diff --git a/aws_amplify/main.tf b/aws_amplify/main.tf new file mode 100644 index 0000000..d4e71ff --- /dev/null +++ b/aws_amplify/main.tf @@ -0,0 +1,39 @@ +resource "aws_amplify_app" "this" { + name = var.app_name + repository = var.repository + platform = "WEB_COMPUTE" + access_token = var.access_token + build_spec = var.build_spec + + dynamic "custom_rule" { + for_each = var.custom_rules + content { + source = custom_rule.value.source + status = custom_rule.value.status + target = custom_rule.value.target + condition = custom_rule.value.condition + } + } + + environment_variables = var.environment_variables +} + +resource "aws_amplify_branch" "this" { + app_id = aws_amplify_app.this.id + branch_name = var.branch_name + framework = var.framework + stage = var.stage + enable_auto_build = true + +} + +resource "aws_amplify_domain_association" "this" { + app_id = aws_amplify_app.this.id + domain_name = var.domain_name + wait_for_verification = false + + sub_domain { + branch_name = aws_amplify_branch.this.branch_name + prefix = var.dns_prefix_branch + } +} diff --git a/aws_amplify/outputs.tf b/aws_amplify/outputs.tf new file mode 100644 index 0000000..8397f22 --- /dev/null +++ b/aws_amplify/outputs.tf @@ -0,0 +1,14 @@ +output "frontend_default_domain" { + description = "Default domain for the Amplify app" + value = aws_amplify_app.this.default_domain +} + +output "frontend_certificate_verification_dns_record" { + description = "The DNS record for certificate verification" + value = aws_amplify_domain_association.this.certificate_verification_dns_record +} + +output "cloudfront_dns_record" { + description = "DNS record for domain" + value = aws_amplify_domain_association.this.sub_domain[*].dns_record +} diff --git a/aws_amplify/variables.tf b/aws_amplify/variables.tf new file mode 100644 index 0000000..427da2f --- /dev/null +++ b/aws_amplify/variables.tf @@ -0,0 +1,64 @@ +variable "region" { + description = "AWS Region" + type = string +} + +variable "access_token" { + description = "Personal access token for repository" + type = string +} + +variable "repository" { + description = "Repository for an Amplify app" + type = string +} + +variable "app_name" { + description = "Name for an Amplify app" + type = string +} + +variable "branch_name" { + description = "Branch name for the production branch" + type = string +} + +variable "framework" { + description = "Framework for the autocreated branch" + type = string +} + +variable "stage" { + description = "Current stage for the created branch. PRODUCTION, BETA, DEVELOPMENT, EXPERIMENTAL, PULL_REQUEST" + type = string +} + +variable "environment_variables" { + description = "Environment variables map for an Amplify app" + type = map(string) +} + +variable "domain_name" { + description = "Domain name for the domain association" + type = string +} + +variable "dns_prefix_branch" { + description = "Prefix setting for the subdomain" + type = string +} + +variable "build_spec" { + description = "The build specification for an Amplify app" + type = string +} + +variable "custom_rules" { + description = "Rewrite or redirect rule" + type = list(object({ + source = string + status = string + target = string + condition = string + })) +} diff --git a/aws_certificate_manager/main.tf b/aws_certificate_manager/main.tf new file mode 100644 index 0000000..782a317 --- /dev/null +++ b/aws_certificate_manager/main.tf @@ -0,0 +1,15 @@ +resource "aws_acm_certificate" "cert" { + domain_name = var.domain_name + validation_method = var.validation_method + + tags = { + Name = "${var.project_name}-${var.env}-cert" + Project = var.project_name + Environment = var.env + Terraform = true + } + + lifecycle { + create_before_destroy = true + } +} diff --git a/aws_certificate_manager/outputs.tf b/aws_certificate_manager/outputs.tf new file mode 100644 index 0000000..4f1b96f --- /dev/null +++ b/aws_certificate_manager/outputs.tf @@ -0,0 +1,11 @@ +output "domain_name" { + value = aws_acm_certificate.cert.domain_name +} + +output "certificate_arn" { + value = aws_acm_certificate.cert.arn +} + +output "domain_validation_options" { + value = aws_acm_certificate.cert.domain_validation_options +} diff --git a/aws_certificate_manager/variables.tf b/aws_certificate_manager/variables.tf new file mode 100644 index 0000000..8842280 --- /dev/null +++ b/aws_certificate_manager/variables.tf @@ -0,0 +1,18 @@ +variable "project_name" { + type = string +} + +variable "env" { + type = string +} + +variable "validation_method" { + description = "Which method to use for validation. DNS or EMAIL" + type = string + default = "DNS" +} + +variable "domain_name" { + description = "Domain name for which the certificate should be issued" + type = string +} diff --git a/aws_ecr/main.tf b/aws_ecr/main.tf new file mode 100644 index 0000000..694e7aa --- /dev/null +++ b/aws_ecr/main.tf @@ -0,0 +1,18 @@ +resource "aws_ecr_repository" "service" { + force_delete = var.force_delete + image_tag_mutability = var.image_tag_mutability + name = "${var.project_name}-${var.repository_name}" + encryption_configuration { + encryption_type = "AES256" + kms_key = null + } + image_scanning_configuration { + scan_on_push = var.scan_on_push + } + tags = { + Name = "${var.project_name}-${var.repository_name}" + Project = var.project_name + Environment = var.env + Terraform = true + } +} diff --git a/aws_ecr/outputs.tf b/aws_ecr/outputs.tf new file mode 100644 index 0000000..a3c8faa --- /dev/null +++ b/aws_ecr/outputs.tf @@ -0,0 +1,3 @@ +output "repository_url" { + value = aws_ecr_repository.service.repository_url +} diff --git a/aws_ecr/variables.tf b/aws_ecr/variables.tf new file mode 100644 index 0000000..563ba86 --- /dev/null +++ b/aws_ecr/variables.tf @@ -0,0 +1,27 @@ +variable "scan_on_push" { + type = bool + default = false +} + +variable "project_name" { + type = string +} + +variable "env" { + type = string +} + +variable "repository_name" { + type = string +} + +variable "image_tag_mutability" { + type = string + default = "MUTABLE" +} + +variable "force_delete" { + description = "If true, will delete repository with containers" + type = bool + default = false +} diff --git a/aws_ecs_cluster/main.tf b/aws_ecs_cluster/main.tf new file mode 100644 index 0000000..955ec7b --- /dev/null +++ b/aws_ecs_cluster/main.tf @@ -0,0 +1,15 @@ +resource "aws_ecs_cluster" "this" { + name = "${var.project_name}-${var.env}-cluster" + + setting { + name = "containerInsights" + value = "enabled" + } + + tags = { + Name = "${var.project_name}-${var.env}-cluster" + Project = var.project_name + Environment = var.env + Terraform = true + } +} diff --git a/aws_ecs_cluster/outputs.tf b/aws_ecs_cluster/outputs.tf new file mode 100644 index 0000000..b7d8048 --- /dev/null +++ b/aws_ecs_cluster/outputs.tf @@ -0,0 +1,3 @@ +output "ecs_cluster_id" { + value = aws_ecs_cluster.this.id +} diff --git a/aws_ecs_cluster/variable.tf b/aws_ecs_cluster/variable.tf new file mode 100644 index 0000000..d7d50c6 --- /dev/null +++ b/aws_ecs_cluster/variable.tf @@ -0,0 +1,12 @@ +variable "project_name" { + description = "Project name" + validation { + condition = length(var.project_name) > 3 + error_message = "The project_name value must be set and more than 3 symbols." + } +} + +variable "env" { + description = "Project environment" + type = string +} diff --git a/aws_ecs_service/data.tf b/aws_ecs_service/data.tf new file mode 100644 index 0000000..adf8c0d --- /dev/null +++ b/aws_ecs_service/data.tf @@ -0,0 +1 @@ +data "aws_iam_role" "ecs_task_execution_role" { name = "AWSServiceRoleForECS" } diff --git a/aws_ecs_service/main.tf b/aws_ecs_service/main.tf new file mode 100644 index 0000000..a57d8c6 --- /dev/null +++ b/aws_ecs_service/main.tf @@ -0,0 +1,27 @@ +resource "aws_ecs_service" "weway-backend" { + name = var.name + cluster = var.ecs_cluster_id + task_definition = var.ecs_task_definition_arn + launch_type = "FARGATE" + # iam_role = data.aws_iam_role.ecs_task_execution_role.arn + desired_count = var.desired_count + force_new_deployment = var.force_new_deployment + load_balancer { + container_name = var.container_name + container_port = var.container_port + target_group_arn = var.target_group_arns + } + + network_configuration { + security_groups = [aws_security_group.this.id] + subnets = var.public_subnet_ids + assign_public_ip = true + } + + tags = { + Name = "${var.project_name}-${var.env}" + Project = var.project_name + Environment = var.env + Terraform = true + } +} diff --git a/aws_ecs_service/outputs.tf b/aws_ecs_service/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/aws_ecs_service/sg.tf b/aws_ecs_service/sg.tf new file mode 100644 index 0000000..5f3e41b --- /dev/null +++ b/aws_ecs_service/sg.tf @@ -0,0 +1,32 @@ +resource "aws_security_group" "this" { + # description = "Security Group for instance" + name = "${var.project_name}-${var.env}-ecs-container" + vpc_id = var.vpc_id + + tags = { + Name = "${var.project_name}-${var.env}-sg" + Project = var.project_name, + Environment = var.env + Terraform = true + } +} + +resource "aws_security_group_rule" "access_from_vpc" { + security_group_id = aws_security_group.this.id + description = "Allow connecting from VPC" + type = "ingress" + from_port = 0 + to_port = 0 + protocol = "all" + cidr_blocks = [var.cidr_vpc] +} + +resource "aws_security_group_rule" "access_to_anywhere" { + security_group_id = aws_security_group.this.id + description = "Allow outbound traffic" + type = "egress" + from_port = 0 + to_port = 0 + protocol = "all" + cidr_blocks = ["0.0.0.0/0"] +} diff --git a/aws_ecs_service/variables.tf b/aws_ecs_service/variables.tf new file mode 100644 index 0000000..30f0aea --- /dev/null +++ b/aws_ecs_service/variables.tf @@ -0,0 +1,55 @@ +variable "project_name" { + type = string +} + +variable "env" { + description = "env" + type = string +} + +variable "vpc_id" { + description = "VPC for instance" + type = string +} + +variable "cidr_vpc" { + description = "VPC_cidr_block" + type = string +} + +variable "public_subnet_ids" { + type = any +} + +variable "name" { + type = string +} + +variable "desired_count" { + type = number + default = 1 +} + +variable "ecs_cluster_id" { + type = string +} + +variable "ecs_task_definition_arn" { + type = string +} + +variable "force_new_deployment" { + type = bool +} + +variable "container_name" { + type = string +} + +variable "container_port" { + type = string +} + +variable "target_group_arns" { + type = any +} diff --git a/aws_iam_user/main.tf b/aws_iam_user/main.tf new file mode 100644 index 0000000..0b9e10d --- /dev/null +++ b/aws_iam_user/main.tf @@ -0,0 +1,30 @@ +resource "aws_iam_user" "this" { + name = var.username + force_destroy = var.force_destroy + tags = { + Project = var.project_name + Environment = var.env + Terraform = true + } +} + +resource "aws_iam_user_policy" "this_policy" { + name = "ecr-push-policy" + user = aws_iam_user.this.name + + policy = jsonencode({ + Version = "2012-10-17", + Statement = [{ + Effect = "Allow", + Action = [ + "ecr:CompleteLayerUpload", + "ecr:GetAuthorizationToken", + "ecr:UploadLayerPart", + "ecr:InitiateLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage" + ], + Resource = "*" + }] + }) +} diff --git a/aws_iam_user/outputs.tf b/aws_iam_user/outputs.tf new file mode 100644 index 0000000..cd4ca1e --- /dev/null +++ b/aws_iam_user/outputs.tf @@ -0,0 +1,4 @@ +output "aws_iam_user_arn" { + description = "aws_iam_user_arn" + value = aws_iam_user.this.arn +} diff --git a/aws_iam_user/variables.tf b/aws_iam_user/variables.tf new file mode 100644 index 0000000..92d0080 --- /dev/null +++ b/aws_iam_user/variables.tf @@ -0,0 +1,21 @@ +variable "username" { + description = "IAM user name" +} + +variable "force_destroy" { + type = bool + default = false +} + +variable "project_name" { + description = "Project name" + validation { + condition = length(var.project_name) > 3 + error_message = "The project_name value must be set and more than 3 symbols." + } +} + +variable "env" { + description = "env" + type = string +} diff --git a/aws_loadbalancer/main.tf b/aws_loadbalancer/main.tf new file mode 100644 index 0000000..73f59aa --- /dev/null +++ b/aws_loadbalancer/main.tf @@ -0,0 +1,55 @@ +resource "aws_lb" "this" { + name = var.loadbalancer_name + internal = var.internal + load_balancer_type = var.loadbalancer_type + security_groups = [aws_security_group.this.id] + subnets = var.subnet_ids + + tags = { + Name = "${var.project_name}-${var.env}-alb" + Project = var.project_name + Environment = var.env + Terraform = true + } +} + +resource "aws_lb_listener" "this" { + load_balancer_arn = aws_lb.this.arn + protocol = var.listener_protocol + port = var.listener_port + certificate_arn = var.certificate_arn + + default_action { + target_group_arn = aws_lb_target_group.this.arn + type = "forward" + } + + tags = { + Name = "${var.project_name}-${var.env}-listener" + Project = var.project_name + Environment = var.env + Terraform = true + } +} + +resource "aws_lb_listener" "redirect" { + load_balancer_arn = aws_lb.this.arn + protocol = "HTTP" + port = 80 + + default_action { + type = "redirect" + redirect { + status_code = "HTTP_301" + protocol = "HTTPS" + port = 443 + } + } + + tags = { + Name = "${var.project_name}-${var.env}-listener-redirect" + Project = var.project_name + Environment = var.env + Terraform = true + } +} diff --git a/aws_loadbalancer/outputs.tf b/aws_loadbalancer/outputs.tf new file mode 100644 index 0000000..1d4211c --- /dev/null +++ b/aws_loadbalancer/outputs.tf @@ -0,0 +1,9 @@ +output "lb_dns" { + description = "The DNS name of the load balancer" + value = aws_lb.this.dns_name +} + +output "target_group_arn" { + description = "ARN of the Target Group" + value = aws_lb_target_group.this.arn +} diff --git a/aws_loadbalancer/sg.tf b/aws_loadbalancer/sg.tf new file mode 100644 index 0000000..71df732 --- /dev/null +++ b/aws_loadbalancer/sg.tf @@ -0,0 +1,32 @@ +resource "aws_security_group" "this" { + name = "${var.project_name}-${var.env}-alb-sg" + vpc_id = var.vpc_id + + tags = { + Name = "${var.project_name}-${var.env}-sg" + Project = var.project_name, + Environment = var.env + Terraform = true + } +} + +resource "aws_security_group_rule" "access" { + security_group_id = aws_security_group.this.id + type = "ingress" + count = length(var.sg_allow_tcp_ports) + from_port = element(var.sg_allow_tcp_ports, count.index) + to_port = element(var.sg_allow_tcp_ports, count.index) + description = "Allow from internet to tcp port ${element(var.sg_allow_tcp_ports, count.index)}" + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "access_to_anywhere" { + security_group_id = aws_security_group.this.id + description = "Allow outbound traffic" + type = "egress" + from_port = 0 + to_port = 0 + protocol = "all" + cidr_blocks = ["0.0.0.0/0"] +} diff --git a/aws_loadbalancer/target_group.tf b/aws_loadbalancer/target_group.tf new file mode 100644 index 0000000..ffc6bd0 --- /dev/null +++ b/aws_loadbalancer/target_group.tf @@ -0,0 +1,21 @@ +resource "aws_lb_target_group" "this" { + name = var.target_group_name + port = var.tg_port + protocol = var.tg_protocol + vpc_id = var.vpc_id + target_type = var.target_type + + health_check { + path = var.health_check_path + timeout = var.health_check_timeout + interval = var.health_check_interval + healthy_threshold = var.healthy_threshold + unhealthy_threshold = var.unhealthy_threshold + } + tags = { + Name = "${var.project_name}-${var.env}" + Project = var.project_name + Environment = var.env + Terraform = true + } +} \ No newline at end of file diff --git a/aws_loadbalancer/variables.tf b/aws_loadbalancer/variables.tf new file mode 100644 index 0000000..976da89 --- /dev/null +++ b/aws_loadbalancer/variables.tf @@ -0,0 +1,97 @@ +variable "project_name" { + type = string +} + +variable "env" { + type = string +} + +variable "cidr_vpc" { + type = string +} + +variable "vpc_id" { + description = "The vpc id for the target group" +} + +variable "certificate_arn" { + description = "ARN of the default SSL server certificate" + type = string +} + +variable "subnet_ids" { + type = list(string) +} + +variable "loadbalancer_name" { + type = string +} + +variable "loadbalancer_type" { + description = "Possible values are application, gateway, or network" + type = string + default = "application" +} + +variable "internal" { + type = bool +} + +variable "listener_protocol" { + type = string + description = "The protocol for the listener" + default = "HTTPS" +} + +variable "listener_port" { + type = number + description = "The port for the listener" + default = 443 +} + +variable "tg_protocol" { + type = string +} + +variable "target_type" { + description = "Type of target group instance or ip" + default = "instance" + type = string +} + +variable "tg_port" { + type = string +} + +variable "target_group_name" { + description = "The name for the target group" +} + +variable "health_check_path" { + description = "The health check path" + default = "/api/health" +} + +variable "health_check_timeout" { + description = "The health check timeout" + default = 5 +} + +variable "health_check_interval" { + description = "The health check interval" + default = 30 +} + +variable "healthy_threshold" { + description = "The healthy threshold" + default = 2 +} + +variable "unhealthy_threshold" { + description = "The unhealthy threshold" + default = 2 +} + +variable "sg_allow_tcp_ports" { + type = list(string) +} diff --git a/aws_task_definition/data.tf b/aws_task_definition/data.tf new file mode 100644 index 0000000..fda5df6 --- /dev/null +++ b/aws_task_definition/data.tf @@ -0,0 +1 @@ +data "aws_iam_role" "ecs_task_execution_role" { name = "ecsTaskExecutionRole" } diff --git a/aws_task_definition/main.tf b/aws_task_definition/main.tf new file mode 100644 index 0000000..e6f0e26 --- /dev/null +++ b/aws_task_definition/main.tf @@ -0,0 +1,39 @@ +resource "aws_ecs_task_definition" "this" { + family = var.task_name + execution_role_arn = data.aws_iam_role.ecs_task_execution_role.arn + network_mode = "awsvpc" + requires_compatibilities = ["FARGATE"] + cpu = var.cpu + memory = var.memory + container_definitions = jsonencode([ + { + name = var.task_name + image = "${var.image}:latest", + essential = true + portMappings = [ + { + name : "${var.task_name}-port", + containerPort = tonumber(var.environment_variables["PORT"]), + hostPort = tonumber(var.environment_variables["PORT"]), + protocol = "tcp", + appProtocol = "http" + } + ], + "environment" = [ + for key, value in var.environment_variables : { + name = key + value = value + } + ], + logConfiguration = { + logDriver = "awslogs", + options = { + awslogs-create-group = "true", + awslogs-group = "/ecs/weway-backend", + awslogs-region = "eu-central-1", + awslogs-stream-prefix = "ecs" + }, + }, + } + ]) +} diff --git a/aws_task_definition/outputs.tf b/aws_task_definition/outputs.tf new file mode 100644 index 0000000..5f8c8dc --- /dev/null +++ b/aws_task_definition/outputs.tf @@ -0,0 +1,10 @@ +output "ecs_task_execution_role" { + value = data.aws_iam_role.ecs_task_execution_role.arn +} +output "ecs_task_definition_arn" { + value = aws_ecs_task_definition.this.arn +} + +output "ecs_task_definition_role_name" { + value = data.aws_iam_role.ecs_task_execution_role.name +} diff --git a/aws_task_definition/variables.tf b/aws_task_definition/variables.tf new file mode 100644 index 0000000..aeb3f27 --- /dev/null +++ b/aws_task_definition/variables.tf @@ -0,0 +1,19 @@ +variable "image" { + type = string +} + +variable "environment_variables" { + type = map(string) +} + +variable "task_name" { + type = string +} + +variable "cpu" { + type = number +} + +variable "memory" { + type = number +} diff --git a/backend.tf b/backend.tf new file mode 100644 index 0000000..b2fdf60 --- /dev/null +++ b/backend.tf @@ -0,0 +1,7 @@ +terraform { + backend "s3" { + bucket = "example-tf-filin" #manual create + key = "dev/terraform.tfstate" + region = "eu-central-1" + } +} diff --git a/data.tf b/data.tf index 87d8f48..993df01 100644 --- a/data.tf +++ b/data.tf @@ -1,3 +1,26 @@ +data "aws_ami" "ubuntu_server" { + most_recent = true + owners = ["099720109477"] # Canonical + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20230516"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } +} + data "aws_availability_zones" "available" { state = "available" } + +data "terraform_remote_state" "shared" { + backend = "s3" + config = { + bucket = "example-tfstate" + key = "prod" + region = "eu-central-1" + } +} diff --git a/main.tf b/main.tf deleted file mode 100644 index 3dc0831..0000000 --- a/main.tf +++ /dev/null @@ -1,103 +0,0 @@ -terraform { - # backend "s3" { - # bucket = "mybucket" - # key = "path/to/my/key" - # region = "eu-central-1" - # } - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - cloudflare = { - source = "cloudflare/cloudflare" - version = "~> 4.0" - } - } -} - -provider "aws" { - region = var.region -} - -provider "cloudflare" { -} - -module "vpc" { - source = "./aws_vpc" - nat_create = var.nat_create - azs = data.aws_availability_zones.available.names - cidr_vpc = var.cidr_vpc - public_subnet_cidrs = var.public_subnet_cidrs - private_subnet_cidrs = var.private_subnet_cidrs - project_name = var.project_name - env = var.env -} - -module "rds_postgres" { - source = "./aws_rds" - apply_immediately = var.apply_immediately - multi_az = var.multi_az - cidr_vpc = var.cidr_vpc - vpc_id = module.vpc.vpc_id - allocated_storage = var.allocated_storage - max_allocated_storage = var.max_allocated_storage - allow_major_version_upgrade = var.allow_major_version_upgrade - backup_retention_period = var.backup_retention_period - deletion_protection = var.deletion_protection - engine = var.engine - engine_version = var.engine_version - instance_class = var.instance_class - publicly_accessible = var.publicly_accessible - skip_final_snapshot = var.skip_final_snapshot - - subnet_ids = module.vpc.private_subnet_ids - db_port = var.db_port - - username = var.username - password = var.password - db_name = var.db_name - - project_name = var.project_name - env = var.env -} - -module "server1" { - source = "./aws_instance" - depends_on = [module.vpc] - ami = var.ami_ubuntu_22_04 - azs = element(data.aws_availability_zones.available.names, 0) - instance_type = "t3.micro" - root_block_size = 10 - root_volume_type = "gp3" - instance_profile = null - vpc_id = module.vpc.vpc_id - cidr_vpc = var.cidr_vpc - allow_tcp_ports = [80, 443, 22, 8080] - allow_udp_ports = [] - start_tcp_ports = [] - end_tcp_ports = [] - start_udp_ports = [] - end_udp_ports = [] - subnet_id = element(module.vpc.public_subnet_ids, 0) - ssh_key = var.ssh_key - user_data = file("test.sh") - - project_name = var.project_name - env = var.env - instance_name = var.inst1_name -} - -module "ebs_server_1" { - source = "./aws_ebs" - azs = element(data.aws_availability_zones.available.names, 0) - size = "10" - type = "gp3" - instance_id = module.server1.instance_id - device_path = "/dev/sdh" - - project_name = var.project_name - env = var.env - instance_name = var.inst1_name -} - diff --git a/main_acm.tf b/main_acm.tf new file mode 100644 index 0000000..adf42c2 --- /dev/null +++ b/main_acm.tf @@ -0,0 +1,7 @@ +module "certificate_manager" { + source = "./aws_certificate_manager" + domain_name = var.backend_domain_name + validation_method = var.validation_method + env = var.env + project_name = var.project_name +} \ No newline at end of file diff --git a/main_amplify.tf b/main_amplify.tf new file mode 100644 index 0000000..a7e4af7 --- /dev/null +++ b/main_amplify.tf @@ -0,0 +1,15 @@ +module "amplify" { + source = "./aws_amplify" + repository = var.github_repository + access_token = var.access_token + app_name = var.app_name + branch_name = var.branch_name + framework = var.framework + stage = var.stage + dns_prefix_branch = var.dns_prefix_branch + region = var.region + domain_name = var.frontend_domain_name + build_spec = var.build_spec + environment_variables = var.frontend_environment_variables + custom_rules = var.custom_rules +} \ No newline at end of file diff --git a/main_ec2_ebs.tf b/main_ec2_ebs.tf new file mode 100644 index 0000000..4416630 --- /dev/null +++ b/main_ec2_ebs.tf @@ -0,0 +1,37 @@ +module "test_server" { + source = "git@github.com:Filicipa/terraform_modules.git//aws_inctance?ref=v1.2.0" + depends_on = [module.vpc] + ami = data.aws_ami.ubuntu_server.id + azs = element(data.aws_availability_zones.available.names, 0) + instance_type = "t3.micro" + root_block_size = 10 + root_volume_type = "gp3" + instance_profile = null + vpc_id = module.vpc.vpc_id + cidr_vpc = var.cidr_vpc + allow_tcp_ports = [80, 443, 22] + allow_udp_ports = [] + start_tcp_ports = [] + end_tcp_ports = [] + start_udp_ports = [] + end_udp_ports = [] + subnet_id = element(module.vpc-terraform.public_subnet_ids, 0) + ssh_key = var.ssh_key + user_data = file("test.sh") + + project_name = var.project_name + env = var.env + instance_name = var.inst1_name +} + +module "ebs_volume" { + source = "git@github.com:Filicipa/terraform_modules.git//aws_ebs?ref=v1.2.0" + azs = element(data.aws_availability_zones.available.names, 0) + size = 10 + type = "gp3" + instance_id = module.test_server.instance_id + device_path = "/dev/sdh" + project_name = var.project_name + env = var.env + instance_name = var.inst1_name +} diff --git a/main_ecs_cluster.tf b/main_ecs_cluster.tf new file mode 100644 index 0000000..6d3b810 --- /dev/null +++ b/main_ecs_cluster.tf @@ -0,0 +1,5 @@ +module "ecs-weway-cluster" { + source = "./aws_ecs_cluster" + env = var.env + project_name = var.project_name +} \ No newline at end of file diff --git a/main_ecs_service.tf b/main_ecs_service.tf new file mode 100644 index 0000000..a548d55 --- /dev/null +++ b/main_ecs_service.tf @@ -0,0 +1,16 @@ +module "ecs-service" { + source = "./aws_ecs_service" + project_name = var.project_name + env = var.env + name = var.service_name + ecs_cluster_id = data.terraform_remote_state.shared.outputs.ecs_cluster_id + ecs_task_definition_arn = module.weway-task-definition.ecs_task_definition_arn + desired_count = var.desired_count + force_new_deployment = true + container_name = var.task_name + container_port = tonumber(var.backend_environment_variables["PORT"]) + cidr_vpc = data.terraform_remote_state.shared.outputs.cidr_vpc + vpc_id = data.terraform_remote_state.shared.outputs.vpc_id + public_subnet_ids = data.terraform_remote_state.shared.outputs.public_subnet_ids + target_group_arns = module.load_balancer.target_group_arn +} \ No newline at end of file diff --git a/main_iam_user.tf b/main_iam_user.tf new file mode 100644 index 0000000..cdca22d --- /dev/null +++ b/main_iam_user.tf @@ -0,0 +1,6 @@ +module "iam_user" { + source = "./aws_iam_user" + username = var.iam_user + env = var.env + project_name = var.project_name +} diff --git a/main_loadbalancer.tf b/main_loadbalancer.tf new file mode 100644 index 0000000..60450d3 --- /dev/null +++ b/main_loadbalancer.tf @@ -0,0 +1,20 @@ +module "load_balancer" { + source = "./aws_loadbalancer" + loadbalancer_name = var.loadbalancer_name + loadbalancer_type = var.loadbalancer_type + internal = false + subnet_ids = data.terraform_remote_state.shared.outputs.public_subnet_ids + listener_protocol = "HTTPS" + listener_port = 443 + tg_protocol = "HTTP" + target_type = var.target_type + target_group_name = var.target_group_name + vpc_id = data.terraform_remote_state.shared.outputs.vpc_id + health_check_path = var.health_check_path + project_name = var.project_name + env = var.env + certificate_arn = data.terraform_remote_state.shared.outputs.acm_certificate_arn + cidr_vpc = "0.0.0.0" + sg_allow_tcp_ports = var.sg_allow_tcp_ports + tg_port = 80 +} diff --git a/main_rds.tf b/main_rds.tf new file mode 100644 index 0000000..1dbfbe8 --- /dev/null +++ b/main_rds.tf @@ -0,0 +1,27 @@ +module "rds_postgres" { + source = "./aws_rds" + apply_immediately = var.apply_immediately + multi_az = var.multi_az + cidr_vpc = var.cidr_vpc + vpc_id = module.vpc.vpc_id + allocated_storage = var.allocated_storage + max_allocated_storage = var.max_allocated_storage + allow_major_version_upgrade = var.allow_major_version_upgrade + backup_retention_period = var.backup_retention_period + deletion_protection = var.deletion_protection + engine = var.engine + engine_version = var.engine_version + instance_class = var.instance_class + publicly_accessible = var.publicly_accessible + skip_final_snapshot = var.skip_final_snapshot + + subnet_ids = module.vpc.private_subnet_ids + db_port = var.db_port + + username = var.username + password = var.password + db_name = var.db_name + + project_name = var.project_name + env = var.env +} \ No newline at end of file diff --git a/main_task_definition.tf b/main_task_definition.tf new file mode 100644 index 0000000..6ce670d --- /dev/null +++ b/main_task_definition.tf @@ -0,0 +1,8 @@ +module "task-definition" { + source = "./aws_task_definition" + task_name = var.task_name + environment_variables = var.backend_environment_variables + cpu = var.cpu + memory = var.memory + image = data.terraform_remote_state.shared.outputs.ecr_url +} diff --git a/main_vpc.tf b/main_vpc.tf new file mode 100644 index 0000000..38f65ac --- /dev/null +++ b/main_vpc.tf @@ -0,0 +1,10 @@ +module "vpc" { + source = "./aws_vpc" + nat_create = var.nat_create + azs = data.aws_availability_zones.available.names + cidr_vpc = var.cidr_vpc + public_subnet_cidrs = var.public_subnet_cidrs + private_subnet_cidrs = var.private_subnet_cidrs + project_name = var.project_name + env = var.env +} diff --git a/outputs.tf b/outputs.tf index 808cde7..f0c0f66 100644 --- a/outputs.tf +++ b/outputs.tf @@ -30,3 +30,29 @@ output "rds_endpoint" { # output "server1_ip" { # value = module.server1.elastic_ip # } + +output "ecr_url" { + description = "The URL of the repository (in the form aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName)" + value = data.terraform_remote_state.shared.outputs.ecr_url +} + +output "alb_dns" { + description = "The DNS name of the load balancer" + value = module.load_balancer.lb_dns +} + +output "amplify_default_domain" { + description = "Default domain for the Amplify app" + value = module.amplify.frontend_default_domain +} + +output "amplify_verification_dns_record" { + description = "The DNS record for certificate verification" + value = module.amplify.frontend_certificate_verification_dns_record +} + +output "amplify_cloud_front_dns_record" { + description = "DNS record for the subdomain" + value = module.amplify.cloudfront_dns_record +} + diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..ff5e7ec --- /dev/null +++ b/providers.tf @@ -0,0 +1,7 @@ +provider "aws" { + region = var.region +} + +provider "cloudflare" { + +} diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 4a6bf56..4e0cf07 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -2,6 +2,7 @@ region = "eu-central-1" project_name = "new-vpc" env = "test" + #### VPC vars nat_create = "false" @@ -12,3 +13,79 @@ username = "master" password = "master123" skip_final_snapshot = true +#### ACM vars +backend_domain_name = "*.example.com" +validation_method = "DNS" + +#### ECR vars +ecr_repository_name = "backend" +image_tag_mutability = "MUTABLE" +force_delete = false + +#### IAM +iam_user = "iam_user" + +#### Load Balancer +loadbalancer_name = "example-backend" +loadbalancer_type = "application" +target_group_name = "test-target-group" +target_type = "ip" +health_check_path = "/api/health" +sg_allow_tcp_ports = [80, 443] + +#### AMPLIFY +access_token = "your github access token" +github_repository = "https://github.com/example_repo/example_app" +app_name = "frontend" +branch_name = "develop" +stage = "PRODUCTION" +framework = "Next.js - SSR" +frontend_domain_name = "example.com" +dns_prefix_branch = "" +frontend_environment_variables = { + "_CUSTOM_IMAGE" = "amplify:al2023" + "_LIVE_UPDATES" = "[{\"pkg\":\"node\",\"type\":\"nvm\",\"version\":\"18.19.0\"}]" + "NEXT_PUBLIC_ENVIRONMENT" = "DEVNET" +} + +build_spec = <<-EOT + version: 1 + frontend: + phases: + preBuild: + commands: + - npm i -g pnpm + - pnpm i --frozen-lockfile + build: + commands: + - pnpm build + artifacts: + baseDirectory: .next + files: + - '**/*' + cache: + paths: + - node_modules/**/* +EOT + +custom_rules = [ + { + source = "/<*>" + status = "404-200" + target = "/index.html" + condition = null + } +] + +#### ECS task definition +task_name = "example-backend" +backend_environment_variables = { + HOST = "0.0.0.0" + PORT = "80" +} +cpu = 512 +memory = 1024 + +#### ECS service +service_name = "example-backend" +desired_count = 1 \ No newline at end of file diff --git a/variables_acm.tf b/variables_acm.tf new file mode 100644 index 0000000..1d65558 --- /dev/null +++ b/variables_acm.tf @@ -0,0 +1,8 @@ +variable "backend_domain_name" { + type = string +} + +variable "validation_method" { + type = string + default = "DNS" +} diff --git a/variables_amplify.tf b/variables_amplify.tf new file mode 100644 index 0000000..ce94bb1 --- /dev/null +++ b/variables_amplify.tf @@ -0,0 +1,51 @@ +variable "access_token" { + sensitive = true + description = "GitHub access_token" + type = string +} + +variable "github_repository" { + description = "GitHub repositoty URL" + type = string +} + +variable "app_name" { + type = string +} + +variable "branch_name" { + type = string +} + +variable "framework" { + type = string +} + +variable "stage" { + type = string +} + +variable "frontend_environment_variables" { + type = map(string) +} + +variable "frontend_domain_name" { + type = string +} + +variable "dns_prefix_branch" { + type = string +} + +variable "build_spec" { + type = string +} + +variable "custom_rules" { + type = list(object({ + source = string + status = string + target = string + condition = string + })) +} diff --git a/variables_ecr.tf b/variables_ecr.tf new file mode 100644 index 0000000..ecdd16d --- /dev/null +++ b/variables_ecr.tf @@ -0,0 +1,16 @@ +variable "ecr_repository_name" { + type = string +} + +variable "scan_on_push" { + type = bool + default = false +} + +variable "image_tag_mutability" { + type = string +} + +variable "force_delete" { + type = bool +} diff --git a/variables_ecs_service.tf b/variables_ecs_service.tf new file mode 100644 index 0000000..6357a56 --- /dev/null +++ b/variables_ecs_service.tf @@ -0,0 +1,7 @@ +variable "service_name" { + type = string +} + +variable "desired_count" { + type = number +} diff --git a/variables_iam_user.tf b/variables_iam_user.tf new file mode 100644 index 0000000..c5480db --- /dev/null +++ b/variables_iam_user.tf @@ -0,0 +1,4 @@ +variable "iam_user" { + description = "IAM user name" + type = string +} diff --git a/variables_loadbalancer.tf b/variables_loadbalancer.tf new file mode 100644 index 0000000..b6a53e0 --- /dev/null +++ b/variables_loadbalancer.tf @@ -0,0 +1,24 @@ +variable "loadbalancer_name" { + type = string +} + +variable "loadbalancer_type" { + type = string +} + +variable "target_group_name" { + type = string +} + +variable "health_check_path" { + type = string +} + +variable "sg_allow_tcp_ports" { + type = list(string) +} + +variable "target_type" { + description = "Type of target group instance or ip" + type = string +} diff --git a/variables_task_definition.tf b/variables_task_definition.tf new file mode 100644 index 0000000..48125d9 --- /dev/null +++ b/variables_task_definition.tf @@ -0,0 +1,15 @@ +variable "backend_environment_variables" { + type = map(string) +} + +variable "task_name" { + type = string +} + +variable "cpu" { + type = number +} + +variable "memory" { + type = number +} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..5bcb387 --- /dev/null +++ b/versions.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" + } + } +}