Terraform module to provision AWS Elastic Beanstalk environment

Searching for Maintainer!

The Cloud Posse team no longer utilizes Beanstalk all that much, but this module is still fairly popular. In an effort to give it the attention it deserves, we're searching for a volunteer maintainer to manage this specific repository's issues and pull requests (of which a number are already stacked up). This is a great opportunity for anyone who is looking to solidify and strengthen their Terraform skillset while also giving back to the SweetOps open source community!

You can learn more about being a SweetOps contributor on our docs site here.

If you're interested, reach out to us via the #terraform channel in the SweetOps Slack or directly via email @ hello@cloudposse.com

Tip

👽 Use Atmos with Terraform

Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform.
Works with Github Actions, Atlantis, or Spacelift.

Watch demo of using Atmos with Terraform

Example of running atmos to manage infrastructure from our Quick Start tutorial.

Usage

For a complete example, see examples/complete

  provider "aws" {
    region = var.region
  }
  
  module "vpc" {
    source = "cloudposse/vpc/aws"
    # Cloud Posse recommends pinning every module to a specific version
    version = "x.x.x"
    
    cidr_block = "172.16.0.0/16"

    context = module.this.context
  }
  
  module "subnets" {
    source = "cloudposse/dynamic-subnets/aws"
    # Cloud Posse recommends pinning every module to a specific version
    version = "x.x.x"
    
    availability_zones   = var.availability_zones
    vpc_id               = module.vpc.vpc_id
    igw_id               = module.vpc.igw_id
    cidr_block           = module.vpc.vpc_cidr_block
    nat_gateway_enabled  = true
    nat_instance_enabled = false
  
    context = module.this.context
  }
  
  module "elastic_beanstalk_application" {
    source = "cloudposse/elastic-beanstalk-application/aws"
    # Cloud Posse recommends pinning every module to a specific version
    version = "x.x.x"
    
    description = "Test Elastic Beanstalk application"
  
    context = module.this.context
  }
  
  module "elastic_beanstalk_environment" {
    source                     = "../../"
  
    description                = var.description
    region                     = var.region
    availability_zone_selector = var.availability_zone_selector
    dns_zone_id                = var.dns_zone_id
  
    wait_for_ready_timeout             = var.wait_for_ready_timeout
    elastic_beanstalk_application_name = module.elastic_beanstalk_application.elastic_beanstalk_application_name
    environment_type                   = var.environment_type
    loadbalancer_type                  = var.loadbalancer_type
    elb_scheme                         = var.elb_scheme
    tier                               = var.tier
    version_label                      = var.version_label
    force_destroy                      = var.force_destroy
  
    instance_type    = var.instance_type
    root_volume_size = var.root_volume_size
    root_volume_type = var.root_volume_type
  
    autoscale_min             = var.autoscale_min
    autoscale_max             = var.autoscale_max
    autoscale_measure_name    = var.autoscale_measure_name
    autoscale_statistic       = var.autoscale_statistic
    autoscale_unit            = var.autoscale_unit
    autoscale_lower_bound     = var.autoscale_lower_bound
    autoscale_lower_increment = var.autoscale_lower_increment
    autoscale_upper_bound     = var.autoscale_upper_bound
    autoscale_upper_increment = var.autoscale_upper_increment
  
    vpc_id               = module.vpc.vpc_id
    loadbalancer_subnets = module.subnets.public_subnet_ids
    application_subnets  = module.subnets.private_subnet_ids
  
    allow_all_egress = true

    additional_security_group_rules = [
      {
        type                     = "ingress"
        from_port                = 0
        to_port                  = 65535
        protocol                 = "-1"
        source_security_group_id = module.vpc.vpc_default_security_group_id
        description              = "Allow all inbound traffic from trusted Security Groups"
      }
    ]
  
    rolling_update_enabled  = var.rolling_update_enabled
    rolling_update_type     = var.rolling_update_type
    updating_min_in_service = var.updating_min_in_service
    updating_max_batch      = var.updating_max_batch
  
    healthcheck_url  = var.healthcheck_url
    application_port = var.application_port
  
    solution_stack_name = var.solution_stack_name    
    additional_settings = var.additional_settings
    env_vars            = var.env_vars
  
    extended_ec2_policy_document = data.aws_iam_policy_document.minimal_s3_permissions.json
    prefer_legacy_ssm_policy     = false
    prefer_legacy_service_policy = false
    scheduled_actions            = var.scheduled_actions
  
    context = module.this.context
  }
    
  data "aws_iam_policy_document" "minimal_s3_permissions" {
    statement {
      sid = "AllowS3OperationsOnElasticBeanstalkBuckets"
      actions = [
      "s3:ListAllMyBuckets",
      "s3:GetBucketLocation"
    ]
    resources = ["*"]
  }
}

