You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| <aname="input_alb_listener_ssl_policy_https"></a> [alb\_listener\_ssl\_policy\_https](#input\_alb\_listener\_ssl\_policy\_https)| The SSL policy for the ALB HTTPS listener. The default uses the AWS security policy that enables TLS 1.3 with backwards compatibility with TLS 1.2. |`string`|`"ELBSecurityPolicy-TLS13-1-2-2021-06"`| no |
165
169
| <aname="input_app_name"></a> [app\_name](#input\_app\_name)| The name of your application. This value is appended at the beginning of resource names. |`string`|`"streamlit"`| no |
166
170
| <aname="input_app_version"></a> [app\_version](#input\_app\_version)| The version of the application. This is set to be used as the tag for the Docker image. Defaults to latest. Update this variable when making changes to your application to ensure you don't overwrite your previous image. Overwriting your previous image will prevent you from being able to roll back if you need. |`string`|`"v0.0.1"`| no |
167
171
| <aname="input_aws_region"></a> [aws\_region](#input\_aws\_region)| The AWS region where the resources will be deployed. Default functionality is to use the region of your current AWS credentials. |`string`|`null`| no |
@@ -173,17 +177,23 @@ No modules.
173
177
| <aname="input_create_ecs_default_policy"></a> [create\_ecs\_default\_policy](#input\_create\_ecs\_default\_policy)| Whether to create a default ECS policy for the cluster. |`bool`|`true`| no |
174
178
| <aname="input_create_ecs_default_role"></a> [create\_ecs\_default\_role](#input\_create\_ecs\_default\_role)| Whether to create a default ECS role for the cluster. |`bool`|`true`| no |
175
179
| <aname="input_create_ecs_security_group"></a> [create\_ecs\_security\_group](#input\_create\_ecs\_security\_group)| Whether to create default ECS security group. If this is set to false, you'll need to provide your own list of security group IDs to the `existing_ecs_security_groups` variable. |`bool`|`true`| no |
180
+
| <aname="input_create_streamlit_ecr_repo_lifecycle_policy"></a> [create\_streamlit\_ecr\_repo\_lifecycle\_policy](#input\_create\_streamlit\_ecr\_repo\_lifecycle\_policy)| Conditional creation of ECR Lifecycle policy for the Streamlit ECR repo. Default is to not create any policy. |`bool`|`false`| no |
176
181
| <aname="input_create_vpc_resources"></a> [create\_vpc\_resources](#input\_create\_vpc\_resources)| Whether to create VPC resources. If this is set to `false`, you must provide the relevant ids for your existing resources (e.g VPC, Subnets, Security Groups, etc.) |`bool`|`true`| no |
177
182
| <aname="input_custom_header_name"></a> [custom\_header\_name](#input\_custom\_header\_name)| Name of the CloudFront custom header. Prevents ALB from accepting requests from other clients than CloudFront. Any random string is fine. |`string`|`"X-Verify-Origin"`| no |
178
183
| <aname="input_custom_header_value"></a> [custom\_header\_value](#input\_custom\_header\_value)| Value of the CloudFront custom header. Prevents ALB from accepting requests from other clients than CloudFront. Any random string is fine. |`string`|`"streamlit-CloudFront-Distribution"`| no |
179
184
| <aname="input_desired_count"></a> [desired\_count](#input\_desired\_count)| The desired number of ECS tasks to run. Default is 1. |`number`|`1`| no |
180
185
| <aname="input_ecs_cpu_architecture"></a> [ecs\_cpu\_architecture](#input\_ecs\_cpu\_architecture)| ECS CPU architecture (x86\_64 or arm64). Acceptable values are 'X86\_64' or 'ARM64' (case-sensistive). |`string`|`"ARM64"`| no |
181
186
| <aname="input_ecs_operating_system_family"></a> [ecs\_operating\_system\_family](#input\_ecs\_operating\_system\_family)| Operating system family (windows or linux) for the ECS task (x86\_64 or arm64). Default is linux. Valid values are listed here: https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RuntimePlatform.html|`string`|`"LINUX"`| no |
182
187
| <aname="input_ecs_task_desired_image_tag"></a> [ecs\_task\_desired\_image\_tag](#input\_ecs\_task\_desired\_image\_tag)| The desired tag of the image in ECR you wish to use for your ECS Task. If using multiple tags, you can use this to speficy a specific tag (e.g. `v0.0.1`) to use. Default value is to use the version id image tag. |`string`|`null`| no |
188
+
| <aname="input_enable_alb_deletion_protection"></a> [enable\_alb\_deletion\_protection](#input\_enable\_alb\_deletion\_protection)| Whether to enable deletion protection for the Streamlit App Application Load Balancer. |`bool`|`false`| no |
189
+
| <aname="input_enable_alb_http_listener"></a> [enable\_alb\_http\_listener](#input\_enable\_alb\_http\_listener)| Whether to create the ALB HTTP listener. |`bool`|`true`| no |
190
+
| <aname="input_enable_alb_https_listener"></a> [enable\_alb\_https\_listener](#input\_enable\_alb\_https\_listener)| Whether to create the ALB HTTPS listener. |`bool`|`false`| no |
183
191
