| account_id | Account ID of the AWS Account where CloudWatch alarms reside | string | null | no |
| aspect_artifacts_bucket | S3 bucket where Aspect delivers workflows assets | string | "aspect-artifacts" | no |
| bk_runner_groups | Mapping of Buildkite runner group name to settings for that runner group | map(object({
# Common settings for all CI hosts
agent_idle_timeout_min = number
max_runners = number
min_runners = optional(number, 0)
min_free_runners = optional(number, 0)
policy_documents = optional(map(object({ json : string })), {})
policies = optional(map(string), {})
queue = string
resource_type = string
scale_out_factor = optional(number, 1)
scaling_polling_frequency = optional(number, 1)
reaper_sleep_minutes = optional(number, 1)
security_groups = optional(map(string), {})
warming = optional(bool, false)
warming_set = optional(string, "default")
exclude_oncall_alerts = optional(list(string), [])
tags = optional(map(string), {})
build_logs_bucket = optional(string, "BUCKET_PLACEHOLDER")
}))
| {} | no |
| cci_runner_groups | Mapping of CircleCI runner group name to settings for that runner group | map(object({
# Common settings for all CI hosts
agent_idle_timeout_min = number
max_runners = number
min_runners = optional(number, 0)
min_free_runners = optional(number, 0)
policy_documents = optional(map(object({ json : string })), {})
policies = optional(map(string), {})
resource_type = string
scale_out_factor = optional(number, 1)
scaling_polling_frequency = optional(number, 1)
reaper_sleep_minutes = optional(number, 1)
security_groups = optional(map(string), {})
warming = optional(bool, false)
warming_set = optional(string, "default")
exclude_oncall_alerts = optional(list(string), [])
tags = optional(map(string), {})
# Settings specific to CircleCI
circleci_api_url = optional(string, "https://circleci.com")
circleci_runner_api_url = optional(string, "https://runner.circleci.com")
job_max_run_time_min = optional(number, 360)
}))
| {} | no |
| cost_allocation_tag | (deprecated) The tag name used for cost tagging | string | "CreatedBy" | no |
| cost_allocation_tag_value | (deprecated) The value of the cost tag | string | null | no |
| create_security_groups | Whether to create security groups automatically for all resources. | bool | true | no |
| create_vpc_endpoints | Whether to create VPC endpoints automatically. | bool | true | no |
| customer_id | Unique, human-readable customer identifier provided by Aspect | string | n/a | yes |
| default_cli_version | The version of the Aspect CLI to fall back to when using an unstamped development Workflows version | string | "5.10.11" | no |
| delivery_enabled | If delivery infrastructure is enabled for Aspect Workflows | bool | true | no |
| experiments | A map of experiment name (as given by Aspect) to its enabled status | map(bool) | {} | no |
| external_remote | Configuration for the externalized Bazel remote endpoint (cache and execution), specifically the ALB. | object({
debug_tools = optional(bool, false)
public_hosted_zone_id = optional(string, null)
public_hosted_zone_name = optional(string, null)
image_id = optional(string, null)
storage_instance_type = optional(string, null)
# Number of shards for the remote cache storage service
cache_shards = optional(number, 3)
frontend = optional(object({
cpu = optional(number, 1024)
memory = optional(number, 2048)
max_scaling = optional(number, 20)
min_scaling = optional(number, 1)
}), {
cpu = 1024
memory = 2048
max_scaling = 20
min_scaling = 1
})
oidc = optional(object({
issuer = string
auth_endpoint = string
token_endpoint = string
user_info_endpoint = string
client_id = string
client_secret = string
session_timeout_seconds = optional(number, null)
}), null)
remote_execution = optional(map(object({
platform = optional(string)
image = string
min_scaling = optional(number)
max_scaling = optional(number)
isolated_actions = optional(bool)
network = optional(bool)
max_concurrency = optional(number)
ec2 = optional(object({
instance_type = optional(string)
instance_image = optional(string)
docker_group = optional(string)
}))
ecs = optional(object({
architecture = optional(string)
cpu = optional(number, 1024)
memory = optional(number, 2048)
}))
