memory (in MiB) to reserve for the container. If container needs to exceed this threshold, it can do so up to the set container_memory hard limit	number	4096	no
create_kms_key	If true a new KMS key will be created to encrypt the logs. Defaults true. If set to false a custom key can be used by setting the variable log_group_kms_key_id	bool	false	no
enable_s3_bucket_server_side_encryption	(Optional) If true, server side encryption will be applied.	bool	true	no
enable_s3_logs	(Optional) If true, all resources to send LB logs to S3 will be created	bool	true	no
ephemeral_storage_size	The number of GBs to provision for ephemeral storage on Fargate tasks. Must be greater than or equal to 21 and less than or equal to 200	number	0	no
lb_enable_cross_zone_load_balancing	Enable cross zone support for LB	string	"true"	no
lb_http_ports	Map containing objects to define listeners behaviour based on type field. If type field is forward, include listener_port and the target_group_port. For redirect type, include listener port, host, path, port, protocol, query and status_code. For fixed-response, include listener_port, content_type, message_body and status_code	map(any)	{}	no
lb_https_ports	Map containing objects to define listeners behaviour based on type field. If type field is forward, include listener_port and the target_group_port. For redirect type, include listener port, host, path, port, protocol, query and status_code. For fixed-response, include listener_port, content_type, message_body and status_code	map(any)	{ "default": { "listener_port": 443, "target_group_port": 8081, "target_group_protocol": "HTTP" } }	no
lb_waf_web_acl_arn	ARN of a WAFV2 to associate with the ALB	string	""	no
log_group_kms_key_id	The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.	string	null	no
log_group_retention_in_days	(Optional) Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire. Default to 30 days.	number	30	no
mount_points	Container mount points. This is a list of maps, where each map should contain a containerPath and sourceVolume. The readOnly key is optional.	list(any)	[]	no
name_prefix	Name prefix for resources on AWS	any	n/a	yes
nexus_image	Nexus image	string	"sonatype/nexus3"	no
private_subnets_ids	List of Private Subnets IDs	list(any)	n/a	yes
public_subnets_ids	List of Public Subnets IDs	list(any)	n/a	yes
region	AWS Region the infrastructure is hosted in	any	n/a	yes
s3_bucket_server_side_encryption_key	(Optional) The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of sse_algorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this element is absent while the sse_algorithm is aws:kms.	string	null	no
s3_bucket_server_side_encryption_sse_algorithm	(Optional) The server-side encryption algorithm to use. Valid values are AES256 and aws:kms	string	"AES256"	no
tags	Resource tags	map(string)	{}	no
volumes	(Optional) A set of volume blocks that containers in your task may use	list(object({ host_path = string name = string docker_volume_configuration = list(object({ autoprovision = bool driver = string driver_opts = map(string) labels = map(string) scope = string })) efs_volume_configuration = list(object({ file_system_id = string root_directory = string transit_encryption = string transit_encryption_port = string authorization_config = list(object({ access_point_id = string iam = string })) })) }))	[]	no
vpc_id	ID of the VPC	any	n/a	yes

Outputs

Name	Description
nexus_lb_arn	Sonatype Nexus Load Balancer ARN
nexus_lb_arn_suffix	Sonatype Nexus Load Balancer ARN Suffix
nexus_lb_dns_name	Sonatype Nexus Load Balancer DNS Name
nexus_lb_id	Sonatype Nexus Load Balancer ID
nexus_lb_zone_id	Sonatype Nexus Load Balancer Zone ID