From 6c8ca0ad2a9fe0bab2033e41c6b056226cf9a856 Mon Sep 17 00:00:00 2001 From: Peter Mikus Date: Wed, 16 Mar 2022 16:42:57 +0100 Subject: feat(dash): Terraform AWS Beanstalk split Signed-off-by: Peter Mikus Change-Id: I6a9f54be0f734cd267c7ea5aa7f9933e04a8e139 --- .../1n_aws_t3/fdio-csit-dash-app-base/main.tf | 11 + .../1n_aws_t3/fdio-csit-dash-app-base/output.tf | 0 .../1n_aws_t3/fdio-csit-dash-app-base/providers.tf | 11 + .../1n_aws_t3/fdio-csit-dash-app-base/variables.tf | 28 + .../1n_aws_t3/fdio-csit-dash-app-base/versions.tf | 17 + .../1n_aws_t3/fdio-csit-dash-env/main.tf | 25 +- .../1n_aws_t3/fdio-csit-dash-env/output.tf | 7 +- fdio.infra.terraform/1n_aws_t3/main.tf | 613 --------------------- fdio.infra.terraform/1n_aws_t3/output.tf | 15 - fdio.infra.terraform/1n_aws_t3/variables.tf | 305 ---------- fdio.infra.terraform/1n_aws_t3/versions.tf | 12 - .../README.md | 38 ++ .../example/main.tf | 4 + .../example/output.tf | 0 .../example/providers.tf | 3 + .../example/variables.tf | 11 + .../example/versions.tf | 9 + .../main.tf | 31 ++ .../output.tf | 0 .../variables.tf | 17 + .../versions.tf | 9 + .../README.md | 41 ++ .../example/main.tf | 4 + .../example/output.tf | 9 + .../example/providers.tf | 3 + .../example/variables.tf | 11 + .../example/versions.tf | 9 + .../main.tf | 21 + .../output.tf | 7 + .../variables.tf | 29 + .../versions.tf | 9 + .../README.md | 106 ++++ .../example/main.tf | 12 + .../example/output.tf | 9 + .../example/providers.tf | 3 + .../example/variables.tf | 23 + .../example/versions.tf | 9 + .../main.tf | 567 +++++++++++++++++++ .../output.tf | 7 + .../variables.tf | 311 +++++++++++ .../versions.tf | 12 + resources/tools/dash/app/app.ini | 2 +- 42 files changed, 1408 insertions(+), 962 deletions(-) create mode 100644 fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/main.tf create mode 100644 fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/output.tf create mode 100644 fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/providers.tf create mode 100644 fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/variables.tf create mode 100644 fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/versions.tf delete mode 100644 fdio.infra.terraform/1n_aws_t3/main.tf delete mode 100644 fdio.infra.terraform/1n_aws_t3/output.tf delete mode 100644 fdio.infra.terraform/1n_aws_t3/variables.tf delete mode 100644 fdio.infra.terraform/1n_aws_t3/versions.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/README.md create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/main.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/output.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/providers.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/variables.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/versions.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/main.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/output.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/variables.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/versions.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/README.md create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/main.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/output.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/providers.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/variables.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/versions.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/main.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/output.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/variables.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/versions.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf create mode 100644 fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/main.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/main.tf new file mode 100644 index 0000000000..63d30e4098 --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/main.tf @@ -0,0 +1,11 @@ +data "vault_aws_access_credentials" "creds" { + backend = "${var.vault_name}-path" + role = "${var.vault_name}-role" +} + +module "elastic_beanstalk_application_version" { + source = "../../terraform-aws-elastic-beanstalk-application-version" + application_description = "FD.io CSIT Results Dashboard" + application_name = "fdio-csit-dash-app" + application_version_name = "fdio-csit-dash-app-base" +} diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/output.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/output.tf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/providers.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/providers.tf new file mode 100644 index 0000000000..7241b27c16 --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/providers.tf @@ -0,0 +1,11 @@ +provider "aws" { + region = var.region + access_key = data.vault_aws_access_credentials.creds.access_key + secret_key = data.vault_aws_access_credentials.creds.secret_key +} + +provider "vault" { + address = var.vault_provider_address + skip_tls_verify = var.vault_provider_skip_tls_verify + token = var.vault_provider_token +} diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/variables.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/variables.tf new file mode 100644 index 0000000000..25790290bc --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/variables.tf @@ -0,0 +1,28 @@ +variable "region" { + description = "AWS Region." + type = string + default = "us-east-1" +} + +variable "vault_provider_address" { + description = "Vault cluster address." + type = string + default = "http://10.30.51.28:8200" +} + +variable "vault_provider_skip_tls_verify" { + description = "Verification of the Vault server's TLS certificate." + type = bool + default = false +} + +variable "vault_provider_token" { + description = "Vault root token." + type = string + sensitive = true +} + +variable "vault_name" { + type = string + default = "dynamic-aws-creds-vault-fdio-csit-jenkins" +} diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/versions.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/versions.tf new file mode 100644 index 0000000000..4afbbc00a7 --- /dev/null +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-app-base/versions.tf @@ -0,0 +1,17 @@ +terraform { + backend "consul" { + address = "10.32.8.14:8500" + scheme = "http" + path = "terraform/dash" + } + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.3.0" + } + vault = { + version = ">= 3.2.1" + } + } + required_version = ">= 1.1.4" +} diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/main.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/main.tf index 01b235162d..fa7bcea8d9 100644 --- a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/main.tf +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/main.tf @@ -7,8 +7,19 @@ data "vault_aws_access_credentials" "creds" { role = "${var.vault_name}-role" } +module "elastic_beanstalk_application" { + source = "../../terraform-aws-elastic-beanstalk-application" + + # application + application_description = "FD.io CSIT Results Dashboard" + application_name = "fdio-csit-dash-app" + appversion_lifecycle_service_role_arn = "" + appversion_lifecycle_max_count = 2 + appversion_lifecycle_delete_source_from_s3 = false +} + module "elastic_beanstalk_environment" { - source = "../" + source = "../../terraform-aws-elastic-beanstalk-environment" # vpc vpc_cidr_block = "192.168.0.0/24" @@ -19,15 +30,9 @@ module "elastic_beanstalk_environment" { # subnet subnet_availability_zone = "us-east-1a" - # application - application_description = "FD.io CSIT Results Dashboard" - application_name = "fdio-csit-dash-app" - appversion_lifecycle_service_role_arn = "" - appversion_lifecycle_max_count = 2 - appversion_lifecycle_delete_source_from_s3 = false - # environment - environment_description = "FD.io CSIT Results Dashboard" + environment_application = module.elastic_beanstalk_application.application_name + environment_description = module.elastic_beanstalk_application.application_description environment_name = "fdio-csit-dash-env" environment_solution_stack_name = "64bit Amazon Linux 2 v3.3.11 running Python 3.8" environment_tier = "WebServer" @@ -35,7 +40,7 @@ module "elastic_beanstalk_environment" { environment_version_label = "" # aws:ec2:instances - instances_instance_types = "t3a.2xlarge" + instances_instance_types = "t3a.xlarge" # aws:ec2:vpc associate_public_ip_address = true diff --git a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/output.tf b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/output.tf index adcfc4b12e..094c8f5422 100644 --- a/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/output.tf +++ b/fdio.infra.terraform/1n_aws_t3/fdio-csit-dash-env/output.tf @@ -1,9 +1,4 @@ output "elastic_beanstalk_environment_hostname" { description = "DNS hostname" - value = module.elastic_beanstalk_environment.cname + value = module.elastic_beanstalk_environment.environment_cname } - -output "elastic_beanstalk_environment_name" { - description = "Name of the Elastic Beanstalk environment" - value = module.elastic_beanstalk_environment.envName -} \ No newline at end of file diff --git a/fdio.infra.terraform/1n_aws_t3/main.tf b/fdio.infra.terraform/1n_aws_t3/main.tf deleted file mode 100644 index eb0c046b2e..0000000000 --- a/fdio.infra.terraform/1n_aws_t3/main.tf +++ /dev/null @@ -1,613 +0,0 @@ -locals { - bucket = "${var.application_name}-bucket" - tags = { - "Name" = "${var.application_name}" - "Environment" = "${var.application_name}" - } -} - -# Create elastic beanstalk VPC -resource "aws_vpc" "vpc" { - assign_generated_ipv6_cidr_block = true - cidr_block = var.vpc_cidr_block - enable_dns_hostnames = var.vpc_enable_dns_hostnames - enable_dns_support = var.vpc_enable_dns_support - instance_tenancy = var.vpc_instance_tenancy - tags = local.tags -} - -# Create elastic beanstalk Subnets -resource "aws_subnet" "subnet" { - depends_on = [ - aws_vpc.vpc - ] - availability_zone = var.subnet_availability_zone - assign_ipv6_address_on_creation = true - cidr_block = aws_vpc.vpc.cidr_block - ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1) - map_public_ip_on_launch = true - vpc_id = aws_vpc.vpc.id - tags = local.tags -} - -resource "aws_internet_gateway" "internet_gateway" { - depends_on = [ - aws_vpc.vpc - ] - vpc_id = aws_vpc.vpc.id - tags = local.tags -} - -resource "aws_route" "route" { - depends_on = [ - aws_vpc.vpc, - aws_internet_gateway.internet_gateway - ] - destination_cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.internet_gateway.id - route_table_id = aws_vpc.vpc.main_route_table_id -} - -# Create elastic beanstalk IAM mapping -data "aws_iam_policy_document" "service" { - statement { - actions = [ - "sts:AssumeRole" - ] - principals { - type = "Service" - identifiers = ["elasticbeanstalk.amazonaws.com"] - } - effect = "Allow" - } -} - -resource "aws_iam_role" "service" { - assume_role_policy = data.aws_iam_policy_document.service.json - name = "${var.application_name}-eb-service" -} - -resource "aws_iam_role_policy_attachment" "enhanced_health" { - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth" - role = aws_iam_role.service.name -} - -resource "aws_iam_role_policy_attachment" "service" { - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService" - role = aws_iam_role.service.name -} - -data "aws_iam_policy_document" "ec2" { - statement { - actions = [ - "sts:AssumeRole" - ] - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - effect = "Allow" - } - statement { - actions = [ - "sts:AssumeRole", - ] - principals { - type = "Service" - identifiers = ["ssm.amazonaws.com"] - } - effect = "Allow" - } -} - -resource "aws_iam_role" "ec2" { - assume_role_policy = data.aws_iam_policy_document.ec2.json - name = "${var.application_name}-eb-ec2" -} - -resource "aws_iam_instance_profile" "ec2_iam_instance_profile" { - name = "${var.application_name}-iam-instance-profile" - role = aws_iam_role.ec2.name -} - -resource "aws_iam_role_policy_attachment" "multicontainer_docker" { - policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker" - role = aws_iam_role.ec2.name -} - -resource "aws_iam_role_policy_attachment" "web_tier" { - policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier" - role = aws_iam_role.ec2.name -} - -resource "aws_iam_role_policy_attachment" "worker_tier" { - policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier" - role = aws_iam_role.ec2.name -} - -resource "aws_iam_role_policy_attachment" "ssm_automation" { - policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole" - role = aws_iam_role.ec2.name -} - -resource "aws_iam_role_policy_attachment" "ssm_ec2" { - policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" - role = aws_iam_role.ec2.name -} - -resource "aws_iam_role_policy_attachment" "ecr_readonly" { - policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - role = aws_iam_role.ec2.name -} - -resource "aws_ssm_activation" "ec2" { - depends_on = [ - aws_iam_role.ec2, - aws_iam_role_policy_attachment.ssm_ec2 - ] - name = "${var.application_name}-ec2-activation" - iam_role = aws_iam_role.ec2.id - registration_limit = 3 -} - -data "aws_iam_policy_document" "default" { - statement { - actions = [ - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetHealth", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:GetConsoleOutput", - "ec2:AssociateAddress", - "ec2:DescribeAddresses", - "ec2:DescribeSecurityGroups", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeScalingActivities", - "autoscaling:DescribeNotificationConfigurations", - ] - resources = ["*"] - effect = "Allow" - } - - statement { - sid = "AllowOperations" - actions = [ - "autoscaling:AttachInstances", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteScheduledAction", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLoadBalancers", - "autoscaling:DescribeNotificationConfigurations", - "autoscaling:DescribeScalingActivities", - "autoscaling:DescribeScheduledActions", - "autoscaling:DetachInstances", - "autoscaling:PutScheduledUpdateGroupAction", - "autoscaling:ResumeProcesses", - "autoscaling:SetDesiredCapacity", - "autoscaling:SetInstanceProtection", - "autoscaling:SuspendProcesses", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - "cloudwatch:PutMetricAlarm", - "ec2:AssociateAddress", - "ec2:AllocateAddress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:TerminateInstances", - "ecs:CreateCluster", - "ecs:DeleteCluster", - "ecs:DescribeClusters", - "ecs:RegisterTaskDefinition", - "elasticbeanstalk:*", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeregisterTargets", - "iam:ListRoles", - "iam:PassRole", - "logs:CreateLogGroup", - "logs:PutRetentionPolicy", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeOrderableDBInstanceOptions", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:ListBucket", - "sns:CreateTopic", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:Subscribe", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "codebuild:CreateProject", - "codebuild:DeleteProject", - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - ] - resources = ["*"] - effect = "Allow" - } - - statement { - sid = "AllowS3OperationsOnElasticBeanstalkBuckets" - actions = [ - "s3:*" - ] - resources = [ - "arn:aws:s3:::*" - ] - effect = "Allow" - } - - statement { - sid = "AllowDeleteCloudwatchLogGroups" - actions = [ - "logs:DeleteLogGroup" - ] - resources = [ - "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" - ] - effect = "Allow" - } - - statement { - sid = "AllowCloudformationOperationsOnElasticBeanstalkStacks" - actions = [ - "cloudformation:*" - ] - resources = [ - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ] - effect = "Allow" - } -} - -resource "aws_iam_role_policy" "default" { - depends_on = [ - aws_iam_role.ec2 - ] - name = "${var.application_name}-eb-default" - policy = data.aws_iam_policy_document.default.json - role = aws_iam_role.ec2.id -} - -# Create elastic beanstalk Application -resource "aws_s3_bucket" "bucket" { - bucket = local.bucket - tags = local.tags -} - -resource "aws_s3_object" "object" { - bucket = aws_s3_bucket.bucket.id - key = "beanstalk/app.zip" - source = "app.zip" - tags = local.tags -} - -resource "aws_elastic_beanstalk_application_version" "application_version" { - depends_on = [ - aws_elastic_beanstalk_application.application - ] - name = "${var.application_name}-base" - application = var.application_name - description = var.application_description - bucket = aws_s3_bucket.bucket.id - key = aws_s3_object.object.id - tags = local.tags -} - -resource "aws_elastic_beanstalk_application" "application" { - depends_on = [ - aws_vpc.vpc, - aws_subnet.subnet, - aws_ssm_activation.ec2 - ] - name = var.application_name - description = var.application_description - - dynamic "appversion_lifecycle" { - for_each = var.appversion_lifecycle_service_role_arn != "" ? ["true"] : [] - content { - service_role = var.appversion_lifecycle_service_role_arn - max_count = var.appversion_lifecycle_max_count - delete_source_from_s3 = var.appversion_lifecycle_delete_source_from_s3 - } - } - tags = local.tags -} - -# Create elastic beanstalk Environment -resource "aws_elastic_beanstalk_environment" "environment" { - depends_on = [ - aws_vpc.vpc, - aws_subnet.subnet, - aws_ssm_activation.ec2 - ] - application = aws_elastic_beanstalk_application.application.name - description = var.environment_description - name = var.environment_name - solution_stack_name = var.environment_solution_stack_name - tier = var.environment_tier - wait_for_ready_timeout = var.environment_wait_for_ready_timeout - version_label = var.environment_version_label - tags = local.tags - - # aws:ec2:instances - setting { - namespace = "aws:ec2:instances" - name = "InstanceTypes" - value = var.instances_instance_types - } - - # aws:ec2:vpc - setting { - namespace = "aws:ec2:vpc" - name = "VPCId" - value = aws_vpc.vpc.id - } - - setting { - namespace = "aws:ec2:vpc" - name = "Subnets" - value = aws_subnet.subnet.id - } - - setting { - namespace = "aws:ec2:vpc" - name = "ELBSubnets" - value = aws_subnet.subnet.id - } - - setting { - namespace = "aws:ec2:vpc" - name = "ELBScheme" - value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" - } - - setting { - namespace = "aws:ec2:vpc" - name = "AssociatePublicIpAddress" - value = var.associate_public_ip_address - } - - setting { - namespace = "aws:elasticbeanstalk:application" - name = "Application Healthcheck URL" - value = "/" - } - - # aws:elbv2:listener:default - setting { - namespace = "aws:elbv2:listener:default" - name = "ListenerEnabled" - value = var.default_listener_enabled - } - - # aws:elasticbeanstalk:environment - setting { - namespace = "aws:elasticbeanstalk:environment" - name = "LoadBalancerType" - value = var.environment_loadbalancer_type - } - - setting { - namespace = "aws:elasticbeanstalk:environment" - name = "ServiceRole" - value = aws_iam_role.service.name - } - - # aws:elasticbeanstalk:environment:process:default - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthCheckInterval" - value = var.environment_process_default_healthcheck_interval - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "HealthyThresholdCount" - value = var.environment_process_default_healthy_threshold_count - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "Port" - value = var.environment_process_default_port - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "Protocol" - value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" - } - - setting { - namespace = "aws:elasticbeanstalk:environment:process:default" - name = "UnhealthyThresholdCount" - value = var.environment_process_default_unhealthy_threshold_count - } - - # aws:autoscaling:launchconfiguration - setting { - namespace = "aws:autoscaling:launchconfiguration" - name = "IamInstanceProfile" - value = aws_iam_instance_profile.ec2_iam_instance_profile.name - } - - # aws:elasticbeanstalk:healthreporting:system - setting { - namespace = "aws:elasticbeanstalk:healthreporting:system" - name = "SystemType" - value = var.healthreporting_system_type - } - - # aws:elasticbeanstalk:managedactions - setting { - namespace = "aws:elasticbeanstalk:managedactions" - name = "ManagedActionsEnabled" - value = var.managedactions_managed_actions_enabled ? "true" : "false" - } - - setting { - namespace = "aws:elasticbeanstalk:managedactions" - name = "PreferredStartTime" - value = var.managedactions_preferred_start_time - } - - # aws:elasticbeanstalk:managedactions:platformupdate - setting { - namespace = "aws:elasticbeanstalk:managedactions:platformupdate" - name = "UpdateLevel" - value = var.managedactions_platformupdate_update_level - } - - setting { - namespace = "aws:elasticbeanstalk:managedactions:platformupdate" - name = "InstanceRefreshEnabled" - value = var.managedactions_platformupdate_instance_refresh_enabled - } - - # aws:autoscaling:asg - setting { - namespace = "aws:autoscaling:asg" - name = "MinSize" - value = var.autoscaling_asg_minsize - } - setting { - namespace = "aws:autoscaling:asg" - name = "MaxSize" - value = var.autoscaling_asg_maxsize - } - - # aws:autoscaling:trigger - setting { - namespace = "aws:autoscaling:trigger" - name = "MeasureName" - value = var.autoscaling_trigger_measure_name - } - - setting { - namespace = "aws:autoscaling:trigger" - name = "Statistic" - value = var.autoscaling_trigger_statistic - } - - setting { - namespace = "aws:autoscaling:trigger" - name = "Unit" - value = var.autoscaling_trigger_unit - } - - setting { - namespace = "aws:autoscaling:trigger" - name = "LowerThreshold" - value = var.autoscaling_trigger_lower_threshold - } - - setting { - namespace = "aws:autoscaling:trigger" - name = "LowerBreachScaleIncrement" - value = var.autoscaling_trigger_lower_breach_scale_increment - } - - setting { - namespace = "aws:autoscaling:trigger" - name = "UpperThreshold" - value = var.autoscaling_trigger_upper_threshold - } - - setting { - namespace = "aws:autoscaling:trigger" - name = "UpperBreachScaleIncrement" - value = var.autoscaling_trigger_upper_breach_scale_increment - } - - # aws:elasticbeanstalk:hostmanager - setting { - namespace = "aws:elasticbeanstalk:hostmanager" - name = "LogPublicationControl" - value = var.hostmanager_log_publication_control ? "true" : "false" - } - - # aws:elasticbeanstalk:cloudwatch:logs - setting { - namespace = "aws:elasticbeanstalk:cloudwatch:logs" - name = "StreamLogs" - value = var.cloudwatch_logs_stream_logs ? "true" : "false" - } - - setting { - namespace = "aws:elasticbeanstalk:cloudwatch:logs" - name = "DeleteOnTerminate" - value = var.cloudwatch_logs_delete_on_terminate ? "true" : "false" - } - - setting { - namespace = "aws:elasticbeanstalk:cloudwatch:logs" - name = "RetentionInDays" - value = var.cloudwatch_logs_retention_in_days - } - - # aws:elasticbeanstalk:cloudwatch:logs:health - setting { - namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" - name = "HealthStreamingEnabled" - value = var.cloudwatch_logs_health_health_streaming_enabled ? "true" : "false" - } - - setting { - namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" - name = "DeleteOnTerminate" - value = var.cloudwatch_logs_health_delete_on_terminate ? "true" : "false" - } - - setting { - namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" - name = "RetentionInDays" - value = var.cloudwatch_logs_health_retention_in_days - } - - # aws:elasticbeanstalk:application:environment - dynamic "setting" { - for_each = var.environment_variables - content { - namespace = "aws:elasticbeanstalk:application:environment" - name = setting.key - value = setting.value - } - } -} diff --git a/fdio.infra.terraform/1n_aws_t3/output.tf b/fdio.infra.terraform/1n_aws_t3/output.tf deleted file mode 100644 index 58d6627380..0000000000 --- a/fdio.infra.terraform/1n_aws_t3/output.tf +++ /dev/null @@ -1,15 +0,0 @@ -output "cname" { - value = aws_elastic_beanstalk_environment.environment.cname -} - -output "envName" { - value = aws_elastic_beanstalk_environment.environment.name -} - -output "asgName" { - value = aws_elastic_beanstalk_environment.environment.autoscaling_groups[0] -} - -output "lbarn" { - value = aws_elastic_beanstalk_environment.environment.load_balancers[0] -} \ No newline at end of file diff --git a/fdio.infra.terraform/1n_aws_t3/variables.tf b/fdio.infra.terraform/1n_aws_t3/variables.tf deleted file mode 100644 index 4a74df6d39..0000000000 --- a/fdio.infra.terraform/1n_aws_t3/variables.tf +++ /dev/null @@ -1,305 +0,0 @@ -# Variables for elastic beanstalk VPC -variable "vpc_cidr_block" { - description = "The CIDR block for the association." - type = string - default = "192.168.0.0/24" -} - -variable "vpc_enable_dns_hostnames" { - description = "Whether or not the VPC has DNS hostname support." - type = bool - default = true -} - -variable "vpc_enable_dns_support" { - description = "Whether or not the VPC has DNS support." - type = bool - default = true -} - -variable "vpc_instance_tenancy" { - description = "The allowed tenancy of instances launched into the selected VPC." - type = string - default = "default" -} - -# Variables for elastic beanstalk Subnet -variable "subnet_availability_zone" { - description = "AWS availability zone" - type = string - default = "us-east-1a" -} - -# Variables for elastic beanstalk Application -variable "application_description" { - description = "Short description of the application." - type = string - default = "Beanstalk Application" -} - -variable "application_name" { - description = "The name of the application, must be unique within account." - type = string - default = "Beanstalk" -} - -variable "appversion_lifecycle_service_role_arn" { - description = "The service role ARN to use for application version cleanup. If left empty, the `appversion_lifecycle` block will not be created." - type = string - default = "" -} - -variable "appversion_lifecycle_max_count" { - description = "The max number of application versions to keep" - type = number - default = 2 -} - -variable "appversion_lifecycle_delete_source_from_s3" { - description = "Whether to delete application versions from S3 source" - type = bool - default = false -} - -# Variables for elastic beanstalk Environment -variable "environment_description" { - description = "Short description of the environment." - type = string - default = "Beanstalk Environment" -} - -variable "environment_name" { - description = "A unique name for this Environment. This name is used in the application URL." - type = string - default = "Beanstalk-env" -} - -variable "environment_solution_stack_name" { - description = "A solution stack to base your environment off of." - type = string - default = "64bit Amazon Linux 2 v3.3.11 running Python 3.8" -} - -variable "environment_tier" { - description = "The environment tier specified." - type = string - default = "WebServer" -} - -variable "environment_wait_for_ready_timeout" { - description = "The maximum duration to wait for the Elastic Beanstalk Environment to be in a ready state before timing out" - type = string - default = "20m" -} - -variable "environment_version_label" { - description = "The name of the Elastic Beanstalk Application Version to use in deployment." - type = string - default = "" -} - -# aws:ec2:instances -variable "instances_instance_types" { - description = "Instances type" - type = string - default = "t3.medium" -} - -# aws:ec2:vpc -variable "associate_public_ip_address" { - description = "Whether to associate public IP addresses to the instances." - type = bool - default = true -} - -variable "elb_scheme" { - description = "Specify `internal` if you want to create an internal load balancer in your Amazon VPC so that your Elastic Beanstalk application cannot be accessed from outside your Amazon VPC." - type = string - default = "public" -} - -# aws:elbv2:listener:default -variable "default_listener_enabled" { - description = "Set to false to disable the listener. You can use this option to disable the default listener on port 80." - type = bool - default = true -} - -# aws:elasticbeanstalk:environment -variable "environment_loadbalancer_type" { - description = "Load Balancer type, e.g. 'application' or 'classic'." - type = string - default = "network" -} - -# aws:elasticbeanstalk:environment:process:default -variable "environment_process_default_healthcheck_interval" { - description = "The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application." - type = number - default = 10 -} - -variable "environment_process_default_healthy_threshold_count" { - description = "The number of consecutive successful requests before Elastic Load Balancing changes the instance health status." - type = number - default = 3 -} - -variable "environment_process_default_port" { - description = "Port application is listening on." - type = number - default = 5000 -} - -variable "environment_process_default_unhealthy_threshold_count" { - description = "The number of consecutive unsuccessful requests before Elastic Load Balancing changes the instance health status." - type = number - default = 3 -} - -# aws:elasticbeanstalk:healthreporting:system -variable "healthreporting_system_type" { - description = "Whether to enable enhanced health reporting for this environment" - type = string - default = "enhanced" -} - -# aws:elasticbeanstalk:managedactions -variable "managedactions_managed_actions_enabled" { - description = "Enable managed platform updates. When you set this to true, you must also specify a `PreferredStartTime` and `UpdateLevel`" - type = bool - default = true -} - -variable "managedactions_preferred_start_time" { - description = "Configure a maintenance window for managed actions in UTC" - type = string - default = "Sun:10:00" -} - -# aws:elasticbeanstalk:managedactions:platformupdate -variable "managedactions_platformupdate_update_level" { - description = "The highest level of update to apply with managed platform updates" - type = string - default = "minor" -} - -variable "managedactions_platformupdate_instance_refresh_enabled" { - description = "Enable weekly instance replacement." - type = bool - default = true -} - -# aws:autoscaling:asg -variable "autoscaling_asg_minsize" { - description = "Minumum instances to launch" - type = number - default = 1 -} - -variable "autoscaling_asg_maxsize" { - description = "Maximum instances to launch" - type = number - default = 2 -} - -# aws:autoscaling:trigger -variable "autoscaling_trigger_measure_name" { - description = "Metric used for your Auto Scaling trigger" - type = string - default = "CPUUtilization" -} - -variable "autoscaling_trigger_statistic" { - description = "Statistic the trigger should use, such as Average" - type = string - default = "Average" -} - -variable "autoscaling_trigger_unit" { - description = "Unit for the trigger measurement, such as Bytes" - type = string - default = "Percent" -} - -variable "autoscaling_trigger_lower_threshold" { - description = "Minimum level of autoscale metric