Created
September 16, 2020 21:30
-
-
Save tomfa/b4236ed2776cca5b756251d08e31a226 to your computer and use it in GitHub Desktop.
Draft EC2 instance with RDS using Terraform.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # TODO: THIS FILE MIGHT HAVE TO GO TO OWN FOLDER database/main.tf | |
| variable "security_group_ids" { | |
| description = "Ids of VPC Security groups" | |
| type = list(string) | |
| } | |
| variable "database_password" { | |
| description = "Enter a new root SQL password. This variable is ignored if the DB is already set up." | |
| type = string | |
| } | |
| variable "subnet_ids" { | |
| description = "Ids to subnets" | |
| type = list(string) | |
| } | |
| module "rds" { | |
| source = "terraform-aws-modules/rds/aws" | |
| version = "~> 2.0" | |
| identifier = "passboltdb" | |
| # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt | |
| engine = "mysql" | |
| engine_version = "5.7.19" | |
| instance_class = "db.t3.micro" | |
| allocated_storage = 5 | |
| storage_encrypted = false | |
| # kms_key_id = "arm:aws:kms:<region>:<accound id>:key/<kms key id>" | |
| name = "passboltdb" | |
| username = "passboltuser" | |
| password = var.database_password | |
| port = "3306" | |
| vpc_security_group_ids = var.security_group_ids | |
| maintenance_window = "Mon:00:00-Mon:03:00" | |
| backup_window = "03:00-06:00" | |
| multi_az = true | |
| # disable backups to create DB faster | |
| backup_retention_period = 0 | |
| tags = { | |
| Owner = "user" | |
| Environment = "passbolt-prod" | |
| } | |
| enabled_cloudwatch_logs_exports = ["audit", "general"] | |
| # DB subnet group | |
| subnet_ids = var.subnet_ids | |
| # DB parameter group | |
| family = "mysql5.7" | |
| # DB option group | |
| major_engine_version = "5.7" | |
| # Snapshot name upon DB deletion | |
| final_snapshot_identifier = "passboltdb" | |
| # Database Deletion Protection | |
| deletion_protection = true | |
| parameters = [ | |
| { | |
| name = "character_set_client" | |
| value = "utf8" | |
| }, | |
| { | |
| name = "character_set_server" | |
| value = "utf8" | |
| } | |
| ] | |
| options = [ | |
| { | |
| option_name = "MARIADB_AUDIT_PLUGIN" | |
| option_settings = [ | |
| { | |
| name = "SERVER_AUDIT_EVENTS" | |
| value = "CONNECT" | |
| }, | |
| { | |
| name = "SERVER_AUDIT_FILE_ROTATIONS" | |
| value = "37" | |
| }, | |
| ] | |
| }, | |
| ] | |
| } | |
| output "this_db_instance_address" { | |
| description = "The address of the RDS instance" | |
| value = module.rds.this_db_instance_address | |
| } | |
| output "this_db_instance_arn" { | |
| description = "The ARN of the RDS instance" | |
| value = module.rds.this_db_instance_arn | |
| } | |
| output "this_db_instance_availability_zone" { | |
| description = "The availability zone of the RDS instance" | |
| value = module.rds.this_db_instance_availability_zone | |
| } | |
| output "this_db_instance_endpoint" { | |
| description = "The connection endpoint" | |
| value = module.rds.this_db_instance_endpoint | |
| } | |
| output "this_db_instance_hosted_zone_id" { | |
| description = "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record)" | |
| value = module.rds.this_db_instance_hosted_zone_id | |
| } | |
| output "this_db_instance_id" { | |
| description = "The RDS instance ID" | |
| value = module.rds.this_db_instance_id | |
| } | |
| output "this_db_instance_resource_id" { | |
| description = "The RDS Resource ID of this instance" | |
| value = module.rds.this_db_instance_resource_id | |
| } | |
| output "this_db_instance_status" { | |
| description = "The RDS instance status" | |
| value = module.rds.this_db_instance_status | |
| } | |
| output "this_db_instance_name" { | |
| description = "The database name" | |
| value = module.rds.this_db_instance_name | |
| } | |
| output "this_db_instance_username" { | |
| description = "The master username for the database" | |
| value = module.rds.this_db_instance_username | |
| } | |
| output "this_db_instance_password" { | |
| description = "The database password (this password may be old, because Terraform doesn't track it after initial creation)" | |
| value = module.rds.this_db_instance_password | |
| } | |
| output "this_db_instance_port" { | |
| description = "The database port" | |
| value = module.rds.this_db_instance_port | |
| } | |
| output "this_db_subnet_group_id" { | |
