aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.terraform/terraform-aws-fdio-csit-dash-env')
-rw-r--r--fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf124
-rw-r--r--fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/output.tf4
-rw-r--r--fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/providers.tf11
-rw-r--r--fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/variables.tf28
-rw-r--r--fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/versions.tf17
5 files changed, 184 insertions, 0 deletions
diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf
new file mode 100644
index 0000000000..9f115cd6c6
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf
@@ -0,0 +1,124 @@
+data "vault_generic_secret" "fdio_docs" {
+ path = "kv/secret/data/etl/fdio_docs"
+}
+
+data "vault_aws_access_credentials" "creds" {
+ backend = "${var.vault_name}-path"
+ role = "${var.vault_name}-role"
+}
+
+module "elastic_beanstalk_application" {
+ source = "../terraform-aws-elastic-beanstalk-application"
+
+ # application
+ application_description = "FD.io CDASH M7G"
+ application_name = "fdio-csit-dash-app-m7g"
+ appversion_lifecycle_service_role_arn = "arn:aws:iam::407116685360:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk"
+ appversion_lifecycle_max_count = 10
+ appversion_lifecycle_delete_source_from_s3 = false
+}
+
+module "elastic_beanstalk_environment" {
+ source = "../terraform-aws-elastic-beanstalk-environment"
+
+ # environment
+ application_name = "fdio-csit-dash-app-m7g"
+
+ # vpc
+ vpc_cidr_block = "10.0.0.0/16"
+ vpc_enable_dns_hostnames = true
+ vpc_enable_dns_support = true
+ vpc_instance_tenancy = "default"
+
+ # subnet
+ subnet_a_availability_zone = "eu-north-1a"
+ subnet_a_cidr_block = "10.0.0.0/20"
+ subnet_b_availability_zone = "eu-north-1b"
+ subnet_b_cidr_block = "10.0.16.0/20"
+
+ # environment
+ environment_application = module.elastic_beanstalk_application.application_name
+ environment_description = module.elastic_beanstalk_application.application_description
+ environment_name = "fdio-csit-dash-env-m7g"
+ environment_solution_stack_name = "64bit Amazon Linux 2023 v4.0.6 running Python 3.11"
+ environment_tier = "WebServer"
+ environment_wait_for_ready_timeout = "25m"
+ environment_version_label = ""
+
+ # aws:ec2:instances
+ instances_instance_types = "m7g.2xlarge"
+
+ # aws:ec2:vpc
+ associate_public_ip_address = true
+ elb_scheme = "public"
+
+ # aws:elbv2:listener:default
+ default_listener_enabled = true
+
+ # aws:elasticbeanstalk:environment
+ environment_loadbalancer_type = "application"
+ environment_loadbalancer_ssl_certificate_id = "arn:aws:acm:eu-north-1:407116685360:certificate/3ef3c6ae-f1d4-49f0-a8cd-5d090991bf73"
+
+ # aws:elasticbeanstalk:environment:process:default
+ environment_process_default_healthcheck_interval = 10
+ environment_process_default_healthy_threshold_count = 3
+ environment_process_default_port = 5000
+ environment_process_default_unhealthy_threshold_count = 3
+
+ # aws:autoscaling:updatepolicy:rollingupdate
+ autoscaling_updatepolicy_rolling_update_enabled = true
+ autoscaling_updatepolicy_rolling_update_type = "Immutable"
+ autoscaling_updatepolicy_min_instance_in_service = 1
+
+ # aws:elasticbeanstalk:command
+ command_deployment_policy = "Rolling"
+
+ # aws:autoscaling:updatepolicy:rollingupdate
+ updatepolicy_max_batch_size = 1
+
+ # aws:elasticbeanstalk:healthreporting:system
+ healthreporting_system_type = "enhanced"
+
+ # aws:elasticbeanstalk:managedactions
+ managedactions_managed_actions_enabled = true
+ managedactions_preferred_start_time = "Sun:10:00"
+
+ # aws:elasticbeanstalk:managedactions:platformupdate
+ managedactions_platformupdate_update_level = "minor"
