feat: terraform script added for Infrastructure(IAC)

.gitignore

@@ -78,3 +78,57 @@ chart/charts
 
 #Docker
 DockerData/
+
+
+
+########################################## Terraform ##########################################
+# Terraform State files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore override files as they are usually used to override resources locally
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# .terraform directory is used by Terraform to store module and provider caches
+.terraform/
+
+# Ignore any plan files
+*.tfplan
+
+# Ignore variables files that may contain sensitive information
+*.tfvars
+*.tfvars.json
+
+# Ignore local environment files
+.terraform.lock.hcl
+
+# Ignore backup files
+*.backup
+
+# Ignore editor specific files
+# Examples for Visual Studio Code, IntelliJ IDEA, etc.
+.vscode/
+.idea/
+
+# Ignore Mac OS specific files
+.DS_Store
+
+# Ignore Linux and Unix specific files
+*.swp
+*.swo
+
+#Ignore Pem File
+*.pem
+
+#Ignore Aws Cred
+*/.aws/credentials

.pre-commit-config.yaml

@@ -34,22 +34,6 @@ repos:
         language: python
         types: [text]
 
-      - id: check-executables-have-shebangs
-        name: check that executables have shebangs
-        description: ensures that (non-binary) executables have a shebang.
-        entry: check-executables-have-shebangs
-        language: python
-        types: [text, executable]
-        stages: [commit, push, manual]
-
-      - id: check-shebang-scripts-are-executable
-        name: check that scripts with shebangs are executable
-        description: ensures that (non-binary) files with a shebang are executable.
-        entry: check-shebang-scripts-are-executable
-        language: python
-        types: [text]
-        stages: [commit, push, manual]
-
       - id: check-json
         name: check json
         description: checks json files for parseable syntax.

terraform/main.tf

@@ -0,0 +1,76 @@
+# Modules
+
+# VPC
+module "step1" {
+  source              = "./step1/"
+  aws_region          = var.aws_region
+  vpc_name            = var.vpc_name
+  vpc_cidr_block      = var.vpc_cidr_block
+  vpc_private_subnets = var.vpc_private_subnets
+  vpc_public_subnets  = var.vpc_public_subnets
+  availability_zones  = var.availability_zones
+  project_name        = var.project_name
+}
+
+# ECR - KMS - IAM Roles/Policies - S3 - SECURITY GROUPS
+module "step2" {
+  source             = "./step2/"
+  project_name       = var.project_name
+  aws_account        = var.aws_account
+  aws_region         = var.aws_region
+  vpc_name           = var.vpc_name
+  vpc_id             = module.step1.vpc_id
+  s3_bucket_name     = var.s3_bucket_name
+  ecs_task_role_name = var.ecs_task_role_name
+  depends_on         = [module.step1]
+}
+
+# ECR
+module "step3" {
+  source     = "./step3/"
+  ecr_names  = var.ecr_names
+  kms_key    = module.step2.kms_key.arn
+  depends_on = [module.step2]
+}
+
+# EC2 - REDIS - POSTGRESQL
+module "step4" {
+  source                    = "./step4/"
+  public_ec2_instance_ami   = var.public_ec2_instance_ami
+  private_ec2_instance_ami  = var.private_ec2_instance_ami
+  project_name              = var.project_name
+  vpc_name                  = var.vpc_name
+  vpc_private_subnets       = module.step1.private_subnets_id
+  vpc_public_subnets        = module.step1.public_subnets_id
+  ec2_sec_grp               = module.step2.ec2_sec_grp.id
+  psql_sec_grp              = module.step2.psql_sec_grp.id
+  docdb_sec_grp             = module.step2.docdb_sec_grp.id
+  redis_sec_grp             = module.step2.redis_sec_grp.id
+  # document_db_root_username = var.document_db_root_username
+  # document_db_root_password = var.document_db_root_password
+  postgresql_root_username  = var.postgresql_root_username
+  postgresql_root_password  = var.postgresql_root_password
+}
+
+# ECS - EFS - ALB
+module "step6" {
+  source                    = "./step6/"
+  project_name              = var.project_name
+  aws_account               = var.aws_account
+  aws_region                = var.aws_region
+  vpc_name                  = var.vpc_name
+  vpc_id                    = module.step1.vpc_id
+  vpc_private_subnets       = module.step1.private_subnets_id
+  vpc_public_subnets        = module.step1.public_subnets_id
+  vpc_private_subnets_count = var.vpc_private_subnets
+  ecs_cluster_name          = var.ecs_cluster_name
+  ecs_loadbalancer_name     = var.ecs_loadbalancer_name
+  ecs_task_role_name        = module.step2.ecs_final_role_name
+  ecs_sec_grp               = module.step2.ecs_sec_grp.id
+  alb_logs_s3_bucket        = module.step2.alb_logs_s3_bucket.id
+  kms_key                   = module.step2.kms_key.arn
+  load_balancer_sec_grp     = module.step2.load_balancer_sec_grp.id
+  SSL_certificate_arn       = var.SSL_certificate_arn
+  s3_bucket_name            = var.s3_bucket_name
+  depends_on                = [module.step4]
+}

terraform/outputs.tf

@@ -0,0 +1,12 @@
+output "postgres_endpoint" {
+  value = module.step4.postgres_endpoint.address
+}
+
+
+#output "private_subnets" {
+#  value = module.step1.private_subnets_id
+#}
+
+#output "kms_key_arn" {
+#  value = module.step2.kms_key.arn
+#}