| description = "The db subnet group name" | |
| value = module.rds.this_db_subnet_group_id | |
| } | |
| output "this_db_subnet_group_arn" { | |
| description = "The ARN of the db subnet group" | |
| value = module.rds.this_db_subnet_group_arn | |
| } | |
| output "this_db_parameter_group_id" { | |
| description = "The db parameter group id" | |
| value = module.rds.this_db_parameter_group_id | |
| } | |
| output "this_db_parameter_group_arn" { | |
| description = "The ARN of the db parameter group" | |
| value = module.rds.this_db_parameter_group_arn | |
| } | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| provider "aws" { | |
| region = "eu-north-1" | |
| } | |
| resource "aws_key_pair" "passbolt" { | |
| key_name = "passbolt-key" | |
| public_key = "ssh-rsa 2134EXAMPLEqdNQ6GziBC6n8B9TvftGvHsKTYKQdVygP0+04qsV0XEVInl2iFbsmh/7/jnzvpyn4f17GJIfnTA/OEbVi8dmERctOv3tS7P3AhCU8eVXPVlgZwZyILGysK62wrr7Mg5jVHL/94Tr51P3G2yKkb0tonSnt7ENKywU7ndOiGYTsOwlvXXpt37mADmrkzPZMABwkEexxOlfYaVqUfvHtcKFd0MnuQrGRZ0oxzsluB3UkLNVvpwCK59bF4FhLE1aTclqNBseddPSf8Hr+yjInGq1v187w7OHSvzu7XrBnTGaFXav452Xcn/2BqbXMo9XSTWgvtFYfjOdqQGrci1bopK4RgKDJxvdJ4iTBkWDPqCGSfz8ADMjjERso3tedGsHXqx27Wxt0LMlu4ebBWp1W42zaDnLHRRAFl00j1uDogJ6qilQpXiVdtin4BQ8u71Vhl87U1dJc2h6HSYK2maUPOrei/zYiS82NRmpEt0WyBL02dv69LVY+7UuhtaUTLs= [email protected]" | |
| } | |
| variable "database_password" { | |
| description = "Root SQL password" | |
| } | |
| variable "instances_number" { | |
| default = 1 | |
| } | |
| data "aws_vpc" "default" { | |
| default = true | |
| } | |
| data "aws_subnet_ids" "all" { | |
| vpc_id = data.aws_vpc.default.id | |
| } | |
| data "aws_ami" "amazon_linux" { | |
| most_recent = true | |
| owners = ["amazon"] | |
| filter { | |
| name = "name" | |
| values = [ | |
| "amzn2-ami-hvm-*-x86_64-gp2", | |
| ] | |
| } | |
| filter { | |
| name = "owner-alias" | |
| values = [ | |
| "amazon", | |
| ] | |
| } | |
| } | |
| module "rds_security_group" { | |
| source = "terraform-aws-modules/security-group/aws" | |
| version = "~> 3.0" | |
| name = "rds" | |
| description = "Security group allowing inbound sql connection from vpc" | |
| vpc_id = data.aws_vpc.default.id | |
| ingress_cidr_blocks = ["0.0.0.0/0"] | |
| ingress_rules = ["mysql-tcp", "all-icmp"] | |
| egress_rules = ["all-all"] | |
| } | |
| module "security_group" { | |
| source = "terraform-aws-modules/security-group/aws" | |
| version = "~> 3.0" | |
| name = "ec2" | |
| description = "Security group allowing http(s) and ssh" | |
| vpc_id = data.aws_vpc.default.id | |
| ingress_cidr_blocks = ["0.0.0.0/0"] | |
| ingress_rules = ["http-80-tcp", "https-443-tcp", "ssh-tcp", "all-icmp"] | |
| egress_rules = ["all-all"] | |
| } | |
| module "ec2" { | |
| source = "terraform-aws-modules/ec2-instance/aws" | |
| version = "~> 2.0" | |
| instance_count = var.instances_number | |
| name = "passbolt" | |
| ami = data.aws_ami.amazon_linux.id | |
| key_name = aws_key_pair.passbolt.key_name | |
| instance_type = "t3.micro" | |
| subnet_id = tolist(data.aws_subnet_ids.all.ids)[0] | |
| vpc_security_group_ids = [module.security_group.this_security_group_id] | |
| associate_public_ip_address = true | |
| } | |
| resource "aws_volume_attachment" "this_ec2" { | |
| count = var.instances_number | |
| device_name = "/dev/sdh" | |
| volume_id = aws_ebs_volume.this[count.index].id | |
| instance_id = module.ec2.id[count.index] | |
| } | |
| module "database" { | |
| # TODO: THIS MIGHT HAVE TO CHANGE TO ./database | |
| source = "./database.tf" | |
| security_group_ids = [module.rds_security_group.this_security_group_id] | |
| database_password = var.database_password | |
| subnet_ids = tolist(data.aws_subnet_ids.all.ids) | |
| } | |
| resource "aws_ebs_volume" "this" { | |
| count = var.instances_number | |
| availability_zone = module.ec2.availability_zone[count.index] | |
| size = 1 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| output "instances_public_ips" { | |
| description = "Public IPs assigned to the EC2 instance" | |
| value = module.ec2.public_ip | |
| } | |
| output "ebs_volume_attachment_id" { | |
| description = "The volume ID" | |
| value = aws_volume_attachment.this_ec2.*.volume_id | |
| } | |
| output "ebs_volume_attachment_instance_id" { | |
| description = "The instance ID" | |
| value = aws_volume_attachment.this_ec2.*.instance_id | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment