--- parameter-store-path-prefix: /dalmatian-variables/ account-bootstrap: variables: region: eu-west-2 root_domain_zone: dalmatian.dxw.net dalmatian_read_users: - Joe - Ashley dalmatian_admin_users: - Harper - Pat ci: variables: region: eu-west-2 prci_github_owner: dxw prci_github_repository: dalmatian prci_codebuild_image: thedxw/testing-terraform-docker:latest bpsp_source_branch: master bpbp_codebuild_compute_type: BUILD_GENERAL1_SMALL bpbp_codebuild_image: thedxw/testing-terraform-docker:latest infrastructure-defaults: variables: region: eu-west-2 cidr: 10.0.0.0/16 root_domain_zone: dalmatian.dxw.net internal_domain_zone: dalmatian.internal ecs_private_subnets: - availability_zone: "eu-west-2a" cidr: 10.0.128.0/24 - availability_zone: "eu-west-2b" cidr: 10.0.129.0/24 - availability_zone: "eu-west-2c" cidr: 10.0.130.0/24 extra_public_subnets: - availability_zone: eu-west-2a cidr: 10.0.0.0/24 - availability_zone: eu-west-2b cidr: 10.0.1.0/24 - availability_zone: eu-west-2c cidr: 10.0.2.0/24 instances_key_name: dalmatian-ecs-instances instance_type: t2.medium min_servers: 2 max_servers: 4 max_instance_lifetime: 86400 associate_public_ip_address: 0 docker_storage_size: 40 dockerhub_email: '' dockerhub_token: '' enable_efs: "false" encrypt_efs: true efs_dirs: [] monitoring_docs_path: https://github.com/dxw/dalmatian/docs/monitoring-alarms/ infrastructures: new-dedicated-cluster: dalmatian_config_source: - git@github.com:dxw/awesome-app-dalmatian-config account_id: 123456789012 vpn_customer_gateway: - name: test-vpn bgp_asn: 65000 ip_address: 1.2.3.4 s3: - name: 'test' enable_s3_versioning: true encrypted: true acl: 'private' policy: staging: rw: services: - test-service service_cloudfront_read_access: - test-service-staging cloudfront: create: true domain_names: - example.com - example2.com certificate: 'arn:aws:acm:lb-region-0:000000000000:certificate/00000000-0000-0000-0000-000000000000' hosted_zones: - domain: "example-domain-name.com" ns_records: - name: delegated value: - ns1.aws.com a_records: - name: some-service value: - 1.2.3.4 - name: mail value: - 5.6.7.8 alias_records: - name: example-domain-name.com value: cf-distribution.aws.net - name: www value: cf-distribution.aws.net cname_records: - name: alb value: - aws-alb.aws.net mx_records: - name: mail value: - 0 mail.example-domain-name.com txt_records: - name: mail value: - "v=spf1 a ip4:9.10.11.0/24 mx ~all" srv_records: - name: "@" value: - "_imaps._tcp.gmail.com. 86400 IN SRV 5 0 993 imap.gmail.com" cluster: create: true rds: - identifier: testservice in_use_by: - test-service engine: 'postgres' instance_class: staging: 'db.t2.micro' production: 'db.t2.small' engine_version: '11.4' allocated_storage: 20 storage_encrypted: true storage_type: 'gp3' db_name: 'testapp' port: 5432 maintenance_window: 'mon:19:00-mon:19:30' backup_window: '09:00-10:00' backup_retention_period: 31 force_ssl: true parameter_store_path_db_url_name: 'DATABASE_URL' sql_backup_scheduled_task_environment_variables: - name: "foo" value: "bar" check_sql_backup_scheduled_task_environment_variables: - name: "foo" value: "bar" codebuild_access: - service-name elasticache_cluster: - identifier: testredis in_use_by: - test-service engine: 'redis' node_type: 'cache.t2.micro' node_count: 1 engine: 'redis' engine_version: '5.0.6' port: 6379 maintenance_window: 'mon:19:00-mon:22:00' snapshot_window: '09:00-10:00' parameter_store_path_elasticache_cluster_url_name: 'REDIS_URL' opensearch_cluster: - identifier: testos in_use_by: - test-service version: '1.2' master_enabled: true master_count: '1' master_type: 'c6g.large.search' instance_count: '3' instance_type: 't3.small.search' warm_enabled: true warm_count: '2' warm_type: 'ultrawarm1.medium.search' volume_size: '20' parameter_store_path_opensearch_cluster_url_name: 'ELASTICSEARCH_URL' services: - name: test-service blue_green: production: enabled: true db_copy: from_db_host_ps_key: /test-app/other-test-service/production/DB_HOST from_db_name_ps_key: /test-app/other-test-service/production/DB_NAME from_db_user_ps_key: /test-app/other-test-service/production/DB_USER from_db_pass_ps_key: /test-app/other-test-service/production/DB_PASSWORD blue_green_db_name_ps_key: /test-app/test-service/production/DB_HOST blue_green_db_user_ps_key: /test-app/test-service/production/DB_USER blue_green_db_pass_ps_key: /test-app/test-service/production/DB_PASSWORD sql_backups_s3_bucket: new-dedicated-cluster-testservice-production-sql-backup db_rewrites: - from: other-test-service.example.com to: test-service.example.com directory_copy: - from: /mnt/efs/other-test-service-media to: /mnt/efs/test-service-media chown: "33:33" asset_copy_trigger_ps_key: /test-app/test-service/production/BLUE_GREEN_ASSET_COPY_TRIGGER staging: enabled: false launch_on: - production - staging launch_on_cluster: "test" monitoring: production: opsgenie_alerts: enabled: true cloudfront_5xx: enabled: true threshold: "95" evaluation_periods: "15" staging: opsgenie_alerts: enabled: false ghost_inspector: enabled: false parameter_store_path: staging: '/test-path' parameter_store_key: staging: 'arn:aws:kms:eu-west-2:000000000000:key/00000000-0000-0000-0000-000000000000' container_count: "2" enable_max_one_container_per_instance: true cloudfront: create: true managed_cache_policy: "CachingDisabled" managed_origin_policy: "AllViewerExceptHostHeader" managed_response_headers_policy: "CORS-with-preflight-and-SecurityHeadersPolicy" tls_protocol_version: production: 'TLSv1.2_2019' staging: 'TLSv1.2_2021' bypass_protection: production: enabled: true exclude_domains: - example.com origin_keepalive_timeout: staging: "10" production: "60" origin_read_timeout: staging: "40" production: "60" basic_auth: staging: true viewer_request_functions: - name: 'default' true_client_ip_header: true ip_subnet_allow_list: - '0.0.0.0/0' redirects: - from_hostname_pattern: example-old-domain-name.* from_path_pattern: /* to_hostname: example-domain-name.co.uk to_path: /${path} offline_page_http_status: 500: "/error-pages/500.html" 501: "/error-pages/501.html" 502: "/error-pages/502.html" 503: "/error-pages/503.html" 504: "/error-pages/504.html" custom_origins: staging: - origin: test-media-staging.s3.amazonaws.com id: test-media-staging-s3 production: - origin: test-media-production.s3.amazonaws.com id: test-media-production-s3 custom_behaviors: staging: - path_patterns: - '/media/*' target_origin_id: test-media-staging-s3 min_ttl: 1200 default_ttl: 3600 max_ttl: 86400 associate_viewer_request_function: "default" production: - path_patterns: - '/media/*' target_origin_id: test-media-production-s3 min_ttl: 1200 default_ttl: 3600 max_ttl: 86400 associate_viewer_request_function: "default" managed_cache_policy: "CachingDisabled" managed_origin_policy: "AllViewerExceptHostHeader" managed_response_headers_policy: "CORS-with-preflight-and-SecurityHeadersPolicy" lb_ip_whitelist: - name: public cidr: 0.0.0.0/0 lb_idle_timeout: '60' global_accelerator: production: true health_check_path: '/check' health_check_grace_period: '0' serve_from_subdirectory: "/test-subdir" domain_names: staging: - example-domain-name.co.uk lb_ssl_certificate: staging: 'arn:aws:acm:lb-region-0:000000000000:certificate/00000000-0000-0000-0000-000000000000' cloudfront_ssl_certificate: staging: 'arn:aws:acm:us-east-1:000000000000:certificate/00000000-0000-0000-0000-000000000000' image_source: build_from_github_repo image_location: git@github.com:dxw/dalmatian-test-app custom_codestar_connection_arn: "arn:aws:codestar-connections:eu-west-2:000000000000:connection/00000000-0000-0000-0000-000000000000" buildspec: 'buildspec.yml' container_port: 3100 container_command: ["/docker-entrypoint.sh", "rails", "server"] container_volumes: - name: test-volume host_path: /mnt/test container_path: /test container_extra_hosts: - hostname: "example.com" ipAddress: "127.0.0.1" scheduled_tasks: - name: old-scheduled-task command: ["rake", "do:cron"] schedule_expression: "cron(0 4 * * ? *)" - name: test-scheduled-task command: ["rake", "do:something"] schedule_expression: staging: "cron(0 12 * * ? *)" production: "cron(1 2 * * ? *)" workers: - name: test-worker command: ["bundle", "exec", sidekiq] proxy_configuration: staging: https_proxy: "dalmatian_tinyproxy" http_proxy: "http://my.test-proxy.com:8888" no_proxy: - "*.example.com" - "93.184.216.34/32" home_directory: "/home/user" shared_loadbalancer: - name: test-lb-1 idle_timeout: '60' global_accelerator: production: true staging: false in_use_by: - test-service waf: - name: test-1 action: "count" aws_managed_rules: - name: 'AWSManagedRulesSQLiRuleSet' excluded_path_patterns: - "/wp-admin/async-upload.php" - name: 'AWSManagedRulesCommonRuleSet' exclude_rules: - 'SizeRestrictions_BODY' associations: shared_loadbalancers: - "test-lb-1" service_cloudfront: - "test-service" environments: production: instance_type: t2.medium min_servers: 2 max_servers: 4 staging: instance_type: t2.small min_servers: 2 max_servers: 4 track_revision: feature/experiment extra_ecs_clusters: - name: "test" subnets_name: "extra_private_subnets" min_servers: "2" max_servers: "4" instance_type: "t3.small" tinyproxy: create: true shared-new-cluster: account_id: 123456789012 cluster: create: true environments: production: instance_type: t2.medium min_servers: 2 max_servers: 10 staging: instance_type: t2.small min_servers: 2 max_servers: 10 existing-shared-cluster-staging: dalmatian_config_source: - git@github.com:dxw/funky-app-dalmatian-config account_id: 123456789012 cluster: create: false name: shared-cluster environments: staging: example_var: foo existing-shared-cluster-production: dalmatian_config_source: - git@github.com:dxw/neat-app-dalmatian-config account_id: 123456789012 cluster: create: false name: shared-cluster environments: production: example_var: bar