Important

In Cloud Posse's examples, we avoid pinning modules to specific versions to prevent discrepancies between the documentation and the latest released versions. However, for your own projects, we strongly advise pinning each module to the exact version you're using. This practice ensures the stability of your infrastructure. Additionally, we recommend implementing a systematic approach for updating versions to avoid unexpected changes.

Makefile Targets

Available targets:

  help                                Help screen
  help/all                            Display help for all targets
  help/short                          This help short screen
  lint                                Lint terraform code

Requirements

Name	Version
terraform	>= 1.3.0
aws	>= 4.0
random	>= 3.5.1

Providers

Name	Version
aws	>= 4.0
random	>= 3.5.1

Modules

Name	Source	Version
aws_security_group	cloudposse/security-group/aws	1.0.1
dns_hostname	cloudposse/route53-cluster-hostname/aws	0.12.2
elb_logs	cloudposse/lb-s3-bucket/aws	0.20.0
this	cloudposse/label/null	0.25.0

Resources

Name	Type
aws_elastic_beanstalk_environment.default	resource
aws_iam_instance_profile.ec2	resource
aws_iam_role.ec2	resource
aws_iam_role.service	resource
aws_iam_role_policy.default	resource
aws_iam_role_policy_attachment.ecr_readonly	resource
aws_iam_role_policy_attachment.elastic_beanstalk_multi_container_docker	resource
aws_iam_role_policy_attachment.enhanced_health	resource
aws_iam_role_policy_attachment.service	resource
aws_iam_role_policy_attachment.ssm_automation	resource
aws_iam_role_policy_attachment.ssm_ec2	resource
aws_iam_role_policy_attachment.web_tier	resource
aws_iam_role_policy_attachment.worker_tier	resource
aws_lb_listener_rule.redirect_http_to_https	resource
aws_ssm_activation.ec2	resource
random_string.elb_logs_suffix	resource
aws_iam_policy_document.default	data source
aws_iam_policy_document.ec2	data source
aws_iam_policy_document.extended	data source
aws_iam_policy_document.service	data source
aws_lb_listener.http	data source
aws_partition.current	data source