docker_user = optional(string, null)
additional_platform_properties = optional(map(string), {})
})), null)
})
| null | no |
| gha_runner_groups | Mapping of GitHub Actions runner group name to settings for that runner group | map(object({
# Common settings for all CI hosts
agent_idle_timeout_min = number
max_runners = number
min_runners = optional(number, 0)
min_free_runners = optional(number, 0)
policy_documents = optional(map(object({ json : string })), {})
policies = optional(map(string), {})
queue = string
resource_type = string
scale_out_factor = optional(number, 1)
scaling_polling_frequency = optional(number, 1)
reaper_sleep_minutes = optional(number, 1)
security_groups = optional(map(string), {})
warming = optional(bool, false)
warming_set = optional(string, "default")
exclude_oncall_alerts = optional(list(string), [])
tags = optional(map(string), {})
# Settings specific to GitHub Actions
gh_repo = string
gha_workflow_ids = optional(list(string), [])
}))
| {} | no |
| gl_runner_groups | Mapping of GitLab runner group name to settings for that runner group | map(object({
# Common settings for all CI hosts
agent_idle_timeout_min = number
max_runners = number
min_runners = optional(number, 0)
min_free_runners = optional(number, 0)
policy_documents = optional(map(object({ json : string })), {})
policies = optional(map(string), {})
queue = string
resource_type = string
scale_out_factor = optional(number, 1)
scaling_polling_frequency = optional(number, 1)
reaper_sleep_minutes = optional(number, 1)
security_groups = optional(map(string), {})
warming = optional(bool, false)
warming_set = optional(string, "default")
exclude_oncall_alerts = optional(list(string), [])
tags = optional(map(string), {})
# Settings specific to GitLab
gitlab_url = optional(string, "https://gitlab.com")
project_id = string
}))
| {} | no |
| hosts | ####################################### CI host configuration options # | list(string) | n/a | yes |
| partition | The partition to configure services in, if not commercial | string | null | no |
| product_version | Product version info. Internal use only. | string | "0.0.0-PLACEHOLDER" | no |
| region | The default region to setup services in | string | null | no |
| remote | Configuration for the Bazel remote endpoint (cache and execution), specifically the ALB. | object({
debug_tools = optional(bool, false)
image_id = optional(string, null)
storage_instance_type = optional(string, null)
# Number of shards for the remote cache storage service
cache_shards = optional(number, 3)
frontend = optional(object({
cpu = optional(number, 1024)
memory = optional(number, 2048)
max_scaling = optional(number, 20)
min_scaling = optional(number, 1)
}), {
cpu = 1024
memory = 2048
max_scaling = 20
min_scaling = 1
})
remote_execution = optional(map(object({
platform = optional(string)
image = string
min_scaling = optional(number)
max_scaling = optional(number)
isolated_actions = optional(bool)
network = optional(bool)
max_concurrency = optional(number)
ec2 = optional(object({
instance_type = optional(string)
instance_image = optional(string)
docker_group = optional(string)
}))
ecs = optional(object({
architecture = optional(string)
cpu = optional(number, 1024)
memory = optional(number, 2048)
}))
docker_user = optional(string, null)
additional_platform_properties = optional(map(string), {})
})), null)
})
| n/a | yes |
| repository_urls | The repository URLs for the Docker images used by this module. Meant to be used in concert with the ecr_images submodule. | map(string) | {
"adot_exporter": "public.ecr.aws/aws-observability/aws-otel-collector",
"alert_manager": "quay.io/prometheus/alertmanager:v0.27.0",
"aws_cli": "public.ecr.aws/aws-cli/aws-cli",
"bash": "public.ecr.aws/docker/library/bash",
"bb_browser": "ghcr.io/buildbarn/bb-browser:20240613T055327Z-f0fbe96",
"bb_runner_installer": "ghcr.io/buildbarn/bb-runner-installer:20240327T120038Z-7bcf9b5",
"bb_scheduler": "ghcr.io/buildbarn/bb-scheduler:20240327T120038Z-7bcf9b5",
"bb_storage": "ghcr.io/buildbarn/bb-storage:20240326T045855Z-53c1252",
"bb_worker": "ghcr.io/buildbarn/bb-worker:20240327T120038Z-7bcf9b5",
"busybox": "public.ecr.aws/docker/library/busybox",
"curl_jq": "registry.gitlab.com/gitlab-ci-utils/curl-jq:3.0.0",
