Configuration Reference¶

Terraform Variables¶

Infrastructure variables defined in variables.tf:

Variable	Type	Default	Description
`environment`	string	—	Environment name (dev, staging, production)
`deployment_mode`	string	`"eks"`	Deployment mode: `eks` or `ec2`
`vpc_cidr`	string	`"10.0.0.0/16"`	VPC CIDR block
`db_instance_class`	string	`"db.t3.medium"`	RDS instance type
`db_multi_az`	bool	`false`	Enable Multi-AZ for RDS
`db_backup_retention`	number	`7`	Backup retention in days
`redis_node_type`	string	`"cache.t3.micro"`	ElastiCache node type
`opensearch_instance_type`	string	`"t3.small.search"`	OpenSearch instance type
`opensearch_volume_size`	number	`20`	OpenSearch EBS volume size (GB)
`eks_instance_type`	string	`"t3.large"`	EKS node instance type
`eks_node_count`	number	`2`	Number of EKS worker nodes
`enable_cloudtrail`	bool	`true`	Enable CloudTrail audit logging
`enable_vpc_flow_logs`	bool	`true`	Enable VPC flow logs

Terraform Outputs to Helm Values¶

Terraform Output	Helm Value	Notes
`ecr_registry_url`	`global.imageRegistry`	ECR base URL (or use your own registry URL)
`efs_id`	`efsStorageClass.fileSystemId`	EFS file system ID
`app_db_endpoint`	`postgresql.external.host`	Strip port from endpoint
`keycloak_db_endpoint`	`postgresqlKeycloak.external.host`	Strip port from endpoint
`redis_endpoint`	`redis.external.host`	ElastiCache primary endpoint
`opensearch_endpoint`	`elasticsearch.external.url`	Includes `https://` prefix
`certificate_arn`	Ingress annotation	ACM certificate for ALB HTTPS

Secrets are stored in SSM Parameter Store and retrieved via AWS CLI:

aws ssm get-parameter --name "/ubtrace/<env>/db/app/password" --with-decryption
aws ssm get-parameter --name "/ubtrace/<env>/db/keycloak/password" --with-decryption
aws ssm get-parameter --name "/ubtrace/<env>/redis/auth_token" --with-decryption