to remove an instance" - type = number - default = 20 -} - -variable "autoscaling_trigger_lower_breach_scale_increment" { - description = "How many Amazon EC2 instances to remove when performing a scaling activity." - type = number - default = -1 -} - -variable "autoscaling_trigger_upper_threshold" { - description = "Maximum level of autoscale metric to add an instance" - type = number - default = 80 -} - -variable "autoscaling_trigger_upper_breach_scale_increment" { - description = "How many Amazon EC2 instances to add when performing a scaling activity" - type = number - default = 1 -} - -# aws:elasticbeanstalk:hostmanager -variable "hostmanager_log_publication_control" { - description = "Copy the log files for your application's Amazon EC2 instances to the Amazon S3 bucket associated with your application" - type = bool - default = true -} - -# aws:elasticbeanstalk:cloudwatch:logs -variable "cloudwatch_logs_stream_logs" { - description = "Whether to create groups in CloudWatch Logs for proxy and deployment logs, and stream logs from each instance in your environment" - type = bool - default = true -} - -variable "cloudwatch_logs_delete_on_terminate" { - description = "Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days" - type = bool - default = true -} - -variable "cloudwatch_logs_retention_in_days" { - description = "The number of days to keep log events before they expire." - type = number - default = 3 -} - -# aws:elasticbeanstalk:cloudwatch:logs:health -variable "cloudwatch_logs_health_health_streaming_enabled" { - description = "For environments with enhanced health reporting enabled, whether to create a group in CloudWatch Logs for environment health and archive Elastic Beanstalk environment health data. For information about enabling enhanced health, see aws:elasticbeanstalk:healthreporting:system." - type = bool - default = true -} - -variable "cloudwatch_logs_health_delete_on_terminate" { - description = "Whether to delete the log group when the environment is terminated. If false, the health data is kept RetentionInDays days." - type = bool - default = true -} - -variable "cloudwatch_logs_health_retention_in_days" { - description = "The number of days to keep the archived health data before it expires." - type = number - default = 3 -} - -variable "environment_type" { - description = "Environment type, e.g. 'LoadBalanced' or 'SingleInstance'. If setting to 'SingleInstance', `rolling_update_type` must be set to 'Time', `updating_min_in_service` must be set to 0, and `loadbalancer_subnets` will be unused (it applies to the ELB, which does not exist in SingleInstance environments)." - type = string - default = "LoadBalanced" -} - -# aws:elasticbeanstalk:application:environment -variable "environment_variables" { - description = "Map of custom ENV variables to be provided to the application." - type = map(string) - default = {} -} diff --git a/fdio.infra.terraform/1n_aws_t3/versions.tf b/fdio.infra.terraform/1n_aws_t3/versions.tf deleted file mode 100644 index d0e9db34f5..0000000000 --- a/fdio.infra.terraform/1n_aws_t3/versions.tf +++ /dev/null @@ -1,12 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 4.3.0" - } - vault = { - version = ">= 3.2.1" - } - } - required_version = ">= 1.1.4" -} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/README.md b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/README.md new file mode 100644 index 0000000000..0ab18bdbb8 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/README.md @@ -0,0 +1,38 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.1.4 | +| [aws](#requirement\_aws) | ~> 4.3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 4.3.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_elastic_beanstalk_application_version.application_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elastic_beanstalk_application_version) | resource | +| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_object.object](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [application\_description](#input\_application\_description) | Short description of the Application Version. | `string` | `"Beanstalk Application"` | no | +| [application\_name](#input\_application\_name) | Name of the Beanstalk Application the version is associated. | `string` | `"Beanstalk"` | no | +| [application\_version\_name](#input\_application\_version\_name) | Unique name for the this Application Version. | `string` | `"Beanstalk Version"` | no | + +## Outputs + +No outputs. + \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/main.tf new file mode 100644 index 0000000000..652509225f --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/main.tf @@ -0,0 +1,4 @@ +module "elastic_beanstalk_application_version" { + source = "../" + application_description = var.application_description +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/output.tf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/providers.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/providers.tf new file mode 100644 index 0000000000..5ff54f0d65 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/providers.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = var.region +} \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/variables.tf new file mode 100644 index 0000000000..12af1d64c6 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/variables.tf @@ -0,0 +1,11 @@ +variable "region" { + description = "AWS Region." + type = string + default = "us-east-1" +} + +variable "application_description" { + description = "Short description of the application." + type = string + default = "Beanstalk Application" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/versions.tf new file mode 100644 index 0000000000..af1be4a4e1 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/example/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.3.0" + } + } + required_version = ">= 1.1.4" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/main.tf new file mode 100644 index 0000000000..4a9f473baa --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/main.tf @@ -0,0 +1,31 @@ +locals { + bucket = "${var.application_name}-bucket" + key = "${var.application_name}.zip" + source = "app.zip" + tags = { + "Name" = "${var.application_name}" + "Environment" = "${var.application_name}" + } +} + +# Create elastic beanstalk Application Version +resource "aws_s3_bucket" "bucket" { + bucket = local.bucket + tags = local.tags +} + +resource "aws_s3_object" "object" { + bucket = aws_s3_bucket.bucket.id + key = local.key + source = local.source + tags = local.tags +} + +resource "aws_elastic_beanstalk_application_version" "application_version" { + application = var.application_name + description = var.application_description + bucket = aws_s3_bucket.bucket.id + key = aws_s3_object.object.id + name = var.application_version_name + tags = local.tags +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/output.tf new file mode 100644 index 0000000000..e69de29bb2 diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/variables.tf new file mode 100644 index 0000000000..6ac2ae7bfe --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/variables.tf @@ -0,0 +1,17 @@ +variable "application_description" { + description = "Short description of the Application Version." + type = string + default = "Beanstalk Application" +} + +variable "application_name" { + description = "Name of the Beanstalk Application the version is associated." + type = string + default = "Beanstalk" +} + +variable "application_version_name" { + description = "Unique name for the this Application Version." + type = string + default = "Beanstalk Version" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/versions.tf new file mode 100644 index 0000000000..66b9c17f9b --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application-version/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.3.0" + } + } + required_version = ">= 1.1.4" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/README.md b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/README.md new file mode 100644 index 0000000000..d149d90038 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/README.md @@ -0,0 +1,41 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.1.4 | +| [aws](#requirement\_aws) | ~> 4.3.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 4.3.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_elastic_beanstalk_application.application](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elastic_beanstalk_application) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [application\_description](#input\_application\_description) | Short description of the application. | `string` | `"Beanstalk Application"` | no | +| [application\_name](#input\_application\_name) | The name of the application, must be unique within account. | `string` | `"Beanstalk"` | no | +| [appversion\_lifecycle\_delete\_source\_from\_s3](#input\_appversion\_lifecycle\_delete\_source\_from\_s3) | Whether to delete application versions from S3 source. | `bool` | `false` | no | +| [appversion\_lifecycle\_max\_count](#input\_appversion\_lifecycle\_max\_count) | The max number of application versions to keep. | `number` | `2` | no | +| [appversion\_lifecycle\_service\_role\_arn](#input\_appversion\_lifecycle\_service\_role\_arn) | The service role ARN to use for application version cleanup. If left empty, the `appversion_lifecycle` block will not be created. | `string` | `""` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [application\_description](#output\_application\_description) | n/a | +| [application\_name](#output\_application\_name) | n/a | + \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/main.tf new file mode 100644 index 0000000000..410d1abc59 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/main.tf @@ -0,0 +1,4 @@ +module "elastic_beanstalk_application" { + source = "../" + application_description = var.application_description +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/output.tf new file mode 100644 index 0000000000..290e2a1c5a --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/output.tf @@ -0,0 +1,9 @@ +output "elastic_beanstalk_application_name" { + value = module.elastic_beanstalk_application.application_name + description = "Elastic Beanstalk Application name" +} + +output "elastic_beanstalk_application_description" { + value = module.elastic_beanstalk_application.application_description + description = "Elastic Beanstalk Application description" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/providers.