Created
May 2, 2016 20:09
-
-
Save swade1987/7ac130cecde9f40454b53bb5fc820f6d to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resource "aws_security_group" "bamboo_elb" { | |
| name = "bamboo-ui-elb-sg" | |
| description = "Security group for the bamboo UI ELBs" | |
| vpc_id = "${var.vpc_id}" | |
| tags { | |
| Name = "bamboo (ELB)" | |
| } | |
| # Bamboo traffic - HTTP | |
| ingress { | |
| from_port = 80 | |
| to_port = 80 | |
| protocol = "tcp" | |
| cidr_blocks = ["${var.ingress_cidr_blocks}"] | |
| } | |
| egress { | |
| from_port = 80 | |
| to_port = 80 | |
| protocol = "tcp" | |
| cidr_blocks = ["${var.ingress_cidr_blocks}"] | |
| } | |
| # Bamboo traffic - HTTPS | |
| ingress { | |
| from_port = 443 | |
| to_port = 443 | |
| protocol = "tcp" | |
| cidr_blocks = ["${var.ingress_cidr_blocks}"] | |
| } | |
| egress { | |
| from_port = 443 | |
| to_port = 443 | |
| protocol = "tcp" | |
| cidr_blocks = ["${var.ingress_cidr_blocks}"] | |
| } | |
| } | |
| resource "aws_security_group" "bamboo_server" { | |
| name = "bamboo-server-sg" | |
| description = "Security group for bamboo Server instances" | |
| vpc_id = "${var.vpc_id}" | |
| tags { | |
| Name = "bamboo Server (Instance)" | |
| } | |
| # SSH | |
| ingress { | |
| from_port = 22 | |
| to_port = 22 | |
| protocol = "tcp" | |
| cidr_blocks = ["${var.ingress_cidr_blocks}"] | |
| } | |
| # Bamboo traffic from the ELB | |
| ingress { | |
| from_port = 8085 | |
| to_port = 8085 | |
| protocol = "tcp" | |
| security_groups = ["${aws_elb.bamboo_elb.source_security_group_id}"] | |
| } | |
| egress { | |
| from_port = 8085 | |
| to_port = 8085 | |
| protocol = "tcp" | |
| cidr_blocks = ["${var.ingress_cidr_blocks}"] | |
| } | |
| } | |
| resource "aws_iam_role" "bamboo_server" { | |
| name = "bambooServer" | |
| assume_role_policy = "${file("${path.module}/policies/assume-role-policy.json")}" | |
| } | |
| resource "aws_iam_role_policy" "bamboo_server" { | |
| name = "BambooServer" | |
| role = "${aws_iam_role.bamboo_server.id}" | |
| policy = "${file("${path.module}/policies/bamboo-server-policy.json")}" | |
| } | |
| resource "aws_iam_instance_profile" "bamboo_server" { | |
| name = "BambooServer" | |
| roles = ["${aws_iam_role.bamboo_server.name}"] | |
| } | |
| resource "aws_iam_server_certificate" "bamboo_cert" { | |
| name_prefix = "bamboo-cert" | |
| certificate_body = "${file("${path.module}/ssl/bamboo-certificate.pem")}" | |
| private_key = "${file("${path.module}/ssl/bamboo-private-key.pem")}" | |
| lifecycle { | |
| create_before_destroy = true | |
| } | |
| } | |
| resource "aws_elb" "bamboo_elb" { | |
| name = "bamboo-elb" | |
| subnets = ["${split(",", var.public_subnets)}"] | |
| security_groups = ["${aws_security_group.bamboo_elb.id}"] | |
| cross_zone_load_balancing = true | |
| connection_draining = true | |
| # Bamboo traffic - HTTP 80 -> 8085 | |
| listener { | |
| lb_port = 80 | |
| lb_protocol = "http" | |
| instance_port = 8085 | |
| instance_protocol = "http" | |
| } | |
| # Bamboo traffic - HTTPS 443 -> 8085 | |
| listener { | |
| lb_port = 443 | |
| lb_protocol = "https" | |
| instance_port = 8085 | |
| instance_protocol = "http" | |
| ssl_certificate_id = "${aws_iam_server_certificate.bamboo_cert.arn}" | |
| } | |
| health_check { | |
| healthy_threshold = 2 | |
| unhealthy_threshold = 2 | |
| interval = 10 | |
| target = "TCP:8085/" | |
| timeout = 5 | |
| } | |
| } | |
| resource "aws_route53_record" "bamboo-server" { | |
| zone_id = "Z3820KW3201KHJ" | |
| name = "${var.domain_name}" | |
| type = "A" | |
| alias { | |
| name = "${aws_elb.bamboo_elb.dns_name}" | |
| zone_id = "${aws_elb.bamboo_elb.zone_id}" | |
| evaluate_target_health = true | |
| } | |
| } | |
| resource "aws_launch_configuration" "bamboo_server" { | |
| image_id = "${var.ami}" | |
| instance_type = "${var.instance_type}" | |
| security_groups = ["${aws_security_group.bamboo_server.id}"] | |
| associate_public_ip_address = false | |
| ebs_optimized = false | |
| key_name = "${var.key_name}" | |
| iam_instance_profile = "${aws_iam_instance_profile.bamboo_server.id}" | |
| lifecycle {create_before_destroy = true} | |
| } | |
| resource "aws_autoscaling_group" "bamboo_server" { | |
| launch_configuration = "${aws_launch_configuration.bamboo_server.id}" | |
| vpc_zone_identifier = ["${split(",", var.public_subnets)}"] | |
| health_check_grace_period = "900" | |
| health_check_type = "EC2" | |
| load_balancers = ["${aws_elb.bamboo_elb.name}"] | |
| name = "bamboo-server-autoscaling-group" | |
| max_size = 2 | |
| min_size = 1 | |
| desired_capacity = 1 | |
| default_cooldown = 30 | |
| force_delete = true | |
| tag { | |
| key = "Name" | |
| value = "bamboo-server" | |
| propagate_at_launch = true | |
| } | |
| tag { | |
| key = "role" | |
| value = "bamboo-server" | |
| propagate_at_launch = true | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment