Skip to content

openbraininstitute/aws-terraform-deployment

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,256 Commits
.github
.github
 
 
.gitlab-ci-scripts
.gitlab-ci-scripts
 
 
accounting_svc
accounting_svc
 
 
bbp_workflow_svc
bbp_workflow_svc
 
 
billing_cost_management
billing_cost_management
 
 
bluenaas_svc
bluenaas_svc
 
 
cells_svc
cells_svc
 
 
core_webapp
core_webapp
 
 
cs
cs
 
 
dashboards
dashboards
 
 
hpc
hpc
 
 
kg-inference-api
kg-inference-api
 
 
ml
ml
 
 
networking
networking
 
 
nexus
nexus
 
 
nse
nse
 
 
on_demand_svc
on_demand_svc
 
 
ses_user
ses_user
 
 
ssh_key
ssh_key
 
 
static-server
static-server
 
 
templates/tf
templates/tf
 
 
thumbnail-generation-api
thumbnail-generation-api
 
 
virtual-lab-manager
virtual-lab-manager
 
 
viz
viz
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
CODEOWNERS
CODEOWNERS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
amis.tf
amis.tf
 
 
apigateway-cloudwatch.tf
apigateway-cloudwatch.tf
 
 
core-svc-buckets.tf
core-svc-buckets.tf
 
 
main.tf
main.tf
 
 
moved.tf
moved.tf
 
 
nexus-obp-moves.tf
nexus-obp-moves.tf
 
 
nexus-openscience-moves.tf
nexus-openscience-moves.tf
 
 
production.config
production.config
 
 
production.tfvars
production.tfvars
 
 
remote.tf
remote.tf
 
 
ssh-bastion-vms-on-public-subnets.tf
ssh-bastion-vms-on-public-subnets.tf
 
 
staging.config
staging.config
 
 
staging.tfvars
staging.tfvars
 
 
subnets-public.tf
subnets-public.tf
 
 
terraform-backend.tf
terraform-backend.tf
 
 
terraform-config.tf
terraform-config.tf
 
 
user-policies.tf
user-policies.tf
 
 
variables-common.tf
variables-common.tf
 
 
variables-switches.tf
variables-switches.tf
 
 

Repository files navigation

deployment

AWS Deployment

Deployment of the OBI platform in AWS with Terraform.

Requirements

Name Version
terraform >= 1.2.0
aws ~> 5.55, != 5.71.0
ec ~> 0.9.0

Providers

Name Version
aws 5.84.0
terraform n/a

Modules

Name Source Version
accounting_svc ./accounting_svc n/a
bbp_workflow_svc ./bbp_workflow_svc n/a
billing_cost_management ./billing_cost_management n/a
bluenaas_svc ./bluenaas_svc n/a
cells_svc ./cells_svc n/a
core_webapp ./core_webapp n/a
coreservices_key ./ssh_key n/a
cs ./cs n/a
dashboards ./dashboards n/a
hpc ./hpc n/a
kg_inference_api ./kg-inference-api n/a
ml ./ml n/a
networking ./networking n/a
nexus ./nexus n/a
nse ./nse n/a
static-server ./static-server n/a
thumbnail_generation_api ./thumbnail-generation-api n/a
virtual_lab_manager ./virtual-lab-manager n/a
viz ./viz n/a