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/providers.tf new file mode 100644 index 0000000000..5ff54f0d65 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/providers.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = var.region +} \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/variables.tf new file mode 100644 index 0000000000..12af1d64c6 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/variables.tf @@ -0,0 +1,11 @@ +variable "region" { + description = "AWS Region." + type = string + default = "us-east-1" +} + +variable "application_description" { + description = "Short description of the application." + type = string + default = "Beanstalk Application" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/versions.tf new file mode 100644 index 0000000000..af1be4a4e1 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/example/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.3.0" + } + } + required_version = ">= 1.1.4" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/main.tf new file mode 100644 index 0000000000..909d6fca4d --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/main.tf @@ -0,0 +1,21 @@ +locals { + tags = { + "Name" = "${var.application_name}" + "Environment" = "${var.application_name}" + } +} + +resource "aws_elastic_beanstalk_application" "application" { + name = var.application_name + description = var.application_description + tags = local.tags + + dynamic "appversion_lifecycle" { + for_each = var.appversion_lifecycle_service_role_arn != "" ? ["true"] : [] + content { + service_role = var.appversion_lifecycle_service_role_arn + max_count = var.appversion_lifecycle_max_count + delete_source_from_s3 = var.appversion_lifecycle_delete_source_from_s3 + } + } +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/output.tf new file mode 100644 index 0000000000..ce7f978e53 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/output.tf @@ -0,0 +1,7 @@ +output "application_name" { + value = aws_elastic_beanstalk_application.application.name +} + +output "application_description" { + value = aws_elastic_beanstalk_application.application.description +} \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/variables.tf new file mode 100644 index 0000000000..38090c99b5 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/variables.tf @@ -0,0 +1,29 @@ +variable "application_description" { + description = "Short description of the application." + type = string + default = "Beanstalk Application" +} + +variable "application_name" { + description = "The name of the application, must be unique within account." + type = string + default = "Beanstalk" +} + +variable "appversion_lifecycle_service_role_arn" { + description = "The service role ARN to use for application version cleanup. If left empty, the `appversion_lifecycle` block will not be created." + type = string + default = "" +} + +variable "appversion_lifecycle_max_count" { + description = "The max number of application versions to keep." + type = number + default = 2 +} + +variable "appversion_lifecycle_delete_source_from_s3" { + description = "Whether to delete application versions from S3 source." + type = bool + default = false +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/versions.tf new file mode 100644 index 0000000000..66b9c17f9b --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-application/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.3.0" + } + } + required_version = ">= 1.1.4" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md new file mode 100644 index 0000000000..f3bc3e23ec --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/README.md @@ -0,0 +1,106 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.1.4 | +| [aws](#requirement\_aws) | ~> 4.3.0 | +| [vault](#requirement\_vault) | >= 3.2.1 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 4.3.0 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_elastic_beanstalk_environment.environment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elastic_beanstalk_environment) | resource | +| [aws_iam_instance_profile.ec2_iam_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_role.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.ecr_readonly](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.enhanced_health](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.multicontainer_docker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.ssm_automation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.ssm_ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.web_tier](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.worker_tier](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_internet_gateway.internet_gateway](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/internet_gateway) | resource | +| [aws_route.route](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route) | resource | +| [aws_ssm_activation.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_activation) | resource | +| [aws_subnet.subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet) | resource | +| [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | +| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.service](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [application\_description](#input\_application\_description) | Short description of the application. | `string` | `"Beanstalk Application"` | no | +| [application\_name](#input\_application\_name) | The name of the application, must be unique within account. | `string` | `"Beanstalk"` | no | +| [appversion\_lifecycle\_delete\_source\_from\_s3](#input\_appversion\_lifecycle\_delete\_source\_from\_s3) | Whether to delete application versions from S3 source | `bool` | `false` | no | +| [appversion\_lifecycle\_max\_count](#input\_appversion\_lifecycle\_max\_count) | The max number of application versions to keep | `number` | `2` | no | +| [appversion\_lifecycle\_service\_role\_arn](#input\_appversion\_lifecycle\_service\_role\_arn) | The service role ARN to use for application version cleanup. If left empty, the `appversion_lifecycle` block will not be created. | `string` | `""` | no | +| [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate public IP addresses to the instances. | `bool` | `true` | no | +| [autoscaling\_asg\_maxsize](#input\_autoscaling\_asg\_maxsize) | Maximum instances to launch | `number` | `2` | no | +| [autoscaling\_asg\_minsize](#input\_autoscaling\_asg\_minsize) | Minumum instances to launch | `number` | `1` | no | +| [autoscaling\_trigger\_lower\_breach\_scale\_increment](#input\_autoscaling\_trigger\_lower\_breach\_scale\_increment) | How many Amazon EC2 instances to remove when performing a scaling activity. | `number` | `-1` | no | +| [autoscaling\_trigger\_lower\_threshold](#input\_autoscaling\_trigger\_lower\_threshold) | Minimum level of autoscale metric to remove an instance | `number` | `20` | no | +| [autoscaling\_trigger\_measure\_name](#input\_autoscaling\_trigger\_measure\_name) | Metric used for your Auto Scaling trigger | `string` | `"CPUUtilization"` | no | +| [autoscaling\_trigger\_statistic](#input\_autoscaling\_trigger\_statistic) | Statistic the trigger should use, such as Average | `string` | `"Average"` | no | +| [autoscaling\_trigger\_unit](#input\_autoscaling\_trigger\_unit) | Unit for the trigger measurement, such as Bytes | `string` | `"Percent"` | no | +| [autoscaling\_trigger\_upper\_breach\_scale\_increment](#input\_autoscaling\_trigger\_upper\_breach\_scale\_increment) | How many Amazon EC2 instances to add when performing a scaling activity | `number` | `1` | no | +| [autoscaling\_trigger\_upper\_threshold](#input\_autoscaling\_trigger\_upper\_threshold) | Maximum level of autoscale metric to add an instance | `number` | `80` | no | +| [cloudwatch\_logs\_delete\_on\_terminate](#input\_cloudwatch\_logs\_delete\_on\_terminate) | Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days | `bool` | `true` | no | +| [cloudwatch\_logs\_health\_delete\_on\_terminate](#input\_cloudwatch\_logs\_health\_delete\_on\_terminate) | Whether to delete the log group when the environment is terminated. If false, the health data is kept RetentionInDays days. | `bool` | `true` | no | +| [cloudwatch\_logs\_health\_health\_streaming\_enabled](#input\_cloudwatch\_logs\_health\_health\_streaming\_enabled) | For environments with enhanced health reporting enabled, whether to create a group in CloudWatch Logs for environment health and archive Elastic Beanstalk environment health data. For information about enabling enhanced health, see aws:elasticbeanstalk:healthreporting:system. | `bool` | `true` | no | +| [cloudwatch\_logs\_health\_retention\_in\_days](#input\_cloudwatch\_logs\_health\_retention\_in\_days) | The number of days to keep the archived health data before it expires. | `number` | `3` | no | +| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | The number of days to keep log events before they expire. | `number` | `3` | no | +| [cloudwatch\_logs\_stream\_logs](#input\_cloudwatch\_logs\_stream\_logs) | Whether to create groups in CloudWatch Logs for proxy and deployment logs, and stream logs from each instance in your environment | `bool` | `true` | no | +| [default\_listener\_enabled](#input\_default\_listener\_enabled) | Set to false to disable the listener. You can use this option to disable the default listener on port 80. | `bool` | `true` | no | +| [elb\_scheme](#input\_elb\_scheme) | Specify `internal` if you want to create an internal load balancer in your Amazon VPC so that your Elastic Beanstalk application cannot be accessed from outside your Amazon VPC. | `string` | `"public"` | no | +| [environment\_application](#input\_environment\_application) | The name of the application, must be unique within account. | `string` | `"Beanstalk Application"` | no | +| [environment\_description](#input\_environment\_description) | Short description of the environment. | `string` | `"Beanstalk Environment"` | no | +| [environment\_loadbalancer\_type](#input\_environment\_loadbalancer\_type) | Load Balancer type, e.g. 