"otel_collector_contrib": "otel/opentelemetry-collector-contrib:0.102.0",
"prometheus": "quay.io/prometheus/prometheus:v2.52.0"
}
| no |
| resource_types | Mapping of resource types name to settings for that type | map(object({
# The ID of the AMI to use for this resource
image_id = string
# A list of instance types that are acceptable in the ASG
instance_types = list(string)
# The size of the root EBS volume in GB
root_volume_size_gb = optional(number, 64)
# Tags to apply to this resource
tags = optional(map(string), {})
# Defines if spot instances should be used for this resource
use_spot = optional(bool, false)
# When using spot instances, allows further customization over the spot vs on-demand allocation
instance_policy = optional(object({
on_demand_base_capacity = optional(number, 0)
on_demand_percentage_above_base_capacity = optional(number, 0)
spot_allocation_strategy = optional(string, "price-capacity-optimized")
spot_max_price = optional(string, "")
spot_instance_pools = optional(number, 2)
}), {})
}))
| {} | no |
| security_group_ids | Optional security group ID substitutions for Workflows resources. | map(any) | {} | no |
| support | Set of properties that allow Aspect to provide oncall support for Workflows | object({
# Integration key for PagerDuty, provided by Aspect.
# Deprecated, set alert_aspect to determine if alerts are sent to Aspect.
pagerduty_integration_key = optional(string)
# If true, alerts generated by Workflows will be reported back to Aspect.
# Depending on the severity of the alert, this may result in an oncall
# engineer being paged depending on the level of support included with this
# Workflows install.
alert_aspect = optional(bool, true)
# A set of secret IDs that can be overriden if required.
secrets = optional(object({
# Override the secret ID used for fetching the PagerDuty routing key from Aspects AWS account.
aspect_pagerduty_routing_key_id = optional(string, "arn:aws:secretsmanager:us-east-2:533267407361㊙️workflows_support_pagerduty_routing_key20240717143706240900000003-tke6cM")
# Override the secret ID used for fetching the Slack token from Aspects AWS account.
aspect_slack_token_secret_id = optional(string, "arn:aws:secretsmanager:us-east-2:533267407361㊙️workflows_support_alertmanager_slack_webhook_url20240717143706240800000001-diY2pK")
# Override the KMS ID used to decrypt the support secrets from Aspect.
aspect_support_secret_kms_id = optional(string, "arn:aws:kms:us-east-2:533267407361:key/6f3b4abf-edde-45ec-91f4-0738bb30633d")
}), {})
# Role ARN that allows support level access for Aspect.
support_role_name = optional(string, null)
# Role ARN that allows extended support access for Aspect.
# This role will have write access to various areas Workflows infrastructure,
# however it can only be assumed by a subset of Aspect oncall engineers.
operator_role_name = optional(string, null)
# Add policies that allow access to CI infrastructure instances via SSM
enable_ssm_access = optional(bool, false)
})
| n/a | yes |
| tags | Tags to add to every resource Aspect Workflows creates | map(string) | {} | no |
| telemetry | Configuration options for Workflows telemetry | object({
# Configuration for where Workflows telemetry data gets exported
destinations = optional(object({
# Which exporters to set up.
honeycomb = optional(object({
# Honeycome dataset to set for exports to this destination.
dataset = optional(string)
# Honeycomb Team secret reference, used for authentication.
team_secret = object({
id = string
arn = string
})
}))
datadog = optional(object({
# Datadog agent ingest site.
site = string
# Datadog API key secret reference, used for authentication.
key_secret = object({
id = string
arn = string
})
}))
generic_otlp = optional(object({
# Endpoint where to export telemetry to.
endpoint = string
}))
}), {})
})
| {} | no |
| vpc_id | ID of the VPC in which to deploy | string | n/a | yes |
| vpc_subnets | List of subnet IDs to use for VM infrastructure | list(string) | n/a | yes |
| vpc_subnets_public | List of subnet IDs to use for public facing VM infrastructure | list(string) | [] | no |
| warming_sets | Mapping of warming set to settings for that set | map(object({})) | {} | no |