LabLink uses structured configuration files to customize behavior. This guide covers all configuration options and how to modify them.
!!! info "Infrastructure Repository"
Configuration files are located in the lablink-template repository under lablink-infrastructure/config/config.yaml. Clone the template repository to deploy LabLink infrastructure.
Complete, copy-paste-ready config.yaml files for common deployment scenarios.
!!! info "Source"
These examples are maintained in the lablink-template repository under lablink-infrastructure/config/.
| Scenario | SSL | DNS Required | Rate Limits | Extra Cost | Complexity |
|---|---|---|---|---|---|
| IP Only | None | No | None | None | Simplest |
| Let's Encrypt (Terraform DNS) | Auto via Caddy | Route53 | 5 certs/domain/week | None | Medium |
| Let's Encrypt (Manual DNS) | Auto via Caddy | Route53 (manual) | 5 certs/domain/week | None | Medium |
| CloudFlare | CloudFlare proxy | CloudFlare | None | None | Medium |
| ACM + ALB | AWS-managed | Route53 | None | ~$20/month | Higher |
Quick decision guide:
- No domain? Use IP Only
- Have a domain + want free auto-SSL? Use Let's Encrypt (pick Terraform-managed vs manual DNS)
- Domain in CloudFlare? Use CloudFlare
- Want enterprise-grade load balancing? Use ACM + ALB
See the Configuration Examples section at the end of this page for complete YAML files for each scenario.
!!! danger "Critical Security Step"
Before deploying LabLink or creating any VMs, you MUST replace PLACEHOLDER_ADMIN_PASSWORD and PLACEHOLDER_DB_PASSWORD in your config. See Security → Change Default Passwords for all methods (GitHub Secrets, manual config, environment variables, AWS Secrets Manager).
LabLink uses Hydra for configuration management, which provides:
- Structured configs: Type-safe dataclass-based configuration
- Hierarchical composition: Override specific values
- Environment variables: Override via
ENV_VARsyntax - Command-line overrides: Pass config values as arguments
Location: lablink-infrastructure/config/config.yaml
db:
dbname: "lablink_db"
user: "lablink"
password: "PLACEHOLDER_DB_PASSWORD" # Injected from GitHub secret at deploy time
host: "localhost"
port: 5432
table_name: "vms"
message_channel: "vm_updates"
machine:
machine_type: "g4dn.xlarge"
image: "ghcr.io/talmolab/lablink-client-base-image:linux-amd64-test"
ami_id: "ami-0601752c11b394251"
repository: "https://github.com/talmolab/sleap-tutorial-data.git"
software: "sleap"
extension: "slp"
app:
admin_user: "admin"
admin_password: "PLACEHOLDER_ADMIN_PASSWORD" # Injected from GitHub secret at deploy time
region: "us-west-2"
dns:
enabled: true
terraform_managed: false
domain: "dev.lablink.sleap.ai"
zone_id: ""
eip:
strategy: "dynamic"
tag_name: "lablink-eip"
ssl:
provider: "letsencrypt"
email: "admin@sleap.ai"
certificate_arn: ""
allocator:
image_tag: "linux-amd64-latest-test"
bucket_name: "tf-state-lablink-allocator-bucket"
startup_script:
enabled: false
path: ""
on_error: "continue"
monitoring:
enabled: false
email: ""
thresholds:
max_instances_per_5min: 10
max_terminations_per_5min: 20
max_unauthorized_calls_per_15min: 5
budget:
enabled: false
monthly_budget_usd: 500
cloudtrail:
retention_days: 90Location: packages/client/src/lablink_client/conf/config.yaml
allocator:
host: "localhost"
port: 80
client:
software: "sleap"Configuration for the PostgreSQL database.
| Option | Type | Default | Description |
|---|---|---|---|
dbname |
string | lablink_db |
Database name |
user |
string | lablink |
Database username |
password |
string | lablink |
Database password (override with PLACEHOLDER_DB_PASSWORD or GitHub secret) |
host |
string | localhost |
Database host |
port |
int | 5432 |
PostgreSQL port |
table_name |
string | vm_table |
VM table name |
message_channel |
string | vm_updates |
PostgreSQL NOTIFY channel |
!!! warning "Production Security"
Configure DB_PASSWORD secret for GitHub Actions deployments, or manually replace the placeholder. See Security.