'application' or 'classic'. | `string` | `"network"` | no | +| [environment\_name](#input\_environment\_name) | A unique name for this Environment. This name is used in the application URL. | `string` | `"Beanstalk-env"` | no | +| [environment\_process\_default\_healthcheck\_interval](#input\_environment\_process\_default\_healthcheck\_interval) | The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application. | `number` | `10` | no | +| [environment\_process\_default\_healthy\_threshold\_count](#input\_environment\_process\_default\_healthy\_threshold\_count) | The number of consecutive successful requests before Elastic Load Balancing changes the instance health status. | `number` | `3` | no | +| [environment\_process\_default\_port](#input\_environment\_process\_default\_port) | Port application is listening on. | `number` | `5000` | no | +| [environment\_process\_default\_unhealthy\_threshold\_count](#input\_environment\_process\_default\_unhealthy\_threshold\_count) | The number of consecutive unsuccessful requests before Elastic Load Balancing changes the instance health status. | `number` | `3` | no | +| [environment\_solution\_stack\_name](#input\_environment\_solution\_stack\_name) | A solution stack to base your environment off of. | `string` | `"64bit Amazon Linux 2 v3.3.11 running Python 3.8"` | no | +| [environment\_tier](#input\_environment\_tier) | The environment tier specified. | `string` | `"WebServer"` | no | +| [environment\_type](#input\_environment\_type) | Environment type, e.g. 'LoadBalanced' or 'SingleInstance'. If setting to 'SingleInstance', `rolling_update_type` must be set to 'Time', `updating_min_in_service` must be set to 0, and `loadbalancer_subnets` will be unused (it applies to the ELB, which does not exist in SingleInstance environments). | `string` | `"LoadBalanced"` | no | +| [environment\_variables](#input\_environment\_variables) | Map of custom ENV variables to be provided to the application. | `map(string)` | `{}` | no | +| [environment\_version\_label](#input\_environment\_version\_label) | The name of the Elastic Beanstalk Application Version to use in deployment. | `string` | `""` | no | +| [environment\_wait\_for\_ready\_timeout](#input\_environment\_wait\_for\_ready\_timeout) | The maximum duration to wait for the Elastic Beanstalk Environment to be in a ready state before timing out | `string` | `"20m"` | no | +| [healthreporting\_system\_type](#input\_healthreporting\_system\_type) | Whether to enable enhanced health reporting for this environment | `string` | `"enhanced"` | no | +| [hostmanager\_log\_publication\_control](#input\_hostmanager\_log\_publication\_control) | Copy the log files for your application's Amazon EC2 instances to the Amazon S3 bucket associated with your application | `bool` | `true` | no | +| [instances\_instance\_types](#input\_instances\_instance\_types) | Instances type | `string` | `"t3.medium"` | no | +| [managedactions\_managed\_actions\_enabled](#input\_managedactions\_managed\_actions\_enabled) | Enable managed platform updates. When you set this to true, you must also specify a `PreferredStartTime` and `UpdateLevel` | `bool` | `true` | no | +| [managedactions\_platformupdate\_instance\_refresh\_enabled](#input\_managedactions\_platformupdate\_instance\_refresh\_enabled) | Enable weekly instance replacement. | `bool` | `true` | no | +| [managedactions\_platformupdate\_update\_level](#input\_managedactions\_platformupdate\_update\_level) | The highest level of update to apply with managed platform updates | `string` | `"minor"` | no | +| [managedactions\_preferred\_start\_time](#input\_managedactions\_preferred\_start\_time) | Configure a maintenance window for managed actions in UTC | `string` | `"Sun:10:00"` | no | +| [subnet\_availability\_zone](#input\_subnet\_availability\_zone) | AWS availability zone | `string` | `"us-east-1a"` | no | +| [vpc\_cidr\_block](#input\_vpc\_cidr\_block) | The CIDR block for the association. | `string` | `"192.168.0.0/24"` | no | +| [vpc\_enable\_dns\_hostnames](#input\_vpc\_enable\_dns\_hostnames) | Whether or not the VPC has DNS hostname support. | `bool` | `true` | no | +| [vpc\_enable\_dns\_support](#input\_vpc\_enable\_dns\_support) | Whether or not the VPC has DNS support. | `bool` | `true` | no | +| [vpc\_instance\_tenancy](#input\_vpc\_instance\_tenancy) | The allowed tenancy of instances launched into the selected VPC. | `string` | `"default"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [environment\_cname](#output\_environment\_cname) | n/a | +| [environment\_name](#output\_environment\_name) | n/a | + \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf new file mode 100644 index 0000000000..c6fcbf858b --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/main.tf @@ -0,0 +1,12 @@ +module "elastic_beanstalk_application" { + source = "../../terraform-aws-elastic-beanstalk-application" + application_description = "FD.io CSIT Results Dashboard" + application_name = "fdio-csit-dash-app" +} + +module "elastic_beanstalk_environment" { + source = "../" + environment_application = module.elastic_beanstalk_application.application_name + environment_description = module.elastic_beanstalk_application.application_description + environment_name = "fdio-csit-dash-env" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf new file mode 100644 index 0000000000..290e2a1c5a --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/output.tf @@ -0,0 +1,9 @@ +output "elastic_beanstalk_application_name" { + value = module.elastic_beanstalk_application.application_name + description = "Elastic Beanstalk Application name" +} + +output "elastic_beanstalk_application_description" { + value = module.elastic_beanstalk_application.application_description + description = "Elastic Beanstalk Application description" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf new file mode 100644 index 0000000000..5ff54f0d65 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/providers.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = var.region +} \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf new file mode 100644 index 0000000000..3c07178e06 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/variables.tf @@ -0,0 +1,23 @@ +variable "region" { + description = "AWS Region." + type = string + default = "us-east-1" +} + +variable "environment_application" { + description = "The name of the application, must be unique within account." + type = string + default = "Beanstalk Application" +} + +variable "application_description" { + description = "Short description of the application." + type = string + default = "Beanstalk Application" +} + +variable "application_name" { + description = "The name of the application, must be unique within account." + type = string + default = "Beanstalk" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf new file mode 100644 index 0000000000..af1be4a4e1 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/example/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.3.0" + } + } + required_version = ">= 1.1.4" +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf new file mode 100644 index 0000000000..7fbf50c711 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/main.tf @@ -0,0 +1,567 @@ +locals { + tags = { + "Name" = "${var.application_name}" + "Environment" = "${var.application_name}" + } +} + +# Create elastic beanstalk VPC +resource "aws_vpc" "vpc" { + assign_generated_ipv6_cidr_block = true + cidr_block = var.vpc_cidr_block + enable_dns_hostnames = var.vpc_enable_dns_hostnames + enable_dns_support = var.vpc_enable_dns_support + instance_tenancy = var.vpc_instance_tenancy + tags = local.tags +} + +# Create elastic beanstalk Subnets +resource "aws_subnet" "subnet" { + depends_on = [ + aws_vpc.vpc + ] + availability_zone = var.subnet_availability_zone + assign_ipv6_address_on_creation = true + cidr_block = aws_vpc.vpc.cidr_block + ipv6_cidr_block = cidrsubnet(aws_vpc.vpc.ipv6_cidr_block, 8, 1) + map_public_ip_on_launch = true + vpc_id = aws_vpc.vpc.id + tags = local.tags +} + +resource "aws_internet_gateway" "internet_gateway" { + depends_on = [ + aws_vpc.vpc + ] + vpc_id = aws_vpc.vpc.id + tags = local.tags +} + +resource "aws_route" "route" { + depends_on = [ + aws_vpc.vpc, + aws_internet_gateway.internet_gateway + ] + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.internet_gateway.id + route_table_id = aws_vpc.vpc.main_route_table_id +} + +# Create elastic beanstalk IAM mapping +data "aws_iam_policy_document" "service" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["elasticbeanstalk.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "service" { + assume_role_policy = data.aws_iam_policy_document.service.json + name = "${var.application_name}-eb-service" +} + +resource "aws_iam_role_policy_attachment" "enhanced_health" { + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth" + role = aws_iam_role.service.name +} + +resource "aws_iam_role_policy_attachment" "service" { + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService" + role = aws_iam_role.service.name +} + +data "aws_iam_policy_document" "ec2" { + statement { + actions = [ + "sts:AssumeRole" + ] + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + effect = "Allow" + } + statement { + actions = [ + "sts:AssumeRole", + ] + principals { + type = "Service" + identifiers = ["ssm.amazonaws.com"] + } + effect = "Allow" + } +} + +resource "aws_iam_role" "ec2" { + assume_role_policy = data.aws_iam_policy_document.ec2.json + name = "${var.application_name}-eb-ec2" +} + +resource "aws_iam_instance_profile" "ec2_iam_instance_profile" { + name = "${var.application_name}-iam-instance-profile" + role = aws_iam_role.ec2.name +} + +resource "aws_iam_role_policy_attachment" "multicontainer_docker" { + policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker" + role = aws_iam_role.ec2.name +} + +resource "aws_iam_role_policy_attachment" "web_tier" { + policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier" + role = aws_iam_role.ec2.name +} + +resource "aws_iam_role_policy_attachment" "worker_tier" { + policy_arn = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier" + role = aws_iam_role.ec2.name +} + +resource "aws_iam_role_policy_attachment" "ssm_automation" { + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole" + role = aws_iam_role.ec2.name +} + +resource "aws_iam_role_policy_attachment" "ssm_ec2" { + policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + role = aws_iam_role.ec2.name +} + +resource "aws_iam_role_policy_attachment" "ecr_readonly" { + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + role = aws_iam_role.ec2.name +} + +resource "aws_ssm_activation" "ec2" { + depends_on = [ + aws_iam_role.ec2, + aws_iam_role_policy_attachment.ssm_ec2 + ] + name = "${var.application_name}-ec2-activation" + iam_role = aws_iam_role.ec2.id + registration_limit = 3 +} + +data "aws_iam_policy_document" "default" { + statement { + actions = [ + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetHealth", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:GetConsoleOutput", + "ec2:AssociateAddress", + "ec2:DescribeAddresses", + "ec2:DescribeSecurityGroups", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeNotificationConfigurations", + ] + resources = ["*"] + effect = "Allow" + } + + statement { + sid = "AllowOperations" + actions = [ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteScheduledAction", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLoadBalancers", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeScheduledActions", + "autoscaling:DetachInstances", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:ResumeProcesses", + "autoscaling:SetDesiredCapacity", + "autoscaling:SetInstanceProtection", + "autoscaling:SuspendProcesses", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "cloudwatch:PutMetricAlarm", + "ec2:AssociateAddress", + "ec2:AllocateAddress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:TerminateInstances", + "ecs:CreateCluster", + "ecs:DeleteCluster", + "ecs:DescribeClusters", + "ecs:RegisterTaskDefinition", + "elasticbeanstalk:*", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets", + "iam:ListRoles", + "iam:PassRole", + "logs:CreateLogGroup", + "logs:PutRetentionPolicy", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeOrderableDBInstanceOptions", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:ListBucket", + "sns:CreateTopic", + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic", + "sns:Subscribe", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "codebuild:CreateProject", + "codebuild:DeleteProject", + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + ] + resources = ["*"] + effect = "Allow" + } + + statement { + sid = "AllowS3OperationsOnElasticBeanstalkBuckets" + actions = [ + "s3:*" + ] + resources = [ + "arn:aws:s3:::*" + ] + effect = "Allow" + } + + statement { + sid = "AllowDeleteCloudwatchLogGroups" + actions = [ + "logs:DeleteLogGroup" + ] + resources = [ + "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" + ] + effect = "Allow" + } + + statement { + sid = "AllowCloudformationOperationsOnElasticBeanstalkStacks" + actions = [ + "cloudformation:*" + ] + resources = [ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + effect = "Allow" + } +} + +resource "aws_iam_role_policy" "default" { + depends_on = [ + aws_iam_role.ec2 + ] + name = "${var.application_name}-eb-default" + policy = data.aws_iam_policy_document.default.json + role = aws_iam_role.ec2.id +} + +# Create elastic beanstalk Environment +resource "aws_elastic_beanstalk_environment" "environment" { + depends_on = [ + aws_vpc.vpc, + aws_subnet.subnet, + aws_ssm_activation.ec2 + ] + application = var.environment_application + description = var.environment_description + name = var.environment_name + solution_stack_name = var.environment_solution_stack_name + tier = var.environment_tier + wait_for_ready_timeout = var.environment_wait_for_ready_timeout + version_label = var.environment_version_label + tags = local.tags + + # aws:ec2:instances + setting { + namespace = "aws:ec2:instances" + name = "InstanceTypes" + value = var.instances_instance_types + } + + # aws:ec2:vpc + setting { + namespace = "aws:ec2:vpc" + name = "VPCId" + value = aws_vpc.vpc.id + } + + setting { + namespace = "aws:ec2:vpc" + name = "Subnets" + value = aws_subnet.subnet.id + } + + setting { + namespace = "aws:ec2:vpc" + name = "ELBSubnets" + value = aws_subnet.subnet.id + } + + setting { + namespace = "aws:ec2:vpc" + name = "ELBScheme" + value = var.environment_type == "LoadBalanced" ? var.elb_scheme : "" + } + + setting { + namespace = "aws:ec2:vpc" + name = "AssociatePublicIpAddress" + value = var.associate_public_ip_address + } + + setting { + namespace = "aws:elasticbeanstalk:application" + name = "Application Healthcheck URL" + value = "/" + } + + # aws:elbv2:listener:default + setting { + namespace = "aws:elbv2:listener:default" + name = "ListenerEnabled" + value = var.default_listener_enabled + } + + # aws:elasticbeanstalk:environment + setting { + namespace = "aws:elasticbeanstalk:environment" + name = "LoadBalancerType" + value = var.environment_loadbalancer_type + } + + setting { + namespace = "aws:elasticbeanstalk:environment" + name = "ServiceRole" + value = aws_iam_role.service.name + } + + # aws:elasticbeanstalk:environment:process:default + setting { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthCheckInterval" + value = var.environment_process_default_healthcheck_interval + } + + setting { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "HealthyThresholdCount" + value = var.environment_process_default_healthy_threshold_count + } + + setting { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Port" + value = var.environment_process_default_port + } + + setting { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "Protocol" + value = var.environment_loadbalancer_type == "network" ? "TCP" : "HTTP" + } + + setting { + namespace = "aws:elasticbeanstalk:environment:process:default" + name = "UnhealthyThresholdCount" + value = var.environment_process_default_unhealthy_threshold_count + } + + # aws:autoscaling:launchconfiguration + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "IamInstanceProfile" + value = aws_iam_instance_profile.ec2_iam_instance_profile.name + } + + # aws:elasticbeanstalk:healthreporting:system + setting { + namespace = "aws:elasticbeanstalk:healthreporting:system" + name = "SystemType" + value = var.healthreporting_system_type + } + + # aws:elasticbeanstalk:managedactions + setting { + namespace = "aws:elasticbeanstalk:managedactions" + name = "ManagedActionsEnabled" + value = var.managedactions_managed_actions_enabled ? "true" : "false" + } + + setting { + namespace = "aws:elasticbeanstalk:managedactions" + name = "PreferredStartTime" + value = var.managedactions_preferred_start_time + } + + # aws:elasticbeanstalk:managedactions:platformupdate + setting { + namespace = "aws:elasticbeanstalk:managedactions:platformupdate" + name = "UpdateLevel" + value = var.managedactions_platformupdate_update_level + } + + setting { + namespace = "aws:elasticbeanstalk:managedactions:platformupdate" + name = "InstanceRefreshEnabled" + value = var.managedactions_platformupdate_instance_refresh_enabled + } + + # aws:autoscaling:asg + setting { + namespace = "aws:autoscaling:asg" + name = "MinSize" + value = var.autoscaling_asg_minsize + } + setting { + namespace = "aws:autoscaling:asg" + name = "MaxSize" + value = var.autoscaling_asg_maxsize + } + + # aws:autoscaling:trigger + setting { + namespace = "aws:autoscaling:trigger" + name = "MeasureName" + value = var.autoscaling_trigger_measure_name + } + + setting { + namespace = "aws:autoscaling:trigger" + name = "Statistic" + value = var.autoscaling_trigger_statistic + } + + setting { + namespace = "aws:autoscaling:trigger" + name = "Unit" + value = var.autoscaling_trigger_unit + } + + setting { + namespace = "aws:autoscaling:trigger" + name = "LowerThreshold" + value = var.autoscaling_trigger_lower_threshold + } + + setting { + namespace = "aws:autoscaling:trigger" + name = "LowerBreachScaleIncrement" + value = var.autoscaling_trigger_lower_breach_scale_increment + } + + setting { + namespace = "aws:autoscaling:trigger" + name = "UpperThreshold" + value = var.autoscaling_trigger_upper_threshold + } + + setting { + namespace = "aws:autoscaling:trigger" + name = "UpperBreachScaleIncrement" + value = var.autoscaling_trigger_upper_breach_scale_increment + } + + # aws:elasticbeanstalk:hostmanager + setting { + namespace = "aws:elasticbeanstalk:hostmanager" + name = "LogPublicationControl" + value = var.hostmanager_log_publication_control ? "true" : "false" + } + + # aws:elasticbeanstalk:cloudwatch:logs + setting { + namespace = "aws:elasticbeanstalk:cloudwatch:logs" + name = "StreamLogs" + value = var.cloudwatch_logs_stream_logs ? "true" : "false" + } + + setting { + namespace = "aws:elasticbeanstalk:cloudwatch:logs" + name = "DeleteOnTerminate" + value = var.cloudwatch_logs_delete_on_terminate ? "true" : "false" + } + + setting { + namespace = "aws:elasticbeanstalk:cloudwatch:logs" + name = "RetentionInDays" + value = var.cloudwatch_logs_retention_in_days + } + + # aws:elasticbeanstalk:cloudwatch:logs:health + setting { + namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" + name = "HealthStreamingEnabled" + value = var.cloudwatch_logs_health_health_streaming_enabled ? "true" : "false" + } + + setting { + namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" + name = "DeleteOnTerminate" + value = var.cloudwatch_logs_health_delete_on_terminate ? "true" : "false" + } + + setting { + namespace = "aws:elasticbeanstalk:cloudwatch:logs:health" + name = "RetentionInDays" + value = var.cloudwatch_logs_health_retention_in_days + } + + # aws:elasticbeanstalk:application:environment + dynamic "setting" { + for_each = var.environment_variables + content { + namespace = "aws:elasticbeanstalk:application:environment" + name = setting.key + value = setting.value + } + } +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf new file mode 100644 index 0000000000..de7cdae87b --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/output.tf @@ -0,0 +1,7 @@ +output "environment_cname" { + value = aws_elastic_beanstalk_environment.environment.cname +} + +output "environment_name" { + value = aws_elastic_beanstalk_environment.environment.name +} \ No newline at end of file diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf new file mode 100644 index 0000000000..c2a1ea3cf7 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/variables.tf @@ -0,0 +1,311 @@ +# Variables for elastic beanstalk VPC +variable "vpc_cidr_block" { + description = "The CIDR block for the association." + type = string + default = "192.168.0.0/24" +} + +variable "vpc_enable_dns_hostnames" { + description = "Whether or not the VPC has DNS hostname support." + type = bool + default = true +} + +variable "vpc_enable_dns_support" { + description = "Whether or not the VPC has DNS support." + type = bool + default = true +} + +variable "vpc_instance_tenancy" { + description = "The allowed tenancy of instances launched into the selected VPC." + type = string + default = "default" +} + +# Variables for elastic beanstalk Subnet +variable "subnet_availability_zone" { + description = "AWS availability zone" + type = string + default = "us-east-1a" +} + +# Variables for elastic beanstalk Application +variable "environment_application" { + description = "The name of the application, must be unique within account." + type = string + default = "Beanstalk Application" +} + +variable "application_description" { + description = "Short description of the application." + type = string + default = "Beanstalk Application" +} + +variable "application_name" { + description = "The name of the application, must be unique within account." + type = string + default = "Beanstalk" +} + +variable "appversion_lifecycle_service_role_arn" { + description = "The service role ARN to use for application version cleanup. If left empty, the `appversion_lifecycle` block will not be created." + type = string + default = "" +} + +variable "appversion_lifecycle_max_count" { + description = "The max number of application versions to keep" + type = number + default = 2 +} + +variable "appversion_lifecycle_delete_source_from_s3" { + description = "Whether to delete application versions from S3 source" + type = bool + default = false +} + +# Variables for elastic beanstalk Environment +variable "environment_description" { + description = "Short description of the environment." + type = string + default = "Beanstalk Environment" +} + +variable "environment_name" { + description = "A unique name for this Environment. This name is used in the application URL." + type = string + default = "Beanstalk-env" +} + +variable "environment_solution_stack_name" { + description = "A solution stack to base your environment off of." + type = string + default = "64bit Amazon Linux 2 v3.3.11 running Python 3.8" +} + +variable "environment_tier" { + description = "The environment tier specified." + type = string + default = "WebServer" +} + +variable "environment_wait_for_ready_timeout" { + description = "The maximum duration to wait for the Elastic Beanstalk Environment to be in a ready state before timing out" + type = string + default = "20m" +} + +variable "environment_version_label" { + description = "The name of the Elastic Beanstalk Application Version to use in deployment." + type = string + default = "" +} + +# aws:ec2:instances +variable "instances_instance_types" { + description = "Instances type" + type = string + default = "t3.medium" +} + +# aws:ec2:vpc +variable "associate_public_ip_address" { + description = "Whether to associate public IP addresses to the instances." + type = bool + default = true +} + +variable "elb_scheme" { + description = "Specify `internal` if you want to create an internal load balancer in your Amazon VPC so that your Elastic Beanstalk application cannot be accessed from outside your Amazon VPC." + type = string + default = "public" +} + +# aws:elbv2:listener:default +variable "default_listener_enabled" { + description = "Set to false to disable the listener. You can use this option to disable the default listener on port 80." + type = bool + default = true +} + +# aws:elasticbeanstalk:environment +variable "environment_loadbalancer_type" { + description = "Load Balancer type, e.g. 'application' or 'classic'." + type = string + default = "network" +} + +# aws:elasticbeanstalk:environment:process:default +variable "environment_process_default_healthcheck_interval" { + description = "The interval of time, in seconds, that Elastic Load Balancing checks the health of the Amazon EC2 instances of your application." + type = number + default = 10 +} + +variable "environment_process_default_healthy_threshold_count" { + description = "The number of consecutive successful requests before Elastic Load Balancing changes the instance health status." + type = number + default = 3 +} + +variable "environment_process_default_port" { + description = "Port application is listening on." + type = number + default = 5000 +} + +variable "environment_process_default_unhealthy_threshold_count" { + description = "The number of consecutive unsuccessful requests before Elastic Load Balancing changes the instance health status." + type = number + default = 3 +} + +# aws:elasticbeanstalk:healthreporting:system +variable "healthreporting_system_type" { + description = "Whether to enable enhanced health reporting for this environment" + type = string + default = "enhanced" +} + +# aws:elasticbeanstalk:managedactions +variable "managedactions_managed_actions_enabled" { + description = "Enable managed platform updates. When you set this to true, you must also specify a `PreferredStartTime` and `UpdateLevel`" + type = bool + default = true +} + +variable "managedactions_preferred_start_time" { + description = "Configure a maintenance window for managed actions in UTC" + type = string + default = "Sun:10:00" +} + +# aws:elasticbeanstalk:managedactions:platformupdate +variable "managedactions_platformupdate_update_level" { + description = "The highest level of update to apply with managed platform updates" + type = string + default = "minor" +} + +variable "managedactions_platformupdate_instance_refresh_enabled" { + description = "Enable weekly instance replacement." + type = bool + default = true +} + +# aws:autoscaling:asg +variable "autoscaling_asg_minsize" { + description = "Minumum instances to launch" + type = number + default = 1 +} + +variable "autoscaling_asg_maxsize" { + description = "Maximum instances to launch" + type = number + default = 2 +} + +# aws:autoscaling:trigger +variable "autoscaling_trigger_measure_name" { + description = "Metric used for your Auto Scaling trigger" + type = string + default = "CPUUtilization" +} + +variable "autoscaling_trigger_statistic" { + description = "Statistic the trigger should use, such as Average" + type = string + default = "Average" +} + +variable "autoscaling_trigger_unit" { + description = "Unit for the trigger measurement, such as Bytes" + type = string + default = "Percent" +} + +variable "autoscaling_trigger_lower_threshold" { + description = "Minimum level of autoscale metric to remove an instance" + type = number + default = 20 +} + +variable "autoscaling_trigger_lower_breach_scale_increment" { + description = "How many Amazon EC2 instances to remove when performing a scaling activity." + type = number + default = -1 +} + +variable "autoscaling_trigger_upper_threshold" { + description = "Maximum level of autoscale metric to add an instance" + type = number + default = 80 +} + +variable "autoscaling_trigger_upper_breach_scale_increment" { + description = "How many Amazon EC2 instances to add when performing a scaling activity" + type = number + default = 1 +} + +# aws:elasticbeanstalk:hostmanager +variable "hostmanager_log_publication_control" { + description = "Copy the log files for your application's Amazon EC2 instances to the Amazon S3 bucket associated with your application" + type = bool + default = true +} + +# aws:elasticbeanstalk:cloudwatch:logs +variable "cloudwatch_logs_stream_logs" { + description = "Whether to create groups in CloudWatch Logs for proxy and deployment logs, and stream logs from each instance in your environment" + type = bool + default = true +} + +variable "cloudwatch_logs_delete_on_terminate" { + description = "Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days" + type = bool + default = true +} + +variable "cloudwatch_logs_retention_in_days" { + description = "The number of days to keep log events before they expire." + type = number + default = 3 +} + +# aws:elasticbeanstalk:cloudwatch:logs:health +variable "cloudwatch_logs_health_health_streaming_enabled" { + description = "For environments with enhanced health reporting enabled, whether to create a group in CloudWatch Logs for environment health and archive Elastic Beanstalk environment health data. For information about enabling enhanced health, see aws:elasticbeanstalk:healthreporting:system." + type = bool + default = true +} + +variable "cloudwatch_logs_health_delete_on_terminate" { + description = "Whether to delete the log group when the environment is terminated. If false, the health data is kept RetentionInDays days." + type = bool + default = true +} + +variable "cloudwatch_logs_health_retention_in_days" { + description = "The number of days to keep the archived health data before it expires." + type = number + default = 3 +} + +variable "environment_type" { + description = "Environment type, e.g. 'LoadBalanced' or 'SingleInstance'. If setting to 'SingleInstance', `rolling_update_type` must be set to 'Time', `updating_min_in_service` must be set to 0, and `loadbalancer_subnets` will be unused (it applies to the ELB, which does not exist in SingleInstance environments)." + type = string + default = "LoadBalanced" +} + +# aws:elasticbeanstalk:application:environment +variable "environment_variables" { + description = "Map of custom ENV variables to be provided to the application." + type = map(string) + default = {} +} diff --git a/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf new file mode 100644 index 0000000000..d0e9db34f5 --- /dev/null +++ b/fdio.infra.terraform/terraform-aws-elastic-beanstalk-environment/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.3.0" + } + vault = { + version = ">= 3.2.1" + } + } + required_version = ">= 1.1.4" +} diff --git a/resources/tools/dash/app/app.ini b/resources/tools/dash/app/app.ini index 0df9d8366e..bff7c12c89 100644 --- a/resources/tools/dash/app/app.ini +++ b/resources/tools/dash/app/app.ini @@ -5,7 +5,7 @@ ini = :pal module = wsgi:app processes = 2 -threads = 2 +threads = 4 plugin = python3 master = true -- cgit 1.2.3-korg