Inputs

Name	Description	Type	Default	Required
additional_security_group_rules	A list of Security Group rule objects to add to the created security group, in addition to the ones this module normally creates. (To suppress the module's rules, set create_security_group to false and supply your own security group via associated_security_group_ids.) The keys and values of the objects are fully compatible with the aws_security_group_rule resource, except for security_group_id which will be ignored, and the optional "key" which, if provided, must be unique and known at "plan" time. To get more info see https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule .	list(any)	[]	no
additional_settings	Additional Elastic Beanstalk setttings. For full list of options, see https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html	list(object({ namespace = string name = string value = string }))	[]	no
additional_tag_map	Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id. This is for some rare cases where resources want additional configuration of tags and therefore take a list of maps with tag key, value, and additional configuration.	map(string)	{}	no
alb_zone_id	ALB zone id	map(string)	{ "af-south-1": "Z1EI3BVKMKK4AM", "ap-east-1": "ZPWYUBWRU171A", "ap-northeast-1": "Z1R25G3KIG2GBW", "ap-northeast-2": "Z3JE5OI70TWKCP", "ap-south-1": "Z18NTBI3Y7N9TZ", "ap-southeast-1": "Z16FZ9L249IFLT", "ap-southeast-2": "Z2PCDNR3VC2G1N", "ca-central-1": "ZJFCZL7SSZB5I", "eu-central-1": "Z1FRNW7UH4DEZJ", "eu-north-1": "Z23GO28BZ5AETM", "eu-south-1": "Z10VDYYOA2JFKM", "eu-west-1": "Z2NYPWQ7DFZAZH", "eu-west-2": "Z1GKAAAUGATPF1", "eu-west-3": "Z3Q77PNBQS71R4", "me-south-1": "Z2BBTEKR2I36N2", "sa-east-1": "Z10X7K2B4QSOFV", "us-east-1": "Z117KPS5GTRQ2G", "us-east-2": "Z14LCN19Q5QHIC", "us-gov-east-1": "Z2NIFVYYW2VKV1", "us-gov-west-1": "Z31GFT0UA1I2HV", "us-west-1": "Z1LQECGX5PH1X", "us-west-2": "Z38NKT9BP95V3O" }	no
allow_all_egress	If true, the created security group will allow egress on all ports and protocols to all IP addresses. If this is false and no egress rules are otherwise specified, then no egress will be allowed.	bool	true	no
ami_id	The id of the AMI to associate with the Amazon EC2 instances	string	null	no
application_port	Port application is listening on	number	80	no
application_subnets	List of subnets to place EC2 instances	list(string)	n/a	yes
associate_public_ip_address	Whether to associate public IP addresses to the instances	bool	false	no
associated_security_group_ids	A list of IDs of Security Groups to associate the created resource with, in addition to the created security group. These security groups will not be modified and, if create_security_group is false, must have rules providing the desired access.	list(string)	[]	no
attributes	ID element. Additional attributes (e.g. workers or cluster) to add to id, in the order they appear in the list. New attributes are appended to the end of the list. The elements of the list are joined by the delimiter and treated as a single ID element.	list(string)	[]	no
autoscale_lower_bound	Minimum level of autoscale metric to remove an instance	number	20	no
autoscale_lower_increment	How many Amazon EC2 instances to remove when performing a scaling activity.	number	-1	no
autoscale_max	Maximum instances to launch	number	3	no
autoscale_measure_name	Metric used for your Auto Scaling trigger	string	"CPUUtilization"	no
autoscale_min	Minumum instances to launch	number	2	no
autoscale_statistic	Statistic the trigger should use, such as Average	string	"Average"	no
autoscale_unit	Unit for the trigger measurement, such as Bytes	string	"Percent"	no
autoscale_upper_bound	Maximum level of autoscale metric to add an instance	number	80	no
autoscale_upper_increment	How many Amazon EC2 instances to add when performing a scaling activity	number	1	no
availability_zone_selector	Availability Zone selector	string	"Any 2"	no
context	Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value. Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged.	any	{ "additional_tag_map": {}, "attributes": [], "delimiter": null, "descriptor_formats": {}, "enabled": true, "environment": null, "id_length_limit": null, "label_key_case": null, "label_order": [], "label_value_case": null, "labels_as_tags": [ "unset" ], "name": null, "namespace": null, "regex_replace_chars": null, "stage": null, "tags": {}, "tenant": null }	no
create_security_group	Set true to create and configure a Security Group for the cluster.	bool	true	no
delimiter	Delimiter to be used between ID elements. Defaults to - (hyphen). Set to "" to use no delimiter at all.	string	null	no
deployment_batch_size	Percentage or fixed number of Amazon EC2 instances in the Auto Scaling group on which to simultaneously perform deployments. Valid values vary per deployment_batch_size_type setting	number	1	no