Configuration for client VM specifications. These are the key options for adapting LabLink to your research software.
| Option | Type | Default | Description |
|---|---|---|---|
machine_type |
string | g4dn.xlarge |
AWS EC2 instance type |
image |
string | ghcr.io/talmolab/lablink-client-base-image:latest |
Docker image for client container |
ami_id |
string | ami-00c257e12d6828491 |
Amazon Machine Image (Ubuntu 24.04 + Docker + Nvidia) |
repository |
string (optional) | None |
Git repository to clone on VM |
software |
string | sleap |
Software identifier (used by client) |
extension |
string | slp |
File extension associated with the software's data files |
Common GPU instance types:
| Instance Type | GPU | vCPUs | Memory | GPU Memory | Use Case |
|---|---|---|---|---|---|
g4dn.xlarge |
NVIDIA T4 | 4 | 16 GB | 16 GB | Light workloads, testing |
g4dn.2xlarge |
NVIDIA T4 | 8 | 32 GB | 16 GB | Medium workloads |
g5.xlarge |
NVIDIA A10G | 4 | 16 GB | 24 GB | Training, inference |
g5.2xlarge |
NVIDIA A10G | 8 | 32 GB | 24 GB | Large models |
p3.2xlarge |
NVIDIA V100 | 8 | 61 GB | 16 GB | Deep learning training |
See AWS Instance Types for complete list.
Default: ghcr.io/talmolab/lablink-client-base-image:latest
The Docker image determines what software runs on your VMs. Options:
- Use default SLEAP image (for SLEAP workflows)
- Build custom image (for your research software) - see Adapting LabLink
- Use different tag:
:latest- latest stable release:linux-amd64-test- development version:v1.0.0- specific version
Default: ami-00c257e12d6828491 (Ubuntu 24.04 + Docker + Nvidia in us-west-2)
The Amazon Machine Image determines the OS and pre-installed software. You may need different AMIs for:
- Different AWS regions (AMI IDs are region-specific)
- Different OS versions
- Custom pre-configured images
Find AMIs:
aws ec2 describe-images \
--owners 099720109477 \
--filters "Name=name,Values=ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*" \
--query 'Images[*].[ImageId,Name,CreationDate]' \
--output tableDefault: None (no repository cloned)
Git repository to clone onto the client VM. Use this for:
- Custom analysis scripts
- Training data
- Configuration files
- Research code
Set to empty string or omit if no repository needed:
repository: ""Default: sleap
String identifier for the research software. Used by client service for software-specific logic.
Default: slp
The file extension associated with the software's data files. Used for identifying relevant data files on the VM.
General application settings.
| Option | Type | Default | Description |
|---|---|---|---|
admin_user |
string | admin |
Admin username for web UI |
admin_password |
string | admin_password |
Admin password (override with PLACEHOLDER_ADMIN_PASSWORD or GitHub secret) |
region |
string | us-west-2 |
AWS region for deployments |
!!! danger "Configure Passwords"
Configure ADMIN_PASSWORD secret for GitHub Actions deployments, or manually replace the placeholder. See Security.
Controls DNS configuration for allocator hostname.
| Option | Type | Default | Description |
|---|---|---|---|
enabled |
boolean | false |
Enable DNS-based URLs |
terraform_managed |
boolean | true |
Let Terraform manage Route 53 records |
domain |
string | "" |
Full domain name (e.g., lablink.sleap.ai or test.lablink.sleap.ai) |
zone_id |
string | "" |
Route 53 zone ID (optional, skips lookup if provided) |
See DNS Configuration for detailed setup instructions.
Controls Elastic IP allocation strategy.
| Option | Type | Default | Description |
|---|---|---|---|
strategy |
string | "dynamic" |
persistent = reuse tagged EIP, dynamic = create new |
tag_name |
string | "lablink-eip" |
Tag name for persistent EIP lookup |
Controls HTTPS/SSL certificate management.
| Option | Type | Default | Description |
|---|---|---|---|
provider |
string | "letsencrypt" |
SSL provider: letsencrypt, cloudflare, acm, or none |
email |
string | "" |
Email for Let's Encrypt notifications (required when provider="letsencrypt") |
certificate_arn |
string | "" |
AWS ACM certificate ARN (required when provider="acm") |
letsencrypt - Automatic SSL via Caddy + Let's Encrypt
- HTTPS with trusted certificates
- Automatic HTTP → HTTPS redirects
- Requires
dns.enabled: trueand a validssl.email - Rate limited (5 duplicate certificates per week per domain)
Configuration example:
dns:
enabled: true
domain: "lablink.example.com"
ssl:
provider: "letsencrypt"
email: "admin@example.com"cloudflare - CloudFlare proxy handles SSL
- Requires CloudFlare DNS configuration
- Requires
dns.enabled: trueanddns.terraform_managed: false
Configuration example:
dns:
enabled: true
terraform_managed: false
domain: "lablink.example.com"
ssl:
provider: "cloudflare"acm - AWS Certificate Manager
- Uses AWS-managed SSL certificates with an Application Load Balancer
- Requires
dns.enabled: trueand a validssl.certificate_arn
Configuration example:
dns:
enabled: true
domain: "lablink.example.com"
ssl:
provider: "acm"
certificate_arn: "arn:aws:acm:us-west-2:123456789012:certificate/abc-123"none - No SSL, HTTP only
- Serves HTTP only on port 80
- No encryption - all traffic is plaintext
- Browser shows "Not Secure" warning
- Useful for testing and development
- May require clearing browser HSTS cache if you previously accessed via HTTPS (see Troubleshooting)
Configuration example:
ssl:
provider: "none"The following rules are enforced during configuration validation:
- SSL
providerother than"none"requiresdns.enabled: true provider: "letsencrypt"requires a non-emptyssl.emailprovider: "acm"requires a non-emptyssl.certificate_arnprovider: "cloudflare"requiresdns.terraform_managed: false
When using provider: "letsencrypt":
- 50 certificates per domain per week
- 5 duplicate certificates per week (same hostnames)
- 300 pending authorizations per account
Use provider: "none" for frequent testing to avoid these limits.
With provider: "none" (HTTP only):
- Type
http://explicitly in address bar (e.g.,http://test.lablink.sleap.ai) - Clear HSTS cache if you previously accessed via HTTPS
- Expect "Not Secure" warning (this is normal)
Alternatives:
- Use incognito/private browsing
- Access via IP:
http://<allocator-ip> - Use curl:
curl http://test.lablink.sleap.ai
With SSL enabled (letsencrypt, cloudflare, or acm):
Access via https://your-domain.com - browser shows secure padlock.
!!! warning "HTTP-only Security"
provider: "none" serves unencrypted HTTP. Never use for production or sensitive data. See Security.
Configuration for the allocator service Docker image used during infrastructure deployment. This section is consumed by Terraform, not by the allocator service itself.
| Option | Type | Default | Description |
|---|---|---|---|
image_tag |
string | "linux-amd64-latest" |
Docker image tag for the allocator service |
Example tags:
linux-amd64-latest- latest stable releaselinux-amd64-latest-test- development versionlinux-amd64-v1.2.3- specific version
Option: bucket_name
Default: tf-state-lablink-allocator-bucket
S3 bucket for Terraform state storage. Must be globally unique.
Controls a custom startup script to be run on client VMs after the container starts.
| Option | Type | Default | Description |
|---|---|---|---|
enabled |
boolean | false |
Enable custom startup script |
path |
string | "" |
Path to the startup script file |
on_error |
string | continue |
Behavior on script error: continue or fail |
Example:
startup_script:
enabled: true
path: "/path/to/your/script.sh"
on_error: "fail"When enabled is true, the content of the script specified by path will be executed on the client VM.
- If
on_erroriscontinue, any errors in the script will be logged, but the VM will continue to run. - If
on_errorisfail, the VM setup will be aborted if the script returns a non-zero exit code.
Configuration for AWS monitoring, alerting, and cost management. When enabled, this deploys CloudWatch alarms, SNS notifications, AWS Budgets, and CloudTrail logging.
| Option | Type | Default | Description |
|---|---|---|---|
enabled |
boolean | false |
Enable monitoring infrastructure |
email |
string | "" |
Email address for alert notifications |
Resource usage thresholds that trigger CloudWatch alarms.
| Option | Type | Default | Description |
|---|---|---|---|
max_instances_per_5min |
int | 10 |
Maximum instance launches allowed in a 5-minute window |
max_terminations_per_5min |
int | 20 |
Maximum instance terminations allowed in a 5-minute window |
max_unauthorized_calls_per_15min |
int | 5 |
Maximum unauthorized API calls allowed in a 15-minute window |
AWS Budget configuration for cost management.
| Option | Type | Default | Description |
|---|---|---|---|
enabled |
boolean | false |
Enable budget monitoring |
monthly_budget_usd |
int | 500 |
Monthly budget limit in USD |
AWS CloudTrail logging configuration for audit trails.