| <aname="input_enable_auto_cloudfront_invalidation"></a> [enable\_auto\_cloudfront\_invalidation](#input\_enable\_auto\_cloudfront\_invalidation)| This variable conditionally enables CloudFront invalidations to automatically occur when there are updates to your Streamlit App. |`bool`|`true`| no |
184
192
| <aname="input_enable_force_detach_policies"></a> [enable\_force\_detach\_policies](#input\_enable\_force\_detach\_policies)| Enable force detaching any policies from IAM roles. |`bool`|`true`| no |
193
+
| <aname="input_enable_streamlit_ecr_repo_scan_on_push"></a> [enable\_streamlit\_ecr\_repo\_scan\_on\_push](#input\_enable\_streamlit\_ecr\_repo\_scan\_on\_push)| Whether to enable image scanning on push for ECR repo. This uses the Amazon Inspector service, which will incur additional cost. |`bool`|`false`| no |
185
194
| <aname="input_environment"></a> [environment](#input\_environment)| The application environment where the resources will be deployed. e.g. 'dev', 'prod', etc. |`string`|`"dev"`| no |
186
195
| <aname="input_eventbridge_rules_enable_force_destroy"></a> [eventbridge\_rules\_enable\_force\_destroy](#input\_eventbridge\_rules\_enable\_force\_destroy)| Enable force destroy on all EventBridge rules. This allows the destruction of all events in the rule. |`bool`|`true`| no |
196
+
| <aname="input_existing_alb_https_listener_cert"></a> [existing\_alb\_https\_listener\_cert](#input\_existing\_alb\_https\_listener\_cert)| The ARN of an existing ACM certificate to use for the ALB HTTPS listener. |`string`|`null`| no |
187
197
| <aname="input_existing_alb_security_groups"></a> [existing\_alb\_security\_groups](#input\_existing\_alb\_security\_groups)| A list of existing security group IDs to attach to the Streamlit ECS service load balancer. |`list(string)`|`null`| no |
188
198
| <aname="input_existing_alb_subnets"></a> [existing\_alb\_subnets](#input\_existing\_alb\_subnets)| A list of existing subnets to launch the ALB in. Public subnets are recommended. |`list(string)`|`null`| no |
189
199
| <aname="input_existing_ecs_role"></a> [existing\_ecs\_role](#input\_existing\_ecs\_role)| The ARN of an existing ECS role to assign to the cluster. |`string`|`null`| no |
@@ -192,6 +202,11 @@ No modules.
192
202
| <aname="input_path_to_app_dir"></a> [path\_to\_app\_dir](#input\_path\_to\_app\_dir)| The path to the directory that contains all assets for your Streamlit project. Any changes made to this directory will trigger the Docker image to be rebuilt and pushed to ECR during subsequent applies. |`string`|`null`| no |
193
203
| <aname="input_path_to_build_spec"></a> [path\_to\_build\_spec](#input\_path\_to\_build\_spec)| The path to the build spec file for CodeBuild. This file should be a YAML file that defines the build process. |`string`|`null`| no |
194
204
| <aname="input_streamlit_ecr_repo_enable_force_delete"></a> [streamlit\_ecr\_repo\_enable\_force\_delete](#input\_streamlit\_ecr\_repo\_enable\_force\_delete)| Enable force delete on the ECR repo. This allows the destruction of all images in the repository. |`bool`|`true`| no |
205
+
| <aname="input_streamlit_ecr_repo_encryption_type"></a> [streamlit\_ecr\_repo\_encryption\_type](#input\_streamlit\_ecr\_repo\_encryption\_type)| The type of encryption for the ECR repo. Valid values are 'AES256' or 'KMS'. |`string`|`"AES256"`| no |
206
+
| <aname="input_streamlit_ecr_repo_image_tag_mutability"></a> [streamlit\_ecr\_repo\_image\_tag\_mutability](#input\_streamlit\_ecr\_repo\_image\_tag\_mutability)| Whether to enforce images tags to be immutable or not. Valid values are 'MUTABLE' or IMMUTABLE'. |`string`|`"MUTABLE"`| no |
207
+
| <aname="input_streamlit_ecr_repo_kms_key"></a> [streamlit\_ecr\_repo\_kms\_key](#input\_streamlit\_ecr\_repo\_kms\_key)| The KMS key ID used to encrypt the ECR repo. This is required if encryption\_type is 'KMS'. If not specified, the default AWS managed key for ECR is used. |`string`|`null`| no |
208
+
| <aname="input_streamlit_ecr_repo_lifecycle_policy"></a> [streamlit\_ecr\_repo\_lifecycle\_policy](#input\_streamlit\_ecr\_repo\_lifecycle\_policy)| A JSON string containing the ECR Lifecycle policy for the Streamlit ECR repo. |`string`|`null`| no |
209
+
| <aname="input_streamlit_ecs_service_log_group_kms_key"></a> [streamlit\_ecs\_service\_log\_group\_kms\_key](#input\_streamlit\_ecs\_service\_log\_group\_kms\_key)| The KMS key ID used to encrypt the log group for the ECS service. |`string`|`null`| no |
195
210
| <aname="input_tags"></a> [tags](#input\_tags)| Tags to apply to resources. |`map(any)`| <pre>{<br> "IAC_PROVIDER": "Terraform"<br>}</pre> | no |
196
211
| <aname="input_task_cpu"></a> [task\_cpu](#input\_task\_cpu)| The CPU resources (in CPU units) allocated to each task. Default is 256. |`number`|`256`| no |
197
212
| <aname="input_task_memory"></a> [task\_memory](#input\_task\_memory)| The memory (in MiB) allocated to each task. Default is 512. |`number`|`512`| no |
0 commit comments