deployment_batch_size_type	The type of number that is specified in deployment_batch_size_type	string	"Fixed"	no
deployment_ignore_health_check	Do not cancel a deployment due to failed health checks	bool	false	no
deployment_policy	Use the DeploymentPolicy option to set the deployment type. The following values are supported: AllAtOnce, Rolling, RollingWithAdditionalBatch, Immutable, TrafficSplitting	string	"Rolling"	no
deployment_timeout	Number of seconds to wait for an instance to complete executing commands	number	600	no
description	Short description of the Environment	string	""	no
descriptor_formats	Describe additional descriptors to be output in the descriptors output map. Map of maps. Keys are names of descriptors. Values are maps of the form {<br/> format = string<br/> labels = list(string)<br/>} (Type is any so the map values can later be enhanced to provide additional options.) format is a Terraform format string to be passed to the format() function. labels is a list of labels, in order, to pass to format() function. Label values will be normalized before being passed to format() so they will be identical to how they appear in id. Default is {} (descriptors output will be empty).	any	{}	no
dns_subdomain	The subdomain to create on Route53 for the EB environment. For the subdomain to be created, the dns_zone_id variable must be set as well	string	""	no
dns_zone_id	Route53 parent zone ID. The module will create sub-domain DNS record in the parent zone for the EB environment	string	""	no
elastic_beanstalk_application_name	Elastic Beanstalk application name	string	n/a	yes
elb_scheme	Specify internal if you want to create an internal load balancer in your Amazon VPC so that your Elastic Beanstalk application cannot be accessed from outside your Amazon VPC	string	"public"	no
enable_capacity_rebalancing	Specifies whether to enable the Capacity Rebalancing feature for Spot Instances in your Auto Scaling Group	bool	false	no
enable_loadbalancer_logs	Whether to enable Load Balancer Logging to the S3 bucket.	bool	true	no
enable_log_publication_control	Copy the log files for your application's Amazon EC2 instances to the Amazon S3 bucket associated with your application	bool	false	no
enable_spot_instances	Enable Spot Instance requests for your environment	bool	false	no
enable_stream_logs	Whether to create groups in CloudWatch Logs for proxy and deployment logs, and stream logs from each instance in your environment	bool	false	no
enabled	Set to false to prevent the module from creating any resources	bool	null	no
enhanced_reporting_enabled	Whether to enable "enhanced" health reporting for this environment. If false, "basic" reporting is used. When you set this to false, you must also set enable_managed_actions to false	bool	true	no
env_vars	Map of custom ENV variables to be provided to the application running on Elastic Beanstalk, e.g. env_vars = { DB_USER = 'admin' DB_PASS = 'xxxxxx' }	map(string)	{}	no
environment	ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'	string	null	no
environment_type	Environment type, e.g. 'LoadBalanced' or 'SingleInstance'. If setting to 'SingleInstance', rolling_update_type must be set to 'Time', updating_min_in_service must be set to 0, and loadbalancer_subnets will be unused (it applies to the ELB, which does not exist in SingleInstance environments)	string	"LoadBalanced"	no
extended_ec2_policy_document	Extensions or overrides for the IAM role assigned to EC2 instances	string	""	no
force_destroy	Force destroy the S3 bucket for load balancer logs	bool	false	no
health_streaming_delete_on_terminate	Whether to delete the log group when the environment is terminated. If false, the health data is kept RetentionInDays days.	bool	false	no
health_streaming_enabled	For environments with enhanced health reporting enabled, whether to create a group in CloudWatch Logs for environment health and archive Elastic Beanstalk environment health data. For information about enabling enhanced health, see aws:elasticbeanstalk:healthreporting:system.	bool	false	no
health_streaming_retention_in_days	The number of days to keep the archived health data before it expires.	number	7	no
healthcheck_healthy_threshold_count	The number of consecutive successful requests before Elastic Load Balancing changes the instance health status	number	3	no
healthcheck_httpcodes_to_match	List of HTTP codes that indicate that an instance is healthy. Note that this option is only applicable to environments with a network or application load balancer	list(string)	[ "200" ]	no
healthcheck_interval	The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application	number	10	no
healthcheck_timeout	The amount of time, in seconds, to wait for a response during a health check. Note that this option is only applicable to environments with an application load balancer	number	5	no