| Option | Type | Default | Description |
|---|---|---|---|
retention_days |
int | 90 |
Number of days to retain CloudTrail logs |
Example:
monitoring:
enabled: true
email: "alerts@example.com"
thresholds:
max_instances_per_5min: 10
max_terminations_per_5min: 20
max_unauthorized_calls_per_15min: 5
budget:
enabled: true
monthly_budget_usd: 1000
cloudtrail:
retention_days: 90After modifying configuration, validate it:
Use the built-in validation CLI to check your config against the schema:
# Validate config file
lablink-validate-config lablink-infrastructure/config/config.yaml
# Output on success:
# ✓ Config validation passed
# Output on error:
# ✗ Config validation failed: Error merging config with schema
# Unknown keys found: ['unknown_section']The validator checks:
- File exists and is named
config.yaml - All keys match the structured config schema
- Required fields are present
- Type mismatches (strings vs integers, etc.)
- Unknown configuration sections
- DNS/SSL dependency rules (e.g., SSL requires DNS enabled)
Important: The validator requires the filename to be config.yaml to enable Hydra's strict schema matching. Using a different filename will bypass schema validation.
Usage in CI/CD:
# Validate before deployment
lablink-validate-config config/config.yaml && terraform apply || exit 1# YAML syntax check
python -c "import yaml; yaml.safe_load(open('lablink-infrastructure/config/config.yaml'))"# Run allocator with custom config
cd packages/allocator
python src/lablink_allocator_service/main.pycd lablink-infrastructure
terraform validate
terraform plan # Preview changesmachine:
machine_type: "g4dn.2xlarge"
image: "ghcr.io/yourorg/your-research-image:latest"
repository: "https://github.com/yourorg/your-research-code.git"
software: "your-software-name"
extension: "your-extension"See Adapting LabLink for complete guide.
Create environment-specific configs:
config-cpu.yaml (for testing):
machine:
machine_type: "t2.medium"
ami_id: "ami-0c55b159cbfafe1f0"config-gpu.yaml (for production):
machine:
machine_type: "g5.xlarge"
ami_id: "ami-00c257e12d6828491"Use with Hydra:
python main.py --config-name=config-gpuUse external PostgreSQL (RDS):
db:
dbname: "lablink_production"
user: "lablink_admin"
password: "${DB_PASSWORD}"
host: "lablink-db.cluster-xxxxx.us-west-2.rds.amazonaws.com"
port: 5432- Never commit secrets: Use environment variables or AWS Secrets Manager
- Pin versions in production: Use specific image tags, not
:latest - Document custom values: Add comments explaining non-standard configurations
- Test configuration changes: Validate with
terraform planbefore applying - Use separate configs per environment: Don't reuse dev configs in production
Check file location and syntax:
python -c "import yaml; print(yaml.safe_load(open('conf/config.yaml')))"Verify export and check case sensitivity:
env | grep -i lablink
echo $DB_PASSWORDEnsure -var flags are passed:
terraform plan -var="resource_suffix=prod"Access the allocator via public IP address over HTTP. No domain or SSL required.
!!! tip "No rate limits" This is the simplest setup and has no certificate issuance limits. Perfect for frequent testing and development.
Prerequisites: None
Access URL: http://<ALLOCATOR_IP>:5000
# LabLink Configuration: IP-Only (No DNS, No SSL)
# Access allocator via public IP address over HTTP
db:
dbname: "lablink_db"
user: "lablink"
password: "PLACEHOLDER_DB_PASSWORD"
host: "localhost"
port: 5432
table_name: "vms"
message_channel: "vm_updates"
machine:
machine_type: "g4dn.xlarge"
image: "ghcr.io/talmolab/lablink-client-base-image:linux-amd64-latest-test"
ami_id: "ami-0601752c11b394251" # us-west-2
repository: "https://github.com/talmolab/sleap-tutorial-data.git"
software: "sleap"
extension: "slp"
allocator:
image_tag: "linux-amd64-latest-test"
app:
admin_user: "admin"
admin_password: "PLACEHOLDER_ADMIN_PASSWORD"
region: "us-west-2"
dns:
enabled: false
terraform_managed: false
domain: ""
zone_id: ""
eip:
strategy: "dynamic"
tag_name: "lablink-eip"
ssl:
provider: "none"
email: ""
certificate_arn: ""
startup_script:
enabled: false
path: "config/custom-startup.sh"
on_error: "continue"
monitoring:
enabled: false
email: ""
thresholds:
max_instances_per_5min: 10
max_terminations_per_5min: 20
max_unauthorized_calls_per_15min: 5
budget:
enabled: false
monthly_budget_usd: 500
cloudtrail:
retention_days: 90
bucket_name: "tf-state-lablink-YOURORG"Use Caddy as a reverse proxy with automatic SSL. Three options depending on your DNS provider and management preference.
