diff options
author | Peter Mikus <pmikus@cisco.com> | 2022-03-31 15:59:10 +0200 |
---|---|---|
committer | Peter Mikus <pmikus@cisco.com> | 2022-04-01 10:54:23 +0000 |
commit | ca81b6ccfdcee62846217f824c1e4a1610b8a950 (patch) | |
tree | f0f836509b346cd59e9d10b5d67abe71cddb3264 /fdio.infra.terraform/terraform-aws-fdio-csit-dash-env | |
parent | e972e67afac3ab3eb785668d01d3bdf1833eade9 (diff) |
refactor(terraform): Directory structure
Signed-off-by: Peter Mikus <pmikus@cisco.com>
Change-Id: I2f3cdf0241aaf7c4a8ba4e00b701df10c9165cf8
Diffstat (limited to 'fdio.infra.terraform/terraform-aws-fdio-csit-dash-env')
5 files changed, 166 insertions, 0 deletions
diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf new file mode 100644 index 0000000000..7add0851c8 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf @@ -0,0 +1,106 @@ +data "vault_generic_secret" "fdio_docs" { + path = "kv/secret/data/etl/fdio_docs" +} + +data "vault_aws_access_credentials" "creds" { + backend = "${var.vault_name}-path" + role = "${var.vault_name}-role" +} + +module "elastic_beanstalk_application" { + source = "../terraform-aws-elastic-beanstalk-application" + + # application + application_description = "FD.io CSIT Results Dashboard" + application_name = "fdio-csit-dash-app" + appversion_lifecycle_service_role_arn = "" + appversion_lifecycle_max_count = 2 + appversion_lifecycle_delete_source_from_s3 = false +} + +module "elastic_beanstalk_environment" { + source = "../terraform-aws-elastic-beanstalk-environment" + + # vpc + vpc_cidr_block = "192.168.0.0/24" + vpc_enable_dns_hostnames = true + vpc_enable_dns_support = true + vpc_instance_tenancy = "default" + + # subnet + subnet_availability_zone = "us-east-1a" + + # environment + environment_application = module.elastic_beanstalk_application.application_name + environment_description = module.elastic_beanstalk_application.application_description + environment_name = "fdio-csit-dash-env" + environment_solution_stack_name = "64bit Amazon Linux 2 v3.3.11 running Python 3.8" + environment_tier = "WebServer" + environment_wait_for_ready_timeout = "20m" + environment_version_label = "" + + # aws:ec2:instances + instances_instance_types = "t3a.xlarge" + + # aws:ec2:vpc + associate_public_ip_address = true + elb_scheme = "public" + + # aws:elbv2:listener:default + default_listener_enabled = true + + # aws:elasticbeanstalk:environment + environment_loadbalancer_type = "network" + + # aws:elasticbeanstalk:environment:process:default + environment_process_default_healthcheck_interval = 10 + environment_process_default_healthy_threshold_count = 3 + environment_process_default_port = 5000 + environment_process_default_unhealthy_threshold_count = 3 + + # aws:elasticbeanstalk:healthreporting:system + healthreporting_system_type = "enhanced" + + # aws:elasticbeanstalk:managedactions + managedactions_managed_actions_enabled = true + managedactions_preferred_start_time = "Sun:10:00" + + # aws:elasticbeanstalk:managedactions:platformupdate + managedactions_platformupdate_update_level = "minor" + managedactions_platformupdate_instance_refresh_enabled = true + + # aws:autoscaling:asg + autoscaling_asg_minsize = 1 + autoscaling_asg_maxsize = 2 + + # aws:autoscaling:trigger + autoscaling_trigger_measure_name = "CPUUtilization" + autoscaling_trigger_statistic = "Average" + autoscaling_trigger_unit = "Percent" + autoscaling_trigger_lower_threshold = 20 + autoscaling_trigger_lower_breach_scale_increment = -1 + autoscaling_trigger_upper_threshold = 80 + autoscaling_trigger_upper_breach_scale_increment = 1 + + # aws:elasticbeanstalk:hostmanager + hostmanager_log_publication_control = true + + # aws:elasticbeanstalk:cloudwatch:logs + cloudwatch_logs_stream_logs = true + cloudwatch_logs_delete_on_terminate = true + cloudwatch_logs_retention_in_days = 3 + + # aws:elasticbeanstalk:cloudwatch:logs:health + cloudwatch_logs_health_health_streaming_enabled = true + cloudwatch_logs_health_delete_on_terminate = true + cloudwatch_logs_health_retention_in_days = 3 + + environment_type = "LoadBalanced" + + # aws:elasticbeanstalk:application:environment + environment_variables = { + "AWS_ACCESS_KEY_ID" = data.vault_generic_secret.fdio_docs.data["access_key"] + "AWS_SECRET_ACCESS_KEY" = data.vault_generic_secret.fdio_docs.data["secret_key"] + "AWS_DEFAULT_REGION" = data.vault_generic_secret.fdio_docs.data["region"] + } +} diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/output.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/output.tf new file mode 100644 index 0000000000..094c8f5422 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/output.tf @@ -0,0 +1,4 @@ +output "elastic_beanstalk_environment_hostname" { + description = "DNS hostname" + value = module.elastic_beanstalk_environment.environment_cname +} diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/providers.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/providers.tf new file mode 100644 index 0000000000..7241b27c16 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/providers.tf @@ -0,0 +1,11 @@ +provider "aws" { + region = var.region + access_key = data.vault_aws_access_credentials.creds.access_key + secret_key = data.vault_aws_access_credentials.creds.secret_key +} + +provider "vault" { + address = var.vault_provider_address + skip_tls_verify = var.vault_provider_skip_tls_verify + token = var.vault_provider_token +} diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/variables.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/variables.tf new file mode 100644 index 0000000000..25790290bc --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/variables.tf @@ -0,0 +1,28 @@ +variable "region" { + description = "AWS Region." + type = string + default = "us-east-1" +} + +variable "vault_provider_address" { + description = "Vault cluster address." + type = string + default = "http://10.30.51.28:8200" +} + +variable "vault_provider_skip_tls_verify" { + description = "Verification of the Vault server's TLS certificate." + type = bool + default = false +} + +variable "vault_provider_token" { + description = "Vault root token." + type = string + sensitive = true +} + +variable "vault_name" { + type = string + default = "dynamic-aws-creds-vault-fdio-csit-jenkins" +} diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/versions.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/versions.tf new file mode 100644 index 0000000000..4afbbc00a7 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/versions.tf @@ -0,0 +1,17 @@ +terraform { + backend "consul" { + address = "10.32.8.14:8500" + scheme = "http" + path = "terraform/dash" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.3.0" + } + vault = { + version = ">= 3.2.1" + } + } + required_version = ">= 1.1.4" +} |