Terraform AWS Directus Module 🚀

This Terraform module simplifies the deployment of Directus on an AWS Fargate ECS cluster.

🌟 Features

• Seamless Deployment of Directus on AWS Fargate ECS
• Automatic Scaling and Load Balancing
• High Availability and Fault Tolerance
• Customizable Configuration Options
• S3 Integration for Static Assets

🚀 Quick Start

Deploy Directus quickly and easily by including this module in your Terraform configuration:

module "directus" {
  source  = "GiamPy5/directus/aws"

  application_name = local.name                # Change this to your application name
  admin_email      = "[email protected]"    # Change this to your email address
  vpc_id           = module.vpc.vpc_id         # Change this to your VPC ID
  subnet_ids       = module.vpc.public_subnets # Change this to your subnet IDs

  create_cloudwatch_logs_group  = true
  cloudwatch_logs_stream_prefix = "directus"

  cpu    = 1024
  memory = 2048

  ecs_service_enable_execute_command = true # Allows you to connect via CLI to the ECS Task Container (just like `docker exec`). It's disabled by default.
  enable_ses_emails_sending          = true
  force_new_ecs_deployment_on_apply  = true

  # Add additional custom configuration here (https://docs.directus.io/self-hosted/config-options.html#configuration-options)
  additional_configuration = {
    "LOG_LEVEL" = "debug"
  }

  rds_database_name                         = "database_name"
  rds_database_host                         = "database_host"
  rds_database_port                         = "database_port"
  rds_database_engine                       = "database_engine"
  rds_database_username                     = "database_username"
  rds_database_password_secrets_manager_arn = "database_user_password_secrets_manager_arn"

  redis_host = module.elasticache.cluster_cache_nodes[0].address
  redis_port = module.elasticache.cluster_cache_nodes[0].port

  create_s3_bucket = true # If you do not create an S3 bucket, you will need to provide an existing S3 bucket name
  s3_bucket_name   = "terraform-aws-directus-${local.region}"

  healthcheck_path = "/server/health"
  image_tag        = "10.12"

  autoscaling = {
    enable           = true
    cpu_threshold    = 60
    memory_threshold = 80
    min_capacity     = 1
    max_capacity     = 2
  }

  tags = {
    Application = "Directus"
    Environment = "Test"
  } # Change these tags to your preferred tags
}

For a complete example, including all dependencies like database inputs, check out the examples section.

📋 Prerequisites

Before using this module, ensure you have the following:

• An AWS account 🛠️
• Terraform installed on your machine 🌐
• Basic knowledge of AWS services and Terraform 📚

📚 Module Documentation

Requirements

Name	Version
terraform	>= 1.5
aws	>= 5.30
random	>= 3.0

Providers

Name	Version
aws	>= 5.30
random	>= 3.0

Modules

Name	Source	Version
ecs	terraform-aws-modules/ecs/aws	5.11.2
s3_bucket_for_logs	terraform-aws-modules/s3-bucket/aws	4.1.2

Resources

Name	Type
aws_appautoscaling_policy.autoscaling_policy_cpu	resource
aws_appautoscaling_policy.autoscaling_policy_memory	resource
aws_appautoscaling_target.autoscaling_target	resource
aws_ecs_service.directus	resource
aws_ecs_task_definition.directus	resource
aws_iam_access_key.directus	resource
aws_iam_group.directus	resource
aws_iam_group_membership.directus	resource
aws_iam_group_policy.s3_policy	resource
aws_iam_policy.cloudwatch_logs_policy	resource
aws_iam_policy.kms_policy	resource
aws_iam_role.ecs_ebs_role	resource
aws_iam_role.ecs_service_role	resource
aws_iam_role.ecs_task_role	resource
aws_iam_role_policy_attachment.ecs_ebs_role_policy	resource
aws_iam_role_policy_attachment.ecs_service_role_ecs_task_execution	resource
aws_iam_user.directus	resource
aws_iam_user_policy.kms_access	resource
aws_lb.directus	resource
aws_lb_listener.directus_lb_listener	resource
aws_lb_target_group.directus_lb_target_group	resource
aws_s3_bucket.directus	resource
aws_s3_bucket_server_side_encryption_configuration.example	resource
aws_s3_bucket_versioning.directus_bucket_versioning	resource
aws_secretsmanager_secret.cognito_client_secret	resource
aws_secretsmanager_secret.directus_admin_password	resource
aws_secretsmanager_secret.directus_secret	resource
aws_secretsmanager_secret.directus_serviceuser_secret	resource
aws_secretsmanager_secret_version.cognito_client_secret_version	resource
aws_secretsmanager_secret_version.directus_admin_password_version	resource
aws_secretsmanager_secret_version.directus_secret_version	resource
aws_secretsmanager_secret_version.directus_serviceuser_secret_version	resource
aws_security_group.ecs_sg	resource
aws_security_group.lb_sg	resource
random_password.directus_admin_password	resource
random_password.directus_secret	resource
aws_caller_identity.current	data source
aws_cognito_user_pool_client.client	data source
aws_iam_policy_document.cloudwatch_policy	data source
aws_iam_policy_document.kms_access_policy	data source
aws_iam_policy_document.kms_policy	data source
aws_iam_policy_document.s3_policy	data source
aws_region.current	data source
aws_s3_bucket.directus	data source