Resources

Name Type
aws_api_gateway_account.this resource
aws_iam_group.obp_nse_team resource
aws_iam_group_membership.obp_nse_team resource
aws_iam_group_policy_attachment.nse-policy-attach resource
aws_iam_policy.cell_svc_bucket_role_policy resource
aws_iam_role.apigw_cloudwatch resource
aws_iam_role_policy_attachments_exclusive.apigw_cloudwatch_policy_attachment resource
aws_iam_user.cell_svc_bucket_user resource
aws_instance.ssh_bastion_a resource
aws_instance.ssh_bastion_b resource
aws_network_acl.public resource
aws_route53_record.ssh_bastion resource
aws_route53_record.ssh_bastion_a resource
aws_route53_record.ssh_bastion_b resource
aws_s3_bucket.sbo-cell-svc-perf-test resource
aws_s3_bucket_lifecycle_configuration.sbo-cell-svc-perf-test resource
aws_s3_bucket_metric.sbo-cell-svc-perf-test-metrics resource
aws_s3_bucket_public_access_block.sbo-cell-svc-perf-test resource
aws_s3_bucket_versioning.sbo-cell-svc-perf-test-versioning resource
aws_s3_object.sbo-cell-svc-perf-test-directory resource
aws_security_group.ssh_bastion_hosts resource
aws_ssoadmin_permission_set.readonly_with_additional_billing_rights resource
aws_ssoadmin_permission_set.readonly_with_additional_dashboard_rights resource
aws_ssoadmin_permission_set.readonly_with_additional_ecs_rights resource
aws_ssoadmin_permission_set.readonly_with_additional_hpc_rights resource
aws_ssoadmin_permission_set.readonly_with_additional_s3_rights resource
aws_ssoadmin_permission_set.readonly_with_additional_waframework_rights resource
aws_ssoadmin_permission_set_inline_policy.readonly_with_additional_billing_rights resource
aws_ssoadmin_permission_set_inline_policy.readonly_with_additional_dashboard_rights resource
aws_ssoadmin_permission_set_inline_policy.readonly_with_additional_ecs_rights resource
aws_ssoadmin_permission_set_inline_policy.readonly_with_additional_hpc_rights resource
aws_ssoadmin_permission_set_inline_policy.readonly_with_additional_s3_rights resource
aws_ssoadmin_permission_set_inline_policy.readonly_with_additional_waframework_rights resource
aws_vpc_security_group_egress_rule.ssh_bastion_hosts_allow_everything_outgoing resource
aws_vpc_security_group_ingress_rule.ssh_bastion_hosts_allow_http_internal resource
aws_vpc_security_group_ingress_rule.ssh_bastion_hosts_allow_https_internal resource
aws_vpc_security_group_ingress_rule.ssh_bastion_hosts_allow_ssh_external resource
aws_ami.almalinux data source
aws_ami.amazon_linux_2_ecs data source
aws_caller_identity.current data source
aws_iam_policy_document.apigw data source
aws_region.current data source
aws_ssoadmin_instances.ssoadmin_instances data source
terraform_remote_state.common data source

Inputs

Name Description Type Default Required
cell_svc_bucket_name n/a string n/a yes
core_web_app_docker_image_url docker image for the core-web-app string n/a yes
create_ssh_bastion_vm_on_public_a_network Create SSH bastion VM on public network in availability zone A: needed for access to HPC resources for example bool true no
create_ssh_bastion_vm_on_public_b_network Create SSH bastion VM on public network in availability zone B: only needed for testing across availability zones bool false no
ec_apikey n/a string n/a yes
is_production Whether deployment is happening in production or not bool true no
ml_paper_bucket_name n/a string n/a yes
nexus_az_letter_id n/a string n/a yes
nexus_domain_name n/a string n/a yes
nexus_obp_bucket_name n/a string n/a yes
nexus_openscience_bucket_name n/a string n/a yes
nexus_ship_bucket_name n/a string n/a yes
nise_dockerhub_password Password for the NISE dockerhub access. Set via TF_VAR_nise_dockerhub_password variable. string n/a yes
terraform_remote_state_bucket_name Bucket name storing the deployment-common tfstate string n/a yes
terraform_remote_state_dynamodb_table dynamodb table that stores the remote lock string n/a yes
virtual_lab_manager_base_path The base path for the virtual lab manager string "/api/virtual-lab-manager" no
virtual_lab_manager_docker_image_url docker image for the virtual lab manager string "bluebrain/obp-virtual-lab-api:latest" no
virtual_lab_manager_ecs_number_of_containers Number of containers for the virtual lab manager number 1 no
virtual_lab_manager_log_group_name The log name within cloudwatch for the virtual lab manager string "virtual_lab_manager" no

Outputs

Name Description
admin_vm_on_public_a_dns_cname n/a
admin_vm_on_public_a_network_ip n/a
admin_vm_on_public_a_network_name n/a
admin_vm_on_public_b_network_ip n/a
admin_vm_on_public_b_network_name n/a

Funding and Acknowledgement

The development of this software was supported by funding to the Blue Brain Project, a research center of the École polytechnique fédérale de Lausanne (EPFL), from the Swiss government’s ETH Board of the Swiss Federal Institutes of Technology.

Copyright (c) 2015-2024 Blue Brain Project/EPFL Copyright (c) 2025 Open Brain Institute

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

5 tags

Packages

No packages published

Contributors 22
+ 8 contributors

Languages