unosk · November 8, 2015 07:38
diff --git a/.gitignore b/.gitignore
 .terraform/
diff --git a/elb.tf b/elb.tf
 resource "aws_elb" "web" {
  name            = "${var.project}-web"
  subnets         = ["${aws_subnet.public.*.id}"]
  security_groups = ["${aws_security_group.elb.id}"]
  instances       = ["${aws_instance.web.*.id}"]
  listener {
    instance_port     = 80
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }
  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 2
    timeout             = 5
    target              = "HTTP:80/"
    interval            = 30
  }
  tags {
    Project = "${var.project}"
  }
 }
diff --git a/iam.tf b/iam.tf
 resource "aws_iam_user" "app" {
  name = "${var.project}-app"
  path = "/"
 }

 resource "aws_iam_access_key" "app" {
  user = "${aws_iam_user.app.name}"
 }

 resource "aws_iam_user_policy" "app" {
  name   = "${var.project}-app"
  user   = "${aws_iam_user.app.name}"
  policy = <<POLICY
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::${aws_s3_bucket.main.id}",
        "arn:aws:s3:::${aws_s3_bucket.main.id}/*"
      ]
    }
  ]
 }
 POLICY
 }
diff --git a/instance.tf b/instance.tf
 resource "aws_instance" "web" {
  ami                    = "${var.ami}"
  instance_type          = "t2.micro"
  key_name               = "${aws_key_pair.deploy.key_name}"
  subnet_id              = "${aws_subnet.public.0.id}"
  vpc_security_group_ids = ["${aws_security_group.web.id}"]
  tags {
    Name    = "${var.project}-web"
    Project = "${var.project}"
  }
 }

 resource "aws_eip" "web" {
  instance = "${aws_instance.web.id}"
  vpc      = true
 }
diff --git a/key_pair.tf b/key_pair.tf
 resource "aws_key_pair" "deploy" {
  key_name = "${var.project}-deploy"
  public_key = "${file("ssh/id_rsa.pub")}"
 }
diff --git a/main.tf b/main.tf
 provider "aws" {
 }
diff --git a/output.tf b/output.tf
 output "access_key_id" {
  value = "${aws_iam_access_key.app.id}"
 }
 output "secret_access_key" {
  value = "${aws_iam_access_key.app.secret}"
 }
diff --git a/Rakefile b/Rakefile
 task :environment do
  errors = []
  %w(
    ATLAS_TOKEN
    AWS_ACCESS_KEY_ID
    AWS_SECRET_ACCESS_KEY
    AWS_DEFAULT_REGION
  ).each do |name|
    errors << name if ENV[name].nil?
  end

  if errors.any?
    abort "One or more environment variables are empty: #{errors.join(', ')}"
  end
 end

 task configure: :environment do
  sh 'terraform remote config -backend=atlas -backend-config="name=unosk/smart2channel"'
 end

 desc 'terraform plan'
 task plan: :configure do
  sh 'terraform plan -var "remote_safety_guard=1"'
 end

 desc 'terraform apply'
 task apply: :configure do
  sh 'terraform apply -var "remote_safety_guard=1"'
 end

 task default: :plan
diff --git a/route_53.tf b/route_53.tf
 resource "aws_route53_zone" "main" {
  name = "smart2channel.com"
  tags {
    Project = "${var.project}"
  }
 }

 resource "aws_route53_record" "main" {
  zone_id = "${aws_route53_zone.main.zone_id}"
  name    = "smart2channel.com"
  type    = "A"
  alias {
    name    = "${aws_elb.web.dns_name}"
    zone_id = "${aws_elb.web.zone_id}"
    evaluate_target_health = true
  }
 }

 resource "aws_route53_record" "node" {
   zone_id = "${aws_route53_zone.main.zone_id}"
   name    = "node.smart2channel.com"
   type    = "A"
   ttl     = "300"
   records = ["${aws_eip.web.public_ip}"]
 }
diff --git a/s3.tf b/s3.tf
 resource "aws_s3_bucket" "main" {
  bucket = "smart2channel"
  acl    = "private"
  tags {
    Project = "${var.project}"
  }
 }
diff --git a/security_group.tf b/security_group.tf
 resource "aws_security_group" "elb" {
  vpc_id = "${aws_vpc.main.id}"
  name   = "${var.project}-elb"
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags {
    Name    = "${var.project}-elb"
    Project = "${var.project}"
  }
 }