Inputs

Name	Description	Type	Default	Required
additional_configuration	Additional configuration to apply to the Directus container	map(string)	{}	no
admin_email	The email address of the admin user	string	n/a	yes
admin_password	The password of the admin user (if empty, it will be generated automatically)	string	""	no
application_name	The name of the application	string	n/a	yes
autoscaling	Autoscaling Configuration	object({ enable = bool memory_threshold = number cpu_threshold = number min_capacity = number max_capacity = number })	{ "cpu_threshold": 60, "enable": false, "max_capacity": 3, "memory_threshold": 80, "min_capacity": 1 }	no
cloudwatch_logs_stream_prefix	The prefix of the CloudWatch Logs stream	string	"directus"	no
cognito_allow_public_registration	Whether to allow public registration in Directus through Cognito External Users	bool	false	no
cognito_identifier_key	The key of the Cognito identifier	string	"email"	no
cognito_scopes	The Cognito scopes	list(string)	[ "email", "openid", "profile" ]	no
cognito_user_pool_client_id	The ID of the Cognito user pool client	string	""	no
cognito_user_pool_id	The ID of the Cognito user pool	string	""	no
cpu	The number of CPU units to reserve for the Directus service	number	2048	no
create_cloudwatch_logs_group	Whether to create a CloudWatch Logs group	bool	false	no
create_s3_bucket	Whether to create an S3 bucket	bool	false	no
ecs_security_group_ids	The IDs of the security groups to attach to the ECS service	list(string)	[]	no
ecs_service_enable_execute_command	Whether to enable ECS service execute command	bool	false	no
enable_alb_access_logs	Whether to enable access logs of the Load Balancer	bool	false	no
enable_cognito_authentication	Whether to enable Cognito authentication	bool	false	no
enable_ecs_volume	Whether to enable ECS volume	bool	false	no
enable_kms_encryption	Whether to enable KMS encryption	bool	false	no
enable_s3_bucket_versioning	Whether to enable S3 bucket versioning	bool	true	no
enable_ses_emails_sending	Whether to enable sending emails using SES	bool	false	no
force_new_ecs_deployment_on_apply	Whether to force a new deployment of the ECS service on apply	bool	false	no
image_tag	The tag of the Docker image	string	"latest"	no
kms_key_id	The ID of the KMS key	string	""	no
load_balancer_allowed_cidr_blocks	The CIDR blocks allowed to access the Load Balancer	list(string)	[ "0.0.0.0/0" ]	no
load_balancer_prefix_list_ids	The prefix list IDs allowed to access the Load Balancer	list(string)	[]	no
memory	The amount of memory to reserve for the Directus service	number	4096	no
private_subnet_ids	The IDs of the private subnets used by the ECS service to run tasks	list(string)	n/a	yes
public_subnet_ids	The IDs of the public subnets used by the Load Balancer to serve traffic	list(string)	n/a	yes
public_url	The public URL of the Directus service	string	""	no
rds_database_engine	The engine of the RDS database	string	n/a	yes
rds_database_host	The host of the RDS database	string	n/a	yes
rds_database_name	The Name of the RDS database	string	n/a	yes
rds_database_password_secrets_manager_arn	The ARN of the Secrets Manager secret containing the RDS database password	string	n/a	yes
rds_database_port	The port of the RDS database	number	n/a	yes
rds_database_username	The username of the RDS database user	string	n/a	yes
redis_host	The host of the Redis server	string	""	no
redis_port	The port of the Redis server	number	6379	no
redis_username	The username of the Redis server	string	"default"	no
s3_bucket_name	The name of the S3 bucket	string	""	no
s3_bucket_versioning_configuration	S3 bucket versioning configuration	object({ mfa_delete = string })	{ "mfa_delete": "Disabled" }	no
ssl_certificate_arn	The ARN of the SSL certificate	string	""	no
tags	The tags to apply to the resources	map(string)	{}	no
vpc_id	The ID of the VPC	string	n/a	yes

Outputs

Name	Description
load_balancer_dns_name	The DNS name of the load balancer
load_balancer_listener_arn	The ARN of the load balancer listener
load_balancer_target_group_arn	The ARN of the load balancer target group
public_url	The public URL of the Directus service
s3_bucket_arn	The ARN of the S3 bucket
s3_bucket_name	The name of the S3 bucket

🤝 Contributing

Contributions are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request on the GitHub repository.

📄 License

This module is open source and available under the MIT License.