terraform project code

terraform-aws-vprofile-project/README.md

@@ -0,0 +1 @@
+# Terraform code for vprofile project

terraform-aws-vprofile-project/backend-s3.tf

@@ -0,0 +1,7 @@
+terraform {
+  backend "s3" {
+    bucket = "terra-vprofile-state11"
+    key    = "terraform/backend"
+    region = "us-east-2"
+  }
+}

terraform-aws-vprofile-project/backend-services.tf

@@ -0,0 +1,55 @@
+resource "aws_db_subnet_group" "vprofile-rds-subgrp" {
+  name       = "main"
+  subnet_ids = [module.vpc.private_subnets[0], module.vpc.private_subnets[1], module.vpc.private_subnets[2]]
+  tags = {
+    Name = "Subnet group for RDS"
+  }
+}
+
+resource "aws_elasticache_subnet_group" "vprofile-ecache-subgrp" {
+  name       = "vprofile-ecache-subgrp"
+  subnet_ids = [module.vpc.private_subnets[0], module.vpc.private_subnets[1], module.vpc.private_subnets[2]]
+
+}
+
+resource "aws_db_instance" "vprofile-rds" {
+  allocated_storage      = 20
+  storage_type           = "gp2"
+  engine                 = "mysql"
+  engine_version         = "5.6.34"
+  instance_class         = "db.t2.micro"
+  name                   = var.dbname
+  username               = var.dbuser
+  password               = var.dbpass
+  parameter_group_name   = "default.mysql5.6"
+  multi_az               = "false"
+  publicly_accessible    = "false"
+  skip_final_snapshot    = true
+  db_subnet_group_name   = aws_db_subnet_group.vprofile-rds-subgrp.name
+  vpc_security_group_ids = [aws_security_group.vprofile-backend-sg.id]
+}
+
+resource "aws_elasticache_cluster" "vprofile-cache" {
+  cluster_id           = "vprofile-cache"
+  engine               = "memcached"
+  node_type            = "cache.t2.micro"
+  num_cache_nodes      = 1
+  parameter_group_name = "default.memcached1.5"
+  port                 = 11211
+  security_group_ids   = [aws_security_group.vprofile-backend-sg.id]
+  subnet_group_name    = aws_elasticache_subnet_group.vprofile-ecache-subgrp.name
+}
+
+resource "aws_mq_broker" "vprofile-rmq" {
+  broker_name        = "vprofile-rmq"
+  engine_type        = "ActiveMQ"
+  engine_version     = "5.15.0"
+  host_instance_type = "mq.t2.micro"
+  security_groups    = [aws_security_group.vprofile-backend-sg.id]
+  subnet_ids         = [module.vpc.private_subnets[0]]
+
+  user {
+    username = var.rmquser
+    password = var.rmqpass
+  }
+}

terraform-aws-vprofile-project/bastion-host.tf

@@ -0,0 +1,32 @@
+resource "aws_instance" "vprofile-bastion" {
+  ami                    = lookup(var.AMIS, var.AWS_REGION)
+  instance_type          = "t2.micro"
+  key_name               = aws_key_pair.vprofilekey.key_name
+  subnet_id              = module.vpc.public_subnets[0]
+  count                  = var.instance_count
+  vpc_security_group_ids = [aws_security_group.vprofile-bastion-sg.id]
+
+  tags = {
+    Name    = "vprofile-bastion"
+    PROJECT = "vprofile"
+  }
+
+  provisioner "file" {
+    content     = templatefile("templates/db-deploy.tmpl", { rds-endpoint = aws_db_instance.vprofile-rds.address, dbuser = var.dbuser, dbpass = var.dbpass })
+    destination = "/tmp/vprofile-dbdeploy.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "chmod +x /tmp/vprofile-dbdeploy.sh",
+      "sudo /tmp/vprofile-dbdeploy.sh"
+    ]
+  }
+
+  connection {
+    user        = var.USERNAME
+    private_key = file(var.PRIV_KEY_PATH)
+    host        = self.public_ip
+  }
+  depends_on = [aws_db_instance.vprofile-rds]
+}

terraform-aws-vprofile-project/bean-app.tf

@@ -0,0 +1,3 @@
+resource "aws_elastic_beanstalk_application" "vprofile-prod" {
+  name = "vprofile-prod"
+}

