This module creates a base infrastructure for a self-hosted Spacelift instance on AWS.
Check out the Terraform or the OpenTofu backend documentation for more information on how to configure the state storage.
⚠️ Do not import the state into Spacelift after the installation: that would cause circular dependencies, and in case you accidentally break the Spacelift installation, you wouldn't be able to fix it.
module "spacelift" {
source = "github.com/spacelift-io/terraform-aws-spacelift-selfhosted?ref=v1.6.0"
region = "eu-west-1"
}This module creates:
- Encryption resources
- a KMS key that is used to encrypt AWS resources (RDS, S3 buckets, ECR repositories)
- a KMS key that is used for in-app encryption (eg. encrypt entities in the database)
- a KMS key that is used for signing and validating JWTs
- Network resources
- A VPC, 3 subnets and 3 security groups
- Container repositories (ECR)
- a repository for the backend image (used by
server,drainandschedulerservices) - another repository for the launcher image
- a repository for the backend image (used by
- Database resources
- a regional Aurora cluster
- Note: feel free to promote it into a global cluster yourself. Check out the New Global Cluster From Existing DB Cluster section of the Terraform documentation.
- RDS instance(s) for the regional cluster (configurable)
- a SecretsManager secret for the database credentials
- a regional Aurora cluster
- Storage resources
- 10 S3 buckets
It is highly configurable, so if you wish to use your own KMS key, VPC, RDS cluster etc., you can do so by providing the necessary parameters.
This deploys the KMS keys, network stack (VPC, subnets, security groups), RDS cluster, ECR repositories and the S3 buckets.
module "spacelift" {
source = "github.com/spacelift-io/terraform-aws-spacelift-selfhosted"
region = "eu-west-1"
}module "spacelift" {
source = "github.com/spacelift-io/terraform-aws-spacelift-selfhosted"
region = "eu-west-1"
create_vpc = false
rds_subnet_ids = ["subnet-012345abc", "subnet-012345def", "subnet-012345ghi"]
rds_security_group_ids = ["sg-012345abc"]
}If create_vpc is false, you must provide rds_subnet_ids and rds_security_group_ids.
module "spacelift" {
source = "github.com/spacelift-io/terraform-aws-spacelift-selfhosted
region = "eu-west-1"
rds_instance_configuration = {
"primary-instance" = {
instance_identifier = "primary"
instance_class = "db.r6g.large"
}
"secondary-instance" = {
instance_identifier = "secondary"
instance_class = "db.r6g.large"
}
}
}You can customize S3 bucket names and retention policies using the s3_bucket_configuration variable. This allows you to specify only the buckets you want to customize while others will use default settings:
module "spacelift" {
source = "github.com/spacelift-io/terraform-aws-spacelift-selfhosted"
region = "eu-west-1"
s3_bucket_configuration = {
run_logs = {
name = null # Use default name
expiration_days = 360 # Keep run logs for 1 year instead of default 60 days
}
# All other buckets will use default settings
binaries = null
deliveries = null
large_queue = null
metadata = null
modules = null
policy = null
states = null
uploads = null
user_uploads = null
workspace = null
}
}We have a GitHub workflow to automatically create a tag and a release based on the version number in .spacelift/config.yml file.
When you're ready to release a new version, just simply bump the version number in the config file and open a pull request. Once the pull request is merged, the workflow will create a new release.