Skip to content
This repository has been archived by the owner on Feb 18, 2024. It is now read-only.

Latest commit

 

History

History
59 lines (43 loc) · 4.1 KB

File metadata and controls

59 lines (43 loc) · 4.1 KB

terraform-aws-dragondrop-compute

Terraform code for deploying the compute resources needed to run dragondrop.cloud within your Google Cloud environment.

GCP infrastructure diagram Cloud architecture diagram of the infrastructure created by this module.

Variables

Name Type Purpose
cloud_concierge_cloud_run_job_name string Name of the Cloud Run Job created by the Module which hosts the OSS cloud-concierge container.
gcs_state_bucket string Optional name of the GCS storage bucket used for storing Terraform state backend files read by the cloud-concierge container.
https_trigger_cloud_run_service_name string Name of the Cloud Run Service created by the Module which serves as an HTTPS endpoint.
project string GCP project into which resources should be deployed.
region string GCP region into which resources should be deployed.

How to Use this Module

This module defines the compute resources needed to run dragondrop within your own GCP environment.

It defines a Cloud Run Service that can evoke the longer running dragondrop engine living in a provisioned Cloud Run Job.

The url for this Cloud Run Service is output and should be passed to a dragondrop Job definition as that Job's "HTTPS Url".

The Cloud Run Job hosts the cloud-concierge container. All environment variables are set by the dragondrop platform, except for a VCS personal access token stored in Google Secrets manager and an optional Terraform Cloud organization token.

Security When Using This Module

This module creates two IAM roles.

  1. "dragondrop HTTPS Trigger Role" which has the minimum permissions needed to evoke only the Cloud Run Job hosting the cloud-concierge container. This role is assigned to a new service account used by the created Cloud Run Service.

  2. "cloud-concierge-execution-role" is granted Secret Accessor privileges on only the secrets referenced by the Cloud Run Job as environment variables, read-only access to the cloud environment, and optionally, read-only access to the GCS bucket used for Terraform state management. This role is used by the Cloud Run Job that hosts the cloud-concierge container.

What is dragondrop.cloud?

dragondrop.cloud is a provider of IAC automation solutions, of which the flagship is the OSS cloud-concierge container. For more information or to schedule a demo, please visit our website.

What's a Module?

A Module is a reusable, best-practices definition for the deployment of cloud infrastructure. A Module is written using Terraform and includes documentation, and examples. It is maintained both by the open source community and companies that provide commercial support.

How can I contribute to this module?

If you notice a problem or would like some additional functionality, please open a detailed issue describing the problem or open a pull request.

License

Please see LICENSE for details on this module's license.

Copyright © 2023 dragondrop.cloud, Inc.