terraform-aws-vprofile-project/bean-env.tf

@@ -0,0 +1,135 @@
+resource "aws_elastic_beanstalk_environment" "vprofile-bean-prod" {
+  name                = "vprofile-bean-prod"
+  application         = aws_elastic_beanstalk_application.vprofile-prod.name
+  solution_stack_name = "64bit Amazon Linux 2 v4.1.1 running Tomcat 8.5 Corretto 11"
+  cname_prefix        = "vprofile-bean-prod-domain"
+  setting {
+    name      = "VPCId"
+    namespace = "aws:ec2:vpc"
+    value     = module.vpc.vpc_id
+  }
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "IamInstanceProfile"
+    value     = "aws-elasticbeanstalk-ec2-role"
+  }
+  setting {
+    namespace = "aws:ec2:vpc"
+    name      = "AssociatePublicIpAddress"
+    value     = "false"
+  }
+
+  setting {
+    namespace = "aws:ec2:vpc"
+    name      = "Subnets"
+    value     = join(",", [module.vpc.private_subnets[0], module.vpc.private_subnets[1], module.vpc.private_subnets[2]])
+  }
+  setting {
+    namespace = "aws:ec2:vpc"
+    name      = "ELBSubnets"
+    value     = join(",", [module.vpc.public_subnets[0], module.vpc.public_subnets[1], module.vpc.public_subnets[2]])
+  }
+
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "InstanceType"
+    value     = "t2.micro"
+  }
+
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "EC2KeyName"
+    value     = aws_key_pair.vprofilekey.key_name
+  }
+
+  setting {
+    namespace = "aws:autoscaling:asg"
+    name      = "Availability Zones"
+    value     = "Any 3"
+  }
+  setting {
+    namespace = "aws:autoscaling:asg"
+    name      = "MinSize"
+    value     = "1"
+  }
+  setting {
+    namespace = "aws:autoscaling:asg"
+    name      = "MaxSize"
+    value     = "8"
+  }
+
+  setting {
+    namespace = "aws:elasticbeanstalk:application:environment"
+    name      = "environment"
+    value     = "prod"
+  }
+  setting {
+    namespace = "aws:elasticbeanstalk:application:environment"
+    name      = "LOGGING_APPENDER"
+    value     = "GRAYLOG"
+  }
+  setting {
+    namespace = "aws:elasticbeanstalk:healthreporting:system"
+    name      = "SystemType"
+    value     = "enhanced"
+  }
+  setting {
+    namespace = "aws:autoscaling:updatepolicy:rollingupdate"
+    name      = "RollingUpdateEnabled"
+    value     = "true"
+  }
+  setting {
+    namespace = "aws:autoscaling:updatepolicy:rollingupdate"
+    name      = "RollingUpdateType"
+    value     = "Health"
+  }
+
+  setting {
+    namespace = "aws:autoscaling:updatepolicy:rollingupdate"
+    name      = "MaxBatchSize"
+    value     = "1"
+  }
+  setting {
+    namespace = "aws:elb:loadbalancer"
+    name      = "CrossZone"
+    value     = "true"
+  }
+
+  setting {
+    name      = "StickinessEnabled"
+    namespace = "aws:elasticbeanstalk:environment:process:default"
+    value     = "true"
+  }
+
+  setting {
+    namespace = "aws:elasticbeanstalk:command"
+    name      = "BatchSizeType"
+    value     = "Fixed"
+  }
+
+  setting {
+    namespace = "aws:elasticbeanstalk:command"
+    name      = "BatchSize"
+    value     = "1"
+  }
+  setting {
+    namespace = "aws:elasticbeanstalk:command"
+    name      = "DeploymentPolicy"
+    value     = "Rolling"
+  }
+
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "SecurityGroups"
+    value     = aws_security_group.vprofile-prod-sg.id
+  }
+
+  setting {
+    namespace = "aws:elbv2:loadbalancer"
+    name      = "SecurityGroups"
+    value     = aws_security_group.vprofile-bean-elb-sg.id
+  }
+
+  depends_on = [aws_security_group.vprofile-bean-elb-sg, aws_security_group.vprofile-prod-sg]
+
+}

terraform-aws-vprofile-project/keypairs.tf

@@ -0,0 +1,4 @@
+resource "aws_key_pair" "vprofilekey" {
+  key_name   = "vprofilekey"
+  public_key = file(var.PUB_KEY_PATH)
+}

terraform-aws-vprofile-project/providers.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = var.AWS_REGION
+}

terraform-aws-vprofile-project/secgrp.tf

@@ -0,0 +1,87 @@
+resource "aws_security_group" "vprofile-bean-elb-sg" {
+  name        = "vprofile-bean-elb-sg"
+  description = "Security group for bean-elb"
+  vpc_id      = module.vpc.vpc_id
+  egress {
+    from_port   = 0
+    protocol    = "-1"
+    to_port     = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 80
+    protocol    = "tcp"
+    to_port     = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "vprofile-bastion-sg" {
+  name        = "vprofile-bastion-sg"
+  description = "Security group for bastionisioner ec2 instance"
+  vpc_id      = module.vpc.vpc_id
+  egress {
+    from_port   = 0
+    protocol    = "-1"
+    to_port     = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 22
+    protocol    = "tcp"
+    to_port     = 22
+    cidr_blocks = [var.MYIP]
+  }
+}
+
+resource "aws_security_group" "vprofile-prod-sg" {
+  name        = "vprofile-prod-sg"
+  description = "Security group for beanstalk instances"
+  vpc_id      = module.vpc.vpc_id
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port       = 22
+    protocol        = "tcp"
+    to_port         = 22
+    security_groups = [aws_security_group.vprofile-bastion-sg.id]
+  }
+}
+
+resource "aws_security_group" "vprofile-backend-sg" {
+  name        = "vprofile-backend-sg"
+  description = "Security group for RDS, active mq, elastic cache"
+  vpc_id      = module.vpc.vpc_id
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port       = 0
+    protocol        = "-1"
+    to_port         = 0
+    security_groups = [aws_security_group.vprofile-prod-sg.id]
+  }
+  ingress {
+    from_port       = 3306
+    protocol        = "tcp"
+    to_port         = 3306
+    security_groups = [aws_security_group.vprofile-bastion-sg.id]
+  }
+}
+
+resource "aws_security_group_rule" "sec_group_allow_itself" {
+  type                     = "ingress"
+  from_port                = 0
+  to_port                  = 65535
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.vprofile-backend-sg.id
+  source_security_group_id = aws_security_group.vprofile-backend-sg.id
+}

terraform-aws-vprofile-project/templates/db-deploy.tmpl

@@ -0,0 +1,5 @@
+sudo apt update
+sudo apt install git mysql-client -y
+git clone -b vp-rem https://github.com/devopshydclub/vprofile-project.git
+mysql -h ${rds-endpoint} -u ${dbuser} --password=${dbpass} accounts --ssl-mode=DISABLED < /home/ubuntu/vprofile-project/src/main/resources/db_backup.sql
+