diff options
author | Peter Mikus <pmikus@cisco.com> | 2022-03-01 14:10:13 +0100 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2022-03-16 15:06:29 +0000 |
commit | f23e41dfe33972b5ccfcfa7f192f7865f7479f9c (patch) | |
tree | b17b9d7e99d40256814a4ff8bcc31b68637c8311 /fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env | |
parent | 646c242bfaea75db747df8c178c050499994c789 (diff) |
feat(dash): Terraform AWS Beanstalk
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: Ib89677de3818b46aa622f56f28b7bbb54458dbe0
Diffstat (limited to 'fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env')
5 files changed, 166 insertions, 0 deletions
diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/main.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/main.tf new file mode 100644 index 0000000000..01b235162d --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/main.tf @@ -0,0 +1,101 @@ +data "vault_generic_secret" "fdio_docs" { + path = "kv/secret/data/etl/fdio_docs" +} + +data "vault_aws_access_credentials" "creds" { + backend = "${var.vault_name}-path" + role = "${var.vault_name}-role" +} + +module "elastic_beanstalk_environment" { + source = "../" + + # vpc + vpc_cidr_block = "192.168.0.0/24" + vpc_enable_dns_hostnames = true + vpc_enable_dns_support = true + vpc_instance_tenancy = "default" + + # subnet + subnet_availability_zone = "us-east-1a" + + # application + application_description = "FD.io CSIT Results Dashboard" + application_name = "fdio-csit-dash-app" + appversion_lifecycle_service_role_arn = "" + appversion_lifecycle_max_count = 2 + appversion_lifecycle_delete_source_from_s3 = false + + # environment + environment_description = "FD.io CSIT Results Dashboard" + environment_name = "fdio-csit-dash-env" + environment_solution_stack_name = "64bit Amazon Linux 2 v3.3.11 running Python 3.8" + environment_tier = "WebServer" + environment_wait_for_ready_timeout = "20m" + environment_version_label = "" + + # aws:ec2:instances + instances_instance_types = "t3a.2xlarge" + + # aws:ec2:vpc + associate_public_ip_address = true + elb_scheme = "public" + + # aws:elbv2:listener:default + default_listener_enabled = true + + # aws:elasticbeanstalk:environment + environment_loadbalancer_type = "network" + + # aws:elasticbeanstalk:environment:process:default + environment_process_default_healthcheck_interval = 10 + environment_process_default_healthy_threshold_count = 3 + environment_process_default_port = 5000 + environment_process_default_unhealthy_threshold_count = 3 + + # aws:elasticbeanstalk:healthreporting:system + healthreporting_system_type = "enhanced" + + # aws:elasticbeanstalk:managedactions + managedactions_managed_actions_enabled = true + managedactions_preferred_start_time = "Sun:10:00" + + # aws:elasticbeanstalk:managedactions:platformupdate + managedactions_platformupdate_update_level = "minor" + managedactions_platformupdate_instance_refresh_enabled = true + + # aws:autoscaling:asg + autoscaling_asg_minsize = 1 + autoscaling_asg_maxsize = 2 + + # aws:autoscaling:trigger + autoscaling_trigger_measure_name = "CPUUtilization" + autoscaling_trigger_statistic = "Average" + autoscaling_trigger_unit = "Percent" + autoscaling_trigger_lower_threshold = 20 + autoscaling_trigger_lower_breach_scale_increment = -1 + autoscaling_trigger_upper_threshold = 80 + autoscaling_trigger_upper_breach_scale_increment = 1 + + # aws:elasticbeanstalk:hostmanager + hostmanager_log_publication_control = true + + # aws:elasticbeanstalk:cloudwatch:logs + cloudwatch_logs_stream_logs = true + cloudwatch_logs_delete_on_terminate = true + cloudwatch_logs_retention_in_days = 3 + + # aws:elasticbeanstalk:cloudwatch:logs:health + cloudwatch_logs_health_health_streaming_enabled = true + cloudwatch_logs_health_delete_on_terminate = true + cloudwatch_logs_health_retention_in_days = 3 + + environment_type = "LoadBalanced" + + # aws:elasticbeanstalk:application:environment + environment_variables = { + "AWS_ACCESS_KEY_ID" = data.vault_generic_secret.fdio_docs.data["access_key"] + "AWS_SECRET_ACCESS_KEY" = data.vault_generic_secret.fdio_docs.data["secret_key"] + "AWS_DEFAULT_REGION" = data.vault_generic_secret.fdio_docs.data["region"] + } +} diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/output.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/output.tf new file mode 100644 index 0000000000..adcfc4b12e --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/output.tf @@ -0,0 +1,9 @@ +output "elastic_beanstalk_environment_hostname" { + description = "DNS hostname" + value = module.elastic_beanstalk_environment.cname +} + +output "elastic_beanstalk_environment_name" { + description = "Name of the Elastic Beanstalk environment" + value = module.elastic_beanstalk_environment.envName +}
\ No newline at end of file diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/providers.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/providers.tf new file mode 100644 index 0000000000..7241b27c16 --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/providers.tf @@ -0,0 +1,11 @@ +provider "aws" { + region = var.region + access_key = data.vault_aws_access_credentials.creds.access_key + secret_key = data.vault_aws_access_credentials.creds.secret_key +} + +provider "vault" { + address = var.vault_provider_address + skip_tls_verify = var.vault_provider_skip_tls_verify + token = var.vault_provider_token +} diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/variables.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/variables.tf new file mode 100644 index 0000000000..25790290bc --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/variables.tf @@ -0,0 +1,28 @@ +variable "region" { + description = "AWS Region." + type = string + default = "us-east-1" +} + +variable "vault_provider_address" { + description = "Vault cluster address." + type = string + default = "http://10.30.51.28:8200" +} + +variable "vault_provider_skip_tls_verify" { + description = "Verification of the Vault server's TLS certificate." + type = bool + default = false +} + +variable "vault_provider_token" { + description = "Vault root token." + type = string + sensitive = true +} + +variable "vault_name" { + type = string + default = "dynamic-aws-creds-vault-fdio-csit-jenkins" +} diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/versions.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/versions.tf new file mode 100644 index 0000000000..4afbbc00a7 --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/versions.tf @@ -0,0 +1,17 @@ +terraform { + backend "consul" { + address = "10.32.8.14:8500" + scheme = "http" + path = "terraform/dash" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.3.0" + } + vault = { + version = ">= 3.2.1" + } + } + required_version = ">= 1.1.4" +} |