healthcheck_unhealthy_threshold_count	The number of consecutive unsuccessful requests before Elastic Load Balancing changes the instance health status	number	3	no
healthcheck_url	Application Health Check URL. Elastic Beanstalk will call this URL to check the health of the application running on EC2 instances	string	"/"	no
http_listener_enabled	Enable port 80 (http)	bool	true	no
id_length_limit	Limit id to this many characters (minimum 6). Set to 0 for unlimited length. Set to null for keep the existing setting, which defaults to 0. Does not affect id_full.	number	null	no
instance_refresh_enabled	Enable weekly instance replacement.	bool	true	no
instance_type	Instances type	string	"t2.micro"	no
keypair	Name of SSH key that will be deployed on Elastic Beanstalk and DataPipeline instance. The key should be present in AWS	string	""	no
label_key_case	Controls the letter case of the tags keys (label names) for tags generated by this module. Does not affect keys of tags passed in via the tags input. Possible values: lower, title, upper. Default value: title.	string	null	no
label_order	The order in which the labels (ID elements) appear in the id. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.	list(string)	null	no
label_value_case	Controls the letter case of ID elements (labels) as included in id, set as tag values, and output by this module individually. Does not affect values of tags passed in via the tags input. Possible values: lower, title, upper and none (no transformation). Set this to title and set delimiter to "" to yield Pascal Case IDs. Default value: lower.	string	null	no
labels_as_tags	Set of labels (ID elements) to include as tags in the tags output. Default is to include all labels. Tags with empty values will not be included in the tags output. Set to [] to suppress all generated tags. Notes: The value of the name tag, if included, will be the id, not the name. Unlike other null-label inputs, the initial setting of labels_as_tags cannot be changed in later chained modules. Attempts to change it will be silently ignored.	set(string)	[ "default" ]	no
loadbalancer_certificate_arn	Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager	string	""	no
loadbalancer_connection_idle_timeout	Classic load balancer only: Number of seconds that the load balancer waits for any data to be sent or received over the connection. If no data has been sent or received after this time period elapses, the load balancer closes the connection.	number	60	no
loadbalancer_crosszone	Configure the classic load balancer to route traffic evenly across all instances in all Availability Zones rather than only within each zone.	bool	true	no
loadbalancer_is_shared	Flag to create a shared application loadbalancer. Only when loadbalancer_type = "application" https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-alb-shared.html	bool	false	no
loadbalancer_managed_security_group	Load balancer managed security group	string	""	no
loadbalancer_redirect_http_to_https	Redirect HTTP traffic to HTTPS listener	bool	false	no
loadbalancer_redirect_http_to_https_host	Defines the host for the HTTP to HTTPS redirection rule	string	"#{host}"	no
loadbalancer_redirect_http_to_https_path_pattern	Defines the path pattern for the HTTP to HTTPS redirection rule	list(string)	[ "*" ]	no
loadbalancer_redirect_http_to_https_port	Defines the port for the HTTP to HTTPS redirection rule	string	"443"	no
loadbalancer_redirect_http_to_https_priority	Defines the priority for the HTTP to HTTPS redirection rule	number	1	no
loadbalancer_redirect_http_to_https_status_code	The redirect status code	string	"HTTP_301"	no
loadbalancer_security_groups	Load balancer security groups	list(string)	[]	no
loadbalancer_ssl_policy	Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer	string	""	no
loadbalancer_subnets	List of subnets to place Elastic Load Balancer	list(string)	[]	no
loadbalancer_type	Load Balancer type, e.g. 'application' or 'classic'	string	"classic"	no
logs_delete_on_terminate	Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days	bool	false	no
logs_retention_in_days	The number of days to keep log events before they expire.	number	7	no
managed_actions_enabled	Enable managed platform updates. When you set this to true, you must also specify a PreferredStartTime and UpdateLevel	bool	true	no
name	ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. This is the only ID element not also included as a tag. The "name" tag is set to the full id string. There is no tag with the value of the name input.	string	null	no
namespace	ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique	string	null	no
prefer_legacy_service_policy	Whether to use AWSElasticBeanstalkService (deprecated) or AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy policy	bool	true	no
