mod 6 started

1-dev-vpc/main.tf

@@ -18,6 +18,12 @@ variable "public_subnets" {
   default = ["10.0.0.0/24", "10.0.1.0/24"]
 }
 
+variable "database_subnets" {
+  type = list(string)
+  default = ["10.0.8.0/24", "10.0.9.0/24"]
+}
+
+
 #############################################################################
 # PROVIDERS
 #############################################################################
@@ -44,9 +50,15 @@ module "vpc" {
   name = "dev-vpc"
   cidr = var.vpc_cidr_range
 
-  azs            = slice(data.aws_availability_zones.azs.names, 0, 1)
+  azs            = slice(data.aws_availability_zones.azs.names, 0, 2)
   public_subnets = var.public_subnets
 
+  # Database subnets
+  database_subnets  = var.database_subnets
+  database_subnet_group_tags = {
+    subnet_type = "database"
+  }
+
   tags = {
     Environment = "dev"
     Team        = "infra"
@@ -61,3 +73,13 @@ module "vpc" {
 output "vpc_id" {
   value = module.vpc.vpc_id
 }
+
+output "db_subnet_group" {
+  value = module.vpc.database_subnet_group
+}
+
+output "public_subnets" {
+  value = module.vpc.public_subnets
+}
+
+

2-sec-vpc/main.tf

@@ -57,7 +57,7 @@ module "vpc" {
   name = "sec-vpc"
   cidr = var.vpc_cidr_range
 
-  azs             = slice(data.aws_availability_zones.azs.names, 0, 1)
+  azs             = slice(data.aws_availability_zones.azs.names, 0, 2)
   public_subnets  = var.public_subnets
   private_subnets = var.private_subnets
   intra_subnets   = var.intra_subnets

3-west-vpc/main.tf

@@ -73,7 +73,7 @@ module "vpc_east" {
   name = "prod-vpc-east"
   cidr = var.vpc_cidr_range_east
 
-  azs            = slice(data.aws_availability_zones.azs_east.names, 0, 1)
+  azs            = slice(data.aws_availability_zones.azs_east.names, 0, 2)
   public_subnets = var.public_subnets_east
 
   providers = {
@@ -95,7 +95,7 @@ module "vpc_west" {
   name = "prod-vpc-west"
   cidr = var.vpc_cidr_range_west
 
-  azs            = slice(data.aws_availability_zones.azs_west.names, 0, 1)
+  azs            = slice(data.aws_availability_zones.azs_west.names, 0, 2)
   public_subnets = var.public_subnets_west
 
   providers = {

6-app-deploy/commands.txt

@@ -0,0 +1,3 @@
+# Create a profile for Joshua McGee
+aws configure --profile app
+

