Configuration¶
All variables are documented below, grouped by function. For the full reference table see the README.
Required Variables¶
These must be provided -- no defaults.
asg_subnets¶
Subnet IDs for ECS container instances. At least one private subnet is required.
load_balancer_subnets¶
Subnet IDs for the ALB. At least two subnets in different AZs.
zone_id¶
Route53 hosted zone ID for DNS records and ACM certificate validation.
alarm_emails¶
Email addresses for CloudWatch alarm notifications. AWS sends confirmation emails that must be accepted.
Naming and DNS¶
service_name¶
Name used for resource naming and tagging. Default: "pypiserver".
dns_names¶
DNS hostnames to create in the Route53 zone. Default: ["pypiserver"].
environment¶
Environment tag for resources. Default: "development".
Scaling and Sizing¶
The module auto-calculates task counts from instance type. Override only when needed.
asg_instance_type¶
EC2 instance type. Must have enough RAM for containers + page cache + system overhead. Default: "t3.small".
asg_min_size / asg_max_size¶
ASG bounds. Default: null (auto-calculated from subnets and task requirements).
task_min_count / task_max_count¶
ECS task bounds. Default: null (auto-calculated from instance capacity).
See Sizing for detailed capacity planning.
Container Resources¶
container_memory¶
Hard memory limit in MB. Container is killed if exceeded. Default: 512.
container_memory_reservation¶
Soft memory limit in MB. Default: null (75% of container_memory).
container_cpu¶
CPU units (1024 = 1 vCPU). Default: null (auto-calculated from workers).
gunicorn_workers¶
Workers per container. Default: null (auto-calculated from memory).
docker_image_tag¶
Pypiserver Docker image tag. Default: "latest". Pin for production.
EFS Storage¶
efs_throughput_mode¶
EFS throughput mode. Default: "elastic" (recommended).
- elastic: Pay-per-use, no burst credits to manage
- bursting: Free with storage, but credits deplete on small filesystems
- provisioned: Fixed throughput (set
efs_provisioned_throughput_in_mibps)
efs_provisioned_throughput_in_mibps¶
Only used with efs_throughput_mode = "provisioned". Range: 1-3414 MiB/s.
efs_lifecycle_policy¶
Days before files move to Infrequent Access storage. Default: 30. Set to null to disable.
Backups¶
enable_efs_backup¶
Enable AWS Backup for EFS. Default: true.
backup_retention_days¶
Days to retain backups. Default: 7.
backup_schedule¶
Cron expression for backup schedule. Default: "cron(0 2 * * ? *)" (daily 2 AM UTC).
Monitoring¶
enable_cloudwatch_dashboard¶
Create a CloudWatch dashboard. Default: true.
alarm_topic_arns¶
Additional SNS topic ARNs for alarm delivery (e.g. PagerDuty, Slack). Default: [].
efs_burst_credit_threshold¶
Burst credit alarm threshold. Only relevant with efs_throughput_mode = "bursting". Default: 1000000000000 (1 TB).
Security and Access¶
secret_readers¶
IAM role ARNs granted read access to the credentials secret.
users¶
SSH users for debugging EC2 instances (optional).
users = [
{
name = "admin"
groups = "wheel"
sudo = ["ALL=(ALL) NOPASSWD:ALL"]
ssh_authorized_keys = ["ssh-rsa AAAA..."]
}
]
Advanced¶
ami_id¶
Override the AMI for EC2 instances. Default: null (latest Amazon Linux 2023).
extra_instance_profile_permissions¶
Additional IAM policy JSON for instance profile.
cloudinit_extra_commands¶
Additional cloud-init commands for instance initialization.
extra_files¶
Additional files to deploy to instances.
access_log_force_destroy / backups_force_destroy¶
Force-destroy S3 bucket and backup vault during teardown. Set to true in test environments.