=== "Let's Encrypt (Terraform DNS)"
Route53 DNS records managed automatically by Terraform. Caddy obtains Let's Encrypt certificates.
!!! warning "Rate limits"
Let's Encrypt allows **5 certificates per exact domain every 7 days**. Each `terraform apply` triggers a new certificate. For frequent testing, use [CloudFlare](#caddy-ssl) or [IP Only](#ip-only) instead.
**Prerequisites:**
- Route53 hosted zone created (e.g., `lablink.example.com`)
- Domain nameservers pointed to Route53
**Access URL:** `https://test.lablink.example.com`
```yaml
# LabLink Configuration: Route53 + Let's Encrypt (Terraform-managed DNS)
db:
dbname: "lablink_db"
user: "lablink"
password: "PLACEHOLDER_DB_PASSWORD"
host: "localhost"
port: 5432
table_name: "vms"
message_channel: "vm_updates"
machine:
machine_type: "g4dn.xlarge"
image: "ghcr.io/talmolab/lablink-client-base-image:linux-amd64-latest-test"
ami_id: "ami-0601752c11b394251" # us-west-2
repository: "https://github.com/talmolab/sleap-tutorial-data.git"
software: "sleap"
extension: "slp"
allocator:
image_tag: "linux-amd64-latest-test"
app:
admin_user: "admin"
admin_password: "PLACEHOLDER_ADMIN_PASSWORD"
region: "us-west-2"
dns:
enabled: true
terraform_managed: true
domain: "test.lablink.example.com"
zone_id: ""
eip:
strategy: "persistent"
tag_name: "lablink-eip"
ssl:
provider: "letsencrypt"
email: "admin@example.com"
certificate_arn: ""
startup_script:
enabled: false
path: "config/custom-startup.sh"
on_error: "continue"
monitoring:
enabled: false
email: ""
thresholds:
max_instances_per_5min: 10
max_terminations_per_5min: 20
max_unauthorized_calls_per_15min: 5
budget:
enabled: false
monthly_budget_usd: 500
cloudtrail:
retention_days: 90
bucket_name: "tf-state-lablink-YOURORG"
```
=== "Let's Encrypt (Manual DNS)"
Route53 DNS with manually created A records. Useful when you don't want Terraform managing DNS records.
!!! warning "Rate limits"
Same Let's Encrypt rate limits apply. See the Terraform DNS tab for details.
**Prerequisites:**
- Route53 hosted zone created
- Manually create A record: `test.lablink.example.com` pointing to the allocator EIP
**Access URL:** `https://test.lablink.example.com`
```yaml
# LabLink Configuration: Route53 + Let's Encrypt (Manual DNS)
db:
dbname: "lablink_db"
user: "lablink"
password: "PLACEHOLDER_DB_PASSWORD"
host: "localhost"
port: 5432
table_name: "vms"
message_channel: "vm_updates"
machine:
machine_type: "g4dn.xlarge"
image: "ghcr.io/talmolab/lablink-client-base-image:linux-amd64-latest-test"
ami_id: "ami-0601752c11b394251" # us-west-2
repository: "https://github.com/talmolab/sleap-tutorial-data.git"
software: "sleap"
extension: "slp"
allocator:
image_tag: "linux-amd64-latest-test"
app:
admin_user: "admin"
admin_password: "PLACEHOLDER_ADMIN_PASSWORD"
region: "us-west-2"
dns:
enabled: true
terraform_managed: false
domain: "test.lablink.example.com"
zone_id: ""
eip:
strategy: "persistent"
tag_name: "lablink-eip"
ssl:
provider: "letsencrypt"
email: "admin@example.com"
certificate_arn: ""
startup_script:
enabled: false
path: "config/custom-startup.sh"
on_error: "continue"
monitoring:
enabled: false
email: ""
thresholds:
max_instances_per_5min: 10
max_terminations_per_5min: 20
max_unauthorized_calls_per_15min: 5
budget:
enabled: false
monthly_budget_usd: 500
cloudtrail:
retention_days: 90
bucket_name: "tf-state-lablink-YOURORG"
```
=== "CloudFlare"
Use CloudFlare for DNS management and SSL termination. No rate limits on certificate issuance.