 resource "aws_security_group" "web" {
  vpc_id = "${aws_vpc.main.id}"
  name   = "${var.project}-web"
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags {
    Name    = "${var.project}-web"
    Project = "${var.project}"
  }
 }

 resource "aws_security_group_rule" "web_http" {
  type                     = "ingress"
  from_port                = 80
  to_port                  = 80
  protocol                 = "tcp"
  security_group_id        = "${aws_security_group.web.id}"
  source_security_group_id = "${aws_security_group.elb.id}"
 }
diff --git a/variables.tf b/variables.tf
 variable "project" {
  default = "smart2channel"
 }

 variable "availability_zones" {
  default = {
    "0" = "ap-northeast-1a"
    "1" = "ap-northeast-1c"
  }
 }
 variable "availability_zones_count" {
  default = 2
 }

 variable "ami" {
  default = "ami-a03859a0"
 }

 variable "remote_safety_guard" {}
diff --git a/vpc.tf b/vpc.tf
 resource "aws_vpc" "main" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_hostnames = true
  tags {
    Name    = "${var.project}"
    Project = "${var.project}"
  }
 }

 resource "aws_subnet" "public" {
  count                   = "${var.availability_zones_count}"
  vpc_id                  = "${aws_vpc.main.id}"
  cidr_block              = "${format("10.0.%d.0/24", count.index)}"
  availability_zone       = "${lookup(var.availability_zones, count.index)}"
  map_public_ip_on_launch = true
  tags {
    Name    = "${var.project}-public-${count.index}"
    Project = "${var.project}"
  }
 }

 resource "aws_subnet" "private" {
  count                   = "${var.availability_zones_count}"
  vpc_id                  = "${aws_vpc.main.id}"
  cidr_block              = "${format("10.0.%d.0/24", count.index + 100)}"
  availability_zone       = "${lookup(var.availability_zones, count.index)}"
  map_public_ip_on_launch = false
  tags {
    Name    = "${var.project}-private-${count.index}"
    Project = "${var.project}"
  }
 }

 resource "aws_internet_gateway" "main" {
  vpc_id = "${aws_vpc.main.id}"
  tags {
    Name    = "${var.project}"
    Project = "${var.project}"
  }
 }

 resource "aws_route_table" "public" {
  vpc_id = "${aws_vpc.main.id}"
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.main.id}"
  }
  tags {
    Name    = "${var.project}-public"
    Project = "${var.project}"
  }
 }

 resource "aws_route_table" "private" {
  vpc_id = "${aws_vpc.main.id}"
  tags {
    Name    = "${var.project}-private"
    Project = "${var.project}"
  }
 }

 resource "aws_route_table_association" "public" {
  count          = "${var.availability_zones_count}"
  subnet_id      = "${element(aws_subnet.public.*.id, count.index)}"
  route_table_id = "${aws_route_table.public.id}"
 }

 resource "aws_route_table_association" "private" {
  count          = "${var.availability_zones_count}"
  subnet_id      = "${element(aws_subnet.private.*.id, count.index)}"
  route_table_id = "${aws_route_table.private.id}"
 }
	resource "aws_elb" "web" {
	name = "${var.project}-web"
	subnets = ["${aws_subnet.public.*.id}"]
	security_groups = ["${aws_security_group.elb.id}"]
	instances = ["${aws_instance.web.*.id}"]
	listener {
	instance_port = 80
	instance_protocol = "http"
	lb_port = 80
	lb_protocol = "http"
	}
	health_check {
	healthy_threshold = 2
	unhealthy_threshold = 2
	timeout = 5
	target = "HTTP:80/"
	interval = 30
	}
	tags {
	Project = "${var.project}"
	}
	}
	resource "aws_iam_user" "app" {
	name = "${var.project}-app"
	path = "/"
	}