+ managedactions_platformupdate_instance_refresh_enabled = true
+
+ # aws:autoscaling:asg
+ autoscaling_asg_minsize = 1
+ autoscaling_asg_maxsize = 2
+
+ # aws:autoscaling:trigger
+ autoscaling_trigger_measure_name = "CPUUtilization"
+ autoscaling_trigger_statistic = "Average"
+ autoscaling_trigger_unit = "Percent"
+ autoscaling_trigger_lower_threshold = 20
+ autoscaling_trigger_lower_breach_scale_increment = -1
+ autoscaling_trigger_upper_threshold = 80
+ autoscaling_trigger_upper_breach_scale_increment = 1
+
+ # aws:elasticbeanstalk:hostmanager
+ hostmanager_log_publication_control = true
+
+ # aws:elasticbeanstalk:cloudwatch:logs
+ cloudwatch_logs_stream_logs = true
+ cloudwatch_logs_delete_on_terminate = true
+ cloudwatch_logs_retention_in_days = 3
+
+ # aws:elasticbeanstalk:cloudwatch:logs:health
+ cloudwatch_logs_health_health_streaming_enabled = true
+ cloudwatch_logs_health_delete_on_terminate = true
+ cloudwatch_logs_health_retention_in_days = 3
+
+ environment_type = "LoadBalanced"
+
+ # aws:elasticbeanstalk:application:environment
+ environment_variables = {
+ "AWS_ACCESS_KEY_ID" = data.vault_generic_secret.fdio_docs.data["access_key"]
+ "AWS_SECRET_ACCESS_KEY" = data.vault_generic_secret.fdio_docs.data["secret_key"]
+ "AWS_DEFAULT_REGION" = data.vault_generic_secret.fdio_docs.data["region"]
+ }
+}
diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/output.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/output.tf
new file mode 100644
index 0000000000..094c8f5422
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/output.tf
@@ -0,0 +1,4 @@
+output "elastic_beanstalk_environment_hostname" {
+ description = "DNS hostname"
+ value = module.elastic_beanstalk_environment.environment_cname
+}
diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/providers.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/providers.tf
new file mode 100644
index 0000000000..7241b27c16
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/providers.tf
@@ -0,0 +1,11 @@
+provider "aws" {
+ region = var.region
+ access_key = data.vault_aws_access_credentials.creds.access_key
+ secret_key = data.vault_aws_access_credentials.creds.secret_key
+}
+
+provider "vault" {
+ address = var.vault_provider_address
+ skip_tls_verify = var.vault_provider_skip_tls_verify
+ token = var.vault_provider_token
+}
diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/variables.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/variables.tf
new file mode 100644
index 0000000000..d7ff1d19ff
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/variables.tf
@@ -0,0 +1,28 @@
+variable "region" {
+ description = "AWS Region."
+ type = string
+ default = "eu-north-1"
+}
+
+variable "vault_provider_address" {
+ description = "Vault cluster address."
+ type = string
+ default = "http://10.30.51.24:8200"
+}
+
+variable "vault_provider_skip_tls_verify" {
+ description = "Verification of the Vault server's TLS certificate."
+ type = bool
+ default = false
+}
+
+variable "vault_provider_token" {
+ description = "Vault root token."
+ type = string
+ sensitive = true
+}
+
+variable "vault_name" {
+ type = string
+ default = "dynamic-aws-creds-vault-fdio-csit-jenkins"
+}
diff --git a/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/versions.tf b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/versions.tf
new file mode 100644
index 0000000000..153890e01b
--- /dev/null
+++ b/fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/versions.tf
@@ -0,0 +1,17 @@
+terraform {
+ backend "consul" {
+ address = "10.30.51.24:8500"
+ scheme = "http"
+ path = "terraform/dash_m7g"
+ }
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = ">= 5.31.0"
+ }
+ vault = {
+ version = ">= 3.23.0"
+ }
+ }
+ required_version = ">= 1.4.2"
+}