6-app-deploy/main.tf

@@ -0,0 +1,262 @@
+# Deploy an ASG to two public subnets with nginx installed
+
+# Deploy RDS with a replica to two db subnets
+
+##################################################################################
+# VARIABLES
+##################################################################################
+
+variable "region" {
+  type    = string
+  default = "us-east-1"
+}
+
+variable "network_state_bucket" {
+  type = string
+  description = "name of bucket used for network state"
+}
+
+variable "network_state_key" {
+  type = string
+  description = "name of key used for network state"
+  default = "networking/dev-vpc/terraform.tfstate"
+}
+
+variable "network_state_region" {
+  type = string
+  description = "region used for network state"
+  default = "us-east-1"
+}
+
+
+
+
+##################################################################################
+# PROVIDERS
+##################################################################################
+
+provider "aws" {
+  version = "~>2.0"
+  region  = var.region
+  profile = "app"
+}
+
+##################################################################################
+# Data sources
+##################################################################################
+
+data "terraform_remote_state" "network" {
+  backend = "s3"
+  config = {
+    bucket = var.network_state_bucket
+    key    = var.network_state_key
+    region = var.network_state_region
+  }
+}
+
+data "aws_ami" "amazon_linux" {
+  most_recent = true
+  owners      = ["137112412989"] # Amazon
+
+  filter {
+    name = "name"
+
+    values = [
+      "amzn-ami-hvm-*-x86_64-gp2",
+    ]
+  }
+
+  filter {
+    name = "owner-alias"
+
+    values = [
+      "amazon",
+    ]
+  }
+}
+
+
+##################################################################################
+# RESOURCES
+##################################################################################
+
+resource "random_integer" "rand" {
+  min = 10000
+  max = 99999
+}
+
+
+module "rds" {
+  source  = "terraform-aws-modules/rds/aws"
+  version = "2.15.0"
+
+  identifier = "globo-dev-db"
+
+  engine            = "mysql"
+  engine_version    = "5.7.19"
+  instance_class    = "db.t2.large"
+  allocated_storage = 5
+
+  name     = "globo-app-db"
+  username = "globo-admin"
+  password = "YourPwdShouldBeLongAndSecure!"
+  port     = "3306"
+
+  iam_database_authentication_enabled = true
+
+  maintenance_window = "Mon:00:00-Mon:03:00"
+  backup_window      = "03:00-06:00"
+
+  tags = {
+    Owner       = "App"
+    Environment = "dev"
+  }
+
+  # DB subnet group
+  db_subnet_group_name = data.terraform_remote_state.network.database_subnet_group
+
+  # DB parameter group
+  family = "mysql5.7"
+
+  # DB option group
+  major_engine_version = "5.7"
+
+  # Snapshot name upon DB deletion
+  final_snapshot_identifier = "globo-app-db"
+
+  # Database Deletion Protection
+  deletion_protection = false
+
+  parameters = [
+    {
+      name = "character_set_client"
+      value = "utf8"
+    },
+    {
+      name = "character_set_server"
+      value = "utf8"
+    }
+  ]
+
+  options = [
+    {
+      option_name = "MARIADB_AUDIT_PLUGIN"
+
+      option_settings = [
+        {
+          name  = "SERVER_AUDIT_EVENTS"
+          value = "CONNECT"
+        },
+        {
+          name  = "SERVER_AUDIT_FILE_ROTATIONS"
+          value = "37"
+        },
+      ]
+    },
+  ]
+}
+
+#####################
+# ASG Security group
+#####################
+
+resource "aws_security_group" "asg_sg" {
+  name = "asg-security-group"
+  description = "Security group for ASG"
+  vpc_id = data.terraform_remote_state.network.vpc_id
+}
+
+
+
+######
+# Launch configuration and autoscaling group
+######
+module "example_asg" {
+  source = "../../"
+
+  name = "example-with-elb"
+
+  # Launch configuration
+  #
+  # launch_configuration = "my-existing-launch-configuration" # Use the existing launch configuration
+  # create_lc = false # disables creation of launch configuration
+  lc_name = "example-lc"
+
+  image_id        = data.aws_ami.amazon_linux.id
+  instance_type   = "t2.micro"
+  security_groups = [data.aws_security_group.default.id]
+  load_balancers  = [module.elb.this_elb_id]
+
+  ebs_block_device = [
+    {
+      device_name           = "/dev/xvdz"
+      volume_type           = "gp2"
+      volume_size           = "50"
+      delete_on_termination = true
+    },
+  ]
+
+  root_block_device = [
+    {
+      volume_size = "50"
+      volume_type = "gp2"
+    },
+  ]
+
+  # Auto scaling group
+  asg_name                  = "example-asg"
+  vpc_zone_identifier       = data.aws_subnet_ids.all.ids
+  health_check_type         = "EC2"
+  min_size                  = 0
+  max_size                  = 1
+  desired_capacity          = 0
+  wait_for_capacity_timeout = 0
+
+  tags = [
+    {
+      key                 = "Environment"
+      value               = "dev"
+      propagate_at_launch = true
+    },
+    {
+      key                 = "Project"
+      value               = "megasecret"
+      propagate_at_launch = true
+    },
+  ]
+}
+
+######
+# ELB
+######
+module "elb" {
+  source = "terraform-aws-modules/elb/aws"
+
+  name = "elb-example"
+
+  subnets         = data.aws_subnet_ids.all.ids
+  security_groups = [data.aws_security_group.default.id]
+  internal        = false
+
+  listener = [
+    {
+      instance_port     = "80"
+      instance_protocol = "HTTP"
+      lb_port           = "80"
+      lb_protocol       = "HTTP"
+    },
+  ]
+
+  health_check = {
+    target              = "HTTP:80/"
+    interval            = 30
+    healthy_threshold   = 2
+    unhealthy_threshold = 2
+    timeout             = 5
+  }
+
+  tags = {
+    Owner       = "user"
+    Environment = "dev"
+  }
+}