	resource "aws_iam_access_key" "app" {
	user = "${aws_iam_user.app.name}"
	}

	resource "aws_iam_user_policy" "app" {
	name = "${var.project}-app"
	user = "${aws_iam_user.app.name}"
	policy = <<POLICY
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"s3:*"
	],
	"Resource": [
	"arn:aws:s3:::${aws_s3_bucket.main.id}",
	"arn:aws:s3:::${aws_s3_bucket.main.id}/*"
	]
	}
	]
	}
	POLICY
	}
	resource "aws_instance" "web" {
	ami = "${var.ami}"
	instance_type = "t2.micro"
	key_name = "${aws_key_pair.deploy.key_name}"
	subnet_id = "${aws_subnet.public.0.id}"
	vpc_security_group_ids = ["${aws_security_group.web.id}"]
	tags {
	Name = "${var.project}-web"
	Project = "${var.project}"
	}
	}

	resource "aws_eip" "web" {
	instance = "${aws_instance.web.id}"
	vpc = true
	}
	resource "aws_key_pair" "deploy" {
	key_name = "${var.project}-deploy"
	public_key = "${file("ssh/id_rsa.pub")}"
	}
	output "access_key_id" {
	value = "${aws_iam_access_key.app.id}"
	}
	output "secret_access_key" {
	value = "${aws_iam_access_key.app.secret}"
	}
	task :environment do
	errors = []
	%w(
	ATLAS_TOKEN
	AWS_ACCESS_KEY_ID
	AWS_SECRET_ACCESS_KEY
	AWS_DEFAULT_REGION
	).each do \|name\|
	errors << name if ENV[name].nil?
	end

	if errors.any?
	abort "One or more environment variables are empty: #{errors.join(', ')}"
	end
	end

	task configure: :environment do
	sh 'terraform remote config -backend=atlas -backend-config="name=unosk/smart2channel"'
	end

	desc 'terraform plan'
	task plan: :configure do
	sh 'terraform plan -var "remote_safety_guard=1"'
	end

	desc 'terraform apply'
	task apply: :configure do
	sh 'terraform apply -var "remote_safety_guard=1"'
	end

	task default: :plan
	resource "aws_route53_zone" "main" {
	name = "smart2channel.com"
	tags {
	Project = "${var.project}"
	}
	}

	resource "aws_route53_record" "main" {
	zone_id = "${aws_route53_zone.main.zone_id}"
	name = "smart2channel.com"
	type = "A"
	alias {
	name = "${aws_elb.web.dns_name}"
	zone_id = "${aws_elb.web.zone_id}"
	evaluate_target_health = true
	}
	}

	resource "aws_route53_record" "node" {
	zone_id = "${aws_route53_zone.main.zone_id}"
	name = "node.smart2channel.com"
	type = "A"
	ttl = "300"
	records = ["${aws_eip.web.public_ip}"]
	}
	resource "aws_s3_bucket" "main" {
	bucket = "smart2channel"
	acl = "private"
	tags {
	Project = "${var.project}"
	}
	}
	resource "aws_security_group" "elb" {
	vpc_id = "${aws_vpc.main.id}"
	name = "${var.project}-elb"
	ingress {
	from_port = 80
	to_port = 80
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	ingress {
	from_port = 443
	to_port = 443
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	tags {
	Name = "${var.project}-elb"
	Project = "${var.project}"
	}
	}

	resource "aws_security_group" "web" {
	vpc_id = "${aws_vpc.main.id}"
	name = "${var.project}-web"
	ingress {
	from_port = 22
	to_port = 22
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	tags {
	Name = "${var.project}-web"
	Project = "${var.project}"
	}
	}

	resource "aws_security_group_rule" "web_http" {
	type = "ingress"
	from_port = 80
	to_port = 80
	protocol = "tcp"
	security_group_id = "${aws_security_group.web.id}"
	source_security_group_id = "${aws_security_group.elb.id}"
	}
	variable "project" {
	default = "smart2channel"
	}

	variable "availability_zones" {
	default = {
	"0" = "ap-northeast-1a"
	"1" = "ap-northeast-1c"
	}
	}
	variable "availability_zones_count" {
	default = 2
	}

	variable "ami" {
	default = "ami-a03859a0"
	}

	variable "remote_safety_guard" {}