08. Variables and Parameters
Configuration guide for variables and parameters in MILU2 Infrastructure.
Variable Files Overview
tofu/envs/
├── common_vars.hcl # Shared across all environments
├── config.hcl # Backend + provider config
└── <env>/
└── env_vars.hcl # Environment-specific settingsHow Variables Are Loaded
# In terragrunt.hcl
locals {
common_vars = read_terragrunt_config(find_in_parent_folders("common_vars.hcl"))
env_vars = read_terragrunt_config("${get_terragrunt_dir()}/../env_vars.hcl")
}
inputs = {
common_vars = local.common_vars
env_vars = local.env_vars
}Downloading Variables
Variables are stored in S3 and downloaded before plan/apply:
# Download both files
sh shell/get_vars.sh <env>
# Downloads from:
# s3://milu2-iac-env/tofu/common_vars.hcl
# s3://milu2-iac-env/tofu/<env>/env_vars.hcl
common_vars.hcl
Location: s3://milu2-iac-env/tofu/common_vars.hcl
| Variable | Type | Example | Description |
|---|
| app_name | string | "milu2" | Application name prefix |
| aws_region | string | "ap-northeast-1" | Primary AWS region |
env_vars.hcl
Location: s3://milu2-iac-env/tofu/<env>/env_vars.hcl
Network Settings
| Variable | Type | Example | Description |
|---|
| vpc_cidr | string | "10.0.0.0/16" | VPC CIDR block |
| public_subnet_cidr | string | "10.0.0.0/24" | Public subnet CIDR |
| public_subnet_az | string | "ap-northeast-1a" | Public subnet AZ |
| private_subnet_cidrs | list | ["10.0.1.0/24", "10.0.2.0/24"] | Private subnet CIDRs |
| ga_subnet_cidrs | list | ["10.0.10.0/28", "10.0.10.16/28"] | GA subnet CIDRs |
| bastion_inbound_cidrs | list | ["203.0.113.0/24"] | SSH allowed CIDRs |
Domain Settings
| Variable | Type | Example | Description |
|---|
| web_domain | string | "web.milu2.example.com" | Web CloudFront domain |
| admin_domain | string | "admin.milu2.example.com" | Admin CloudFront domain |
| api_domain | string | "api.milu2.example.com" | API CloudFront domain |
| push_domain | string | "push.milu2.example.com" | Push service domain |
Database Settings
| Variable | Type | Description |
|---|
| db_username | string | RDS master username |
| db_names | list | Database names to create |
| mas_db_user | string | Master DBA username |
| mas_db_password | string | Master DBA password |
| ope_db_user | string | Operations username |
| ope_db_password | string | Operations password |
| ro_db_user | string | Read-only username |
| ro_db_password | string | Read-only password |
Cache Settings
| Variable | Type | Description |
|---|
| elasticache_auth_token | string | ElastiCache AUTH token |
| memorydb_auth_user | string | MemoryDB ACL username |
| memorydb_auth_password | string | MemoryDB ACL password |
terragrunt.hcl Inputs
Location: tofu/envs/<env>/core/terragrunt.hcl
Compute Settings
| Variable | Type | Default | Description |
|---|
| fargate_spot_base | number | 0 | Fargate Spot base capacity |
| fargate_spot_weight | number | 0 | Fargate Spot weight |
| api_autoscale_min | number | 1 | API min tasks |
| api_autoscale_max | number | 8 | API max tasks |
| web_autoscale_min | number | 1 | Web min tasks |
| web_autoscale_max | number | 8 | Web max tasks |
RDS Settings
| Variable | Type | Default | Description |
|---|
| reader_count | number | 0 | Aurora reader count |
| rds_min_capacity | number | 0.5 | Min ACUs |
| rds_max_capacity | number | 2 | Max ACUs |
ElastiCache Settings
| Variable | Type | Default | Description |
|---|
| elasticache_node_type | string | "cache.t4g.micro" | Node type |
| elasticache_num_node_groups | number | 1 | Number of shards |
| elasticache_replicas_per_node_group | number | 0 | Replicas per shard |
| elasticache_multi_az_enabled | bool | false | Multi-AZ |
MemoryDB Settings
| Variable | Type | Default | Description |
|---|
| memorydb_node_type | string | "db.t4g.small" | Node type |
| memorydb_num_shards | number | 1 | Number of shards |
| memorydb_num_replicas_per_shard | number | 0 | Replicas per shard |
Game Node Settings
# Example node_servers
node_servers = {
world = {
port_start = 7551
port_end = 7999
protocol = "UDP"
desired = 1
secondaries = 0
}
commu = {
port_start = 9551
port_end = 9999
protocol = "UDP"
desired = 1
secondaries = 0
}
battle = {
port_start = 8551
port_end = 8999
protocol = "UDP"
desired = 1
secondaries = 0
}
chat = {
port_start = 8101
port_end = 8499
protocol = "TCP"
desired = 1
secondaries = 0
}
center = {
port_start = 3000
port_end = 3000
protocol = "TCP"
desired = 1
secondaries = 0
}
}Global Accelerator Settings
# Example ga_servers
ga_servers = {
world = {
from_port = 10000
to_port = 19999
}
commu = {
from_port = 20000
to_port = 29999
}
battle = {
from_port = 30000
to_port = 39999
}
chat = {
from_port = 40000
to_port = 48999
}
}Environment-Specific Overrides
Production Recommendations
# Higher capacity
rds_min_capacity = 2
rds_max_capacity = 16
api_autoscale_max = 20
web_autoscale_max = 20
# Multi-AZ
elasticache_multi_az_enabled = true
elasticache_replicas_per_node_group = 1
# Deletion protection
db_deletion_protection = true
docdb_deletion_protection = true
# Larger instances
elasticache_node_type = "cache.r6g.large"
memorydb_node_type = "db.r6g.large"
Development/Test
# Minimal capacity
rds_min_capacity = 0.5
rds_max_capacity = 2
api_autoscale_min = 1
web_autoscale_min = 1
# Single AZ
elasticache_multi_az_enabled = false
# Fargate Spot for cost savings
fargate_spot_base = 1
fargate_spot_weight = 1
Lambda Environment Variables
| Lambda | Variables |
|---|
| image-validator | S3_TMP_BUCKET, S3_DEST_BUCKET |
| video-validator | S3_TMP_BUCKET, S3_QUARANTINE_BUCKET, REKOGNITION_SNS_TOPIC_ARN, REKOGNITION_ROLE_ARN, MAX_VIDEO_DURATION_SEC |
| video-moderation-result | S3_QUARANTINE_BUCKET, S3_DEST_BUCKET |
| cache-invalidator | DISTRIBUTION_ID |
| ga-port-mapping-resolver | SUBNET_IDS |
| scale-node-service | APP_NAME |
Provider Tags (Default)
All resources receive these tags automatically:
default_tags {
tags = {
Name = "${app_name}-${env}"
Project = "${app_name}"
Environment = "${env}"
Module = "${path_relative_to_include()}"
}
}Sensitive Variables
⚠️ Never commit these to Git:
*_password - Database passwords*_auth_token - Cache auth tokensbastion_inbound_cidrs - Office/VPN IPs
These are stored in S3 and downloaded during deployment.