Add Terraform infrastructure for AWS EC2 deployment #65
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Introduces reusable Terraform modules for EC2, RDS PostgreSQL, and Redis ElastiCache, along with a complete stack for deploying Greptile on AWS EC2 with Docker. Includes example configurations for consuming the stack as a module.
|
Skipped: This PR does not contain any of your configured keywords: ( |
Greptile OverviewUpdated On: 2025-11-04 00:08:43 UTC Greptile SummaryThis PR adds production-ready Terraform infrastructure for deploying Greptile on AWS EC2 with Docker. The implementation follows a modular architecture with three reusable modules ( Key Improvements Made:
Architecture: Confidence Score: 4/5
Important Files ChangedFile Analysis
Sequence DiagramsequenceDiagram
participant User
participant Terraform
participant AWS_IAM as AWS IAM
participant AWS_EC2 as AWS EC2
participant AWS_RDS as AWS RDS
participant AWS_Redis as AWS ElastiCache
User->>Terraform: terraform init
User->>Terraform: terraform plan
User->>Terraform: terraform apply
Terraform->>AWS_IAM: Create IAM role with Bedrock permissions
AWS_IAM-->>Terraform: Role ARN
Terraform->>AWS_IAM: Create instance profile
AWS_IAM-->>Terraform: Instance profile ARN
Terraform->>AWS_RDS: Create DB subnet group
Terraform->>AWS_RDS: Create RDS security group
Terraform->>AWS_RDS: Create PostgreSQL instance (encrypted)
AWS_RDS-->>Terraform: RDS endpoint
Terraform->>AWS_Redis: Create ElastiCache subnet group
Terraform->>AWS_Redis: Create Redis security group
Terraform->>AWS_Redis: Create Redis replication group (encrypted, auth enabled)
AWS_Redis-->>Terraform: Redis primary endpoint
Terraform->>AWS_EC2: Create EC2 security group with restricted ingress
Terraform->>AWS_EC2: Launch EC2 instance with IAM profile
AWS_EC2-->>Terraform: EC2 public IP
Note over AWS_EC2,AWS_RDS: EC2 connects to RDS via security group rules
Note over AWS_EC2,AWS_Redis: EC2 connects to Redis via security group rules
Terraform-->>User: Output endpoints and IPs
|
![greptile-apps-staging[bot]](https://avatars.githubusercontent.com/u/140149887?s=60&v=4){kind=small}
- Remove 0.0.0.0/0 defaults from ec2-app module to prevent accidental exposure - Add validation requiring at least one ingress rule - Provide secure defaults using 10.0.0.0/8 corporate CIDR at stack/example level - Force users to explicitly configure network access for production deployments
- Change skip_final_snapshot from hardcoded true to configurable (defaults to false for safety)
- Add final_snapshot_identifier variable for custom snapshot naming
- Default snapshot name pattern: {db_identifier}-final
- Prevents accidental data loss when destroying production databases
Update module source from github.com/greptile to github.com/greptileai
- Add auth_token variable to redis-cluster module with validation (min 16 chars) - Require auth_token when transit_encryption_enabled is true - Pass auth_token through stack and example configurations - Update documentation to mention Redis auth token requirement - Add example placeholder in terraform.tfvars.example
HofmT
reviewed
Nov 4, 2025
| @@ -0,0 +1,64 @@ | |||
| resource "aws_elasticache_subnet_group" "this" { | |||
There was a problem hiding this comment.
@cedricgc We can actually get rid of REDIS entirely. There is no use-case for on-prem customers.
There was a problem hiding this comment.
Good to know. We can simplify the stack here. I think I will keep the module but not wire it in to any of the stack to make the configuration much simpler
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds comprehensive Terraform infrastructure for deploying Greptile on AWS EC2 with Docker. The implementation follows a modular architecture with reusable components that can be composed into different deployment stacks.
What's included
Reusable Modules (
terraform/modules/):Complete Stack (
terraform/stacks/aws-ec2/):Examples (
terraform/examples/):Architecture
Test plan
terraform initinterraform/stacks/aws-ec2/terraform validateto check syntaxterraform planwith valid AWS credentials and VPC/subnet IDsterraform/examples/aws-ec2-module/is valid