prefer_legacy_ssm_policy	Whether to use AmazonEC2RoleforSSM (will soon be deprecated) or AmazonSSMManagedInstanceCore policy	bool	true	no
preferred_start_time	Configure a maintenance window for managed actions in UTC	string	"Sun:10:00"	no
regex_replace_chars	Terraform regular expression (regex) string. Characters matching the regex will be removed from the ID elements. If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.	string	null	no
region	AWS region	string	n/a	yes
rolling_update_enabled	Whether to enable rolling update	bool	true	no
rolling_update_type	Health or Immutable. Set it to Immutable to apply the configuration change to a fresh group of instances	string	"Health"	no
root_volume_iops	The IOPS of the EBS root volume (only applies for gp3 and io1 types)	number	null	no
root_volume_size	The size of the EBS root volume	number	8	no
root_volume_throughput	The type of the EBS root volume (only applies for gp3 type)	number	null	no
root_volume_type	The type of the EBS root volume	string	"gp2"	no
s3_bucket_access_log_bucket_name	Name of the S3 bucket where s3 access log will be sent to	string	""	no
s3_bucket_versioning_enabled	When set to 'true' the s3 origin bucket will have versioning enabled	bool	true	no
scheduled_actions	Define a list of scheduled actions	list(object({ name = string minsize = string maxsize = string desiredcapacity = string starttime = string endtime = string recurrence = string suspend = bool }))	[]	no
security_group_create_before_destroy	Set true to enable Terraform create_before_destroy behavior on the created security group. We recommend setting this true on new security groups, but default it to false because true will cause existing security groups to be replaced, possibly requiring the resource to be deleted and recreated. Note that changing this value will always cause the security group to be replaced.	bool	false	no
security_group_create_timeout	How long to wait for the security group to be created.	string	"10m"	no
security_group_delete_timeout	How long to retry on DependencyViolation errors during security group deletion from lingering ENIs left by certain AWS services such as Elastic Load Balancing.	string	"15m"	no
security_group_description	The description to assign to the created Security Group. Warning: Changing the description causes the security group to be replaced.	string	"Security Group for the EB environment"	no
security_group_name	The name to assign to the created security group. Must be unique within the VPC. If not provided, will be derived from the null-label.context passed in. If create_before_destroy is true, will be used as a name prefix.	list(string)	[]	no
shared_loadbalancer_arn	ARN of the shared application load balancer. Only when loadbalancer_type = "application".	string	""	no
solution_stack_name	Elastic Beanstalk stack, e.g. Docker, Go, Node, Java, IIS. For more info, see https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-supported.html	string	n/a	yes
spot_fleet_on_demand_above_base_percentage	The percentage of On-Demand Instances as part of additional capacity that your Auto Scaling group provisions beyond the SpotOnDemandBase instances. This option is relevant only when enable_spot_instances is true.	number	-1	no
spot_fleet_on_demand_base	The minimum number of On-Demand Instances that your Auto Scaling group provisions before considering Spot Instances as your environment scales up. This option is relevant only when enable_spot_instances is true.	number	0	no
spot_max_price	The maximum price per unit hour, in US$, that you're willing to pay for a Spot Instance. This option is relevant only when enable_spot_instances is true. Valid values are between 0.001 and 20.0	number	-1	no
ssh_listener_enabled	Enable SSH port	bool	false	no
ssh_listener_port	SSH port	number	22	no
stage	ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'	string	null	no
tags	Additional tags (e.g. {'BusinessUnit': 'XYZ'}). Neither the tag keys nor the tag values will be modified by this module.	map(string)	{}	no
tenant	ID element _(Rarely used, not included by default)_. A customer identifier, indicating who this instance of a resource is for	string	null	no
tier	Elastic Beanstalk Environment tier, 'WebServer' or 'Worker'	string	"WebServer"	no
update_level	The highest level of update to apply with managed platform updates	string	"minor"	no
updating_max_batch	Maximum number of instances to update at once	number	1	no
updating_min_in_service	Minimum number of instances in service during update	number	1	no
version_label	Elastic Beanstalk Application version to deploy	string	""	no
vpc_id	ID of the VPC in which to provision the AWS resources	string	n/a	yes
wait_for_ready_timeout	The maximum duration to wait for the Elastic Beanstalk Environment to be in a ready state before timing out	string	"20m"	no