!!! tip "No rate limits"
CloudFlare SSL has no certificate issuance limits. Ideal for frequent testing and redeployments.
**Prerequisites:**
- Domain registered and managed in CloudFlare
- CloudFlare proxy enabled (orange cloud icon)
**Access URL:** `https://lablink.example.com`
```yaml
# LabLink Configuration: CloudFlare DNS + SSL
db:
dbname: "lablink_db"
user: "lablink"
password: "PLACEHOLDER_DB_PASSWORD"
host: "localhost"
port: 5432
table_name: "vms"
message_channel: "vm_updates"
machine:
machine_type: "g4dn.xlarge"
image: "ghcr.io/talmolab/lablink-client-base-image:linux-amd64-latest-test"
ami_id: "ami-0601752c11b394251" # us-west-2
repository: "https://github.com/talmolab/sleap-tutorial-data.git"
software: "sleap"
extension: "slp"
allocator:
image_tag: "linux-amd64-latest-test"
app:
admin_user: "admin"
admin_password: "PLACEHOLDER_ADMIN_PASSWORD"
region: "us-west-2"
dns:
enabled: true
terraform_managed: false
domain: "lablink.example.com"
zone_id: ""
eip:
strategy: "persistent"
tag_name: "lablink-eip"
ssl:
provider: "cloudflare"
email: ""
certificate_arn: ""
startup_script:
enabled: false
path: "config/custom-startup.sh"
on_error: "continue"
monitoring:
enabled: false
email: ""
thresholds:
max_instances_per_5min: 10
max_terminations_per_5min: 20
max_unauthorized_calls_per_15min: 5
budget:
enabled: false
monthly_budget_usd: 500
cloudtrail:
retention_days: 90
bucket_name: "tf-state-lablink-YOURORG"
```
Use AWS Application Load Balancer with ACM-managed SSL certificates. Enterprise-grade setup with no rate limits.
!!! note "Additional cost" ALB adds approximately ~$20/month but provides enterprise-grade SSL termination and scalability.
Prerequisites:
- Route53 hosted zone created
- ACM certificate requested and validated for your domain
- Certificate ARN obtained from ACM console
Access URL: https://lablink.example.com
# LabLink Configuration: Route53 + ACM (AWS Certificate Manager)
db:
dbname: "lablink_db"
user: "lablink"
password: "PLACEHOLDER_DB_PASSWORD"
host: "localhost"
port: 5432
table_name: "vms"
message_channel: "vm_updates"
machine:
machine_type: "g4dn.xlarge"
image: "ghcr.io/talmolab/lablink-client-base-image:linux-amd64-latest-test"
ami_id: "ami-0601752c11b394251" # us-west-2
repository: "https://github.com/talmolab/sleap-tutorial-data.git"
software: "sleap"
extension: "slp"
allocator:
image_tag: "linux-amd64-latest-test"
app:
admin_user: "admin"
admin_password: "PLACEHOLDER_ADMIN_PASSWORD"
region: "us-west-2"
dns:
enabled: true
terraform_managed: true
domain: "lablink.example.com"
zone_id: ""
eip:
strategy: "persistent"
tag_name: "lablink-eip"
ssl:
provider: "acm"
email: ""
certificate_arn: "arn:aws:acm:us-west-2:123456789012:certificate/abcd1234-5678-90ab-cdef-EXAMPLE11111"
startup_script:
enabled: false
path: "config/custom-startup.sh"
on_error: "continue"
monitoring:
enabled: false
email: ""
thresholds:
max_instances_per_5min: 10
max_terminations_per_5min: 20
max_unauthorized_calls_per_15min: 5
budget:
enabled: false
monthly_budget_usd: 500
cloudtrail:
retention_days: 90
bucket_name: "tf-state-lablink-YOURORG"| Field | IP Only | Let's Encrypt | CloudFlare | ACM |
|---|---|---|---|---|
dns.enabled |
false |
true |
true |
true |
dns.terraform_managed |
false |
true / false |
false |
true |
eip.strategy |
dynamic |
persistent |
persistent |
persistent |
ssl.provider |
none |
letsencrypt |
cloudflare |
acm |
ssl.email |
-- | required | -- | -- |
ssl.certificate_arn |
-- | -- | -- | required |
- Adapting LabLink: Customize for your research software
- Deployment: Deploy with your configuration
- Security & Access: Secure your configuration values