Outputs

Name	Description
all_settings	List of all option settings configured in the environment. These are a combination of default settings and their overrides from setting in the configuration
application	The Elastic Beanstalk Application for this environment
autoscaling_groups	The autoscaling groups used by this environment
ec2_instance_profile_role_name	Instance IAM role name
elb_zone_id	ELB zone ID
endpoint	Fully qualified DNS name for the environment
hostname	DNS hostname
id	ID of the Elastic Beanstalk environment
instances	Instances used by this environment
launch_configurations	Launch configurations in use by this environment
load_balancer_log_bucket	Name of bucket where Load Balancer logs are stored (if enabled)
load_balancers	Elastic Load Balancers in use by this environment
name	Name of the Elastic Beanstalk environment
queues	SQS queues in use by this environment
security_group_arn	Elastic Beanstalk environment Security Group ARN
security_group_id	Elastic Beanstalk environment Security Group ID
security_group_name	Elastic Beanstalk environment Security Group name
setting	Settings specifically set for this environment
tier	The environment tier
triggers	Autoscaling triggers in use by this environment

Related Projects

Check out these related projects.

• terraform-aws-jenkins - Terraform module to build Docker image with Jenkins, save it to an ECR repo, and deploy to Elastic Beanstalk running Docker stack
• terraform-aws-elastic-beanstalk-application - Terraform Module to define an ElasticBeanstalk Application
• geodesic - Geodesic is the fastest way to get up and running with a rock solid, production grade cloud platform built on strictly Open Source tools.
• terraform-aws-elasticache-cloudwatch-sns-alarms - Terraform module that configures CloudWatch SNS alerts for ElastiCache
• General options for all Elastic Beanstalk environments - General configuration options for all Elastic Beanstalk environments

Tip

Use Terraform Reference Architectures for AWS

Use Cloud Posse's ready-to-go terraform architecture blueprints for AWS to get up and running quickly.

✅ We build it together with your team.
✅ Your team owns everything.
✅ 100% Open Source and backed by fanatical support.

📚 Learn More

Cloud Posse is the leading DevOps Accelerator for funded startups and enterprises.

Your team can operate like a pro today.

Ensure that your team succeeds by using Cloud Posse's proven process and turnkey blueprints. Plus, we stick around until you succeed.

Day-0: Your Foundation for Success

• Reference Architecture. You'll get everything you need from the ground up built using 100% infrastructure as code.
• Deployment Strategy. Adopt a proven deployment strategy with GitHub Actions, enabling automated, repeatable, and reliable software releases.
• Site Reliability Engineering. Gain total visibility into your applications and services with Datadog, ensuring high availability and performance.
• Security Baseline. Establish a secure environment from the start, with built-in governance, accountability, and comprehensive audit logs, safeguarding your operations.
• GitOps. Empower your team to manage infrastructure changes confidently and efficiently through Pull Requests, leveraging the full power of GitHub Actions.

Day-2: Your Operational Mastery

• Training. Equip your team with the knowledge and skills to confidently manage the infrastructure, ensuring long-term success and self-sufficiency.
• Support. Benefit from a seamless communication over Slack with our experts, ensuring you have the support you need, whenever you need it.
• Troubleshooting. Access expert assistance to quickly resolve any operational challenges, minimizing downtime and maintaining business continuity.
• Code Reviews. Enhance your team’s code quality with our expert feedback, fostering continuous improvement and collaboration.
• Bug Fixes. Rely on our team to troubleshoot and resolve any issues, ensuring your systems run smoothly.
• Migration Assistance. Accelerate your migration process with our dedicated support, minimizing disruption and speeding up time-to-value.
• Customer Workshops. Engage with our team in weekly workshops, gaining insights and strategies to continuously improve and innovate.

✨ Contributing

This project is under active development, and we encourage contributions from our community.

Many thanks to our outstanding contributors:

For 🐛 bug reports & feature requests, please use the issue tracker.

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

1. Review our Code of Conduct and Contributor Guidelines.
2. Fork the repo on GitHub
3. Clone the project to your own machine
4. Commit changes to your own branch
5. Push your work back up to your fork
6. Submit a Pull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

🌎 Slack Community

Join our Open Source Community on Slack. It's FREE for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totally sweet infrastructure.

📰 Newsletter

Sign up for our newsletter and join 3,000+ DevOps engineers, CTOs, and founders who get insider access to the latest DevOps trends, so you can always stay in the know. Dropped straight into your Inbox every week — and usually a 5-minute read.

📆 Office Hours

Join us every Wednesday via Zoom for your weekly dose of insider DevOps trends, AWS news and Terraform insights, all sourced from our SweetOps community, plus a live Q&A that you can’t find anywhere else. It's FREE for everyone!

License

Preamble to the Apache License, Version 2.0

Complete license is available in the LICENSE file.

Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

  https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.

Trademarks

All other trademarks referenced herein are the property of their respective owners.

---

Copyright © 2017-2024 Cloud Posse, LLC