terraform/providers.tf

@@ -0,0 +1,28 @@
+# Terraform provider
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.67.0"
+    }
+  }
+}
+
+provider "aws" {
+  # region and profile is for the architecture
+  region                   = "ap-south-1"
+  shared_credentials_files = ["${path.module}/.aws/credentials"]
+  profile                  = "default"
+
+
+  default_tags {
+    tags = {
+      Environment = "NAXA-DTM"
+      Application = "DTM"
+      Team        = "NAXA-Developers"
+      Creator     = "NAXA"
+      Owner       = "NAXA"
+    }
+  }
+}

terraform/step1/VPC.tf

@@ -0,0 +1,136 @@
+# CREATE VPC
+resource "aws_vpc" "project_vpc" {
+  cidr_block                           = var.vpc_cidr_block
+  enable_dns_hostnames                 = true
+  enable_network_address_usage_metrics = true
+  enable_dns_support                   = true
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}"
+  }
+}
+
+# CREATE INTERNET GATEWAY for the public subnets
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.project_vpc.id
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-igw"
+  }
+}
+
+# CREATE ELASTIC IP for nat
+resource "aws_eip" "nat_eip" {
+  vpc = true
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-eip"
+  }
+  depends_on = [aws_internet_gateway.igw]
+}
+
+# CREATE NAT GATEWAY
+resource "aws_nat_gateway" "nat_gateway" {
+  allocation_id = aws_eip.nat_eip.id
+  subnet_id     = aws_subnet.public_subnet[0].id
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-nat"
+  }
+  depends_on = [aws_internet_gateway.igw]
+}
+
+
+
+# ========================== PRIVATE SUBNETS ======================= #
+
+# Create Private Subnets
+resource "aws_subnet" "private_subnet" {
+  count                   = length(var.vpc_private_subnets)
+  vpc_id                  = aws_vpc.project_vpc.id
+  cidr_block              = var.vpc_private_subnets[count.index]
+  availability_zone       = var.availability_zones[count.index % length(var.availability_zones)]
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-private-subnet-${count.index}"
+  }
+}
+
+# ROUTE TABLES for private Subnets
+resource "aws_route_table" "private_route_table" {
+  vpc_id = aws_vpc.project_vpc.id
+  tags = {
+    Name = "${var.vpc_name}-private-route-table"
+  }
+}
+
+resource "aws_route" "private_nat_gateway" {
+  route_table_id         = aws_route_table.private_route_table.id
+  destination_cidr_block = "0.0.0.0/0"
+  nat_gateway_id         = aws_nat_gateway.nat_gateway.id
+}
+
+resource "aws_route_table_association" "private_subnet_association" {
+  count          = length(aws_subnet.private_subnet)
+  route_table_id = aws_route_table.private_route_table.id
+  subnet_id      = aws_subnet.private_subnet[count.index].id
+}
+
+
+
+# ========================== PUBLIC SUBNETS ======================= #
+
+#Create Public Subnets
+resource "aws_subnet" "public_subnet" {
+  count                   = length(var.vpc_public_subnets)
+  cidr_block              = var.vpc_public_subnets[count.index]
+  vpc_id                  = aws_vpc.project_vpc.id
+  availability_zone       = var.availability_zones[count.index % length(var.availability_zones)]
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "${var.project_name}-${var.vpc_name}-public-subnet-${count.index}"
+  }
+}
+
+# ROUTE TABLES for public Subnets
+resource "aws_route_table" "public_route_table" {
+  vpc_id = aws_vpc.project_vpc.id
+  tags = {
+    Name = "${var.vpc_name}-public-route-table"
+  }
+}
+
+resource "aws_route" "public_internet_gateway" {
+  route_table_id         = aws_route_table.public_route_table.id
+  destination_cidr_block = "0.0.0.0/0"
+  gateway_id             = aws_internet_gateway.igw.id
+}
+
+resource "aws_route_table_association" "public_subnet_association" {
+  count          = length(aws_subnet.public_subnet)
+  subnet_id      = aws_subnet.public_subnet[count.index].id
+  route_table_id = aws_route_table.public_route_table.id
+}
+
+
+
+# ========================== DEFAULT SG ======================= #
+
+# VPC's Default Security Group
+resource "aws_security_group" "default" {
+  name        = "${var.vpc_name}-default-sg"
+  description = "Default security group to allow inbound/outbound from the VPC"
+  vpc_id      = aws_vpc.project_vpc.id
+  ingress {
+    from_port = "0"
+    to_port   = "0"
+    protocol  = "-1"
+    self      = true
+  }
+  egress {
+    from_port = "0"
+    to_port   = "0"
+    protocol  = "-1"
+    self      = "true"
+  }
+  tags = {
+    Name = "${var.vpc_name}-default-sg"
+  }
+  depends_on = [aws_vpc.project_vpc]
+}

terraform/step1/output.tf

@@ -0,0 +1,19 @@
+output "vpc_id" {
+  value = aws_vpc.project_vpc.id
+}
+
+output "private_subnets_id" {
+  value = aws_subnet.private_subnet.*.id
+}
+
+output "public_subnets_id" {
+  value = aws_subnet.public_subnet.*.id
+}
+
+output "private_route_table_id" {
+  value = aws_route_table.private_route_table.id
+}
+
+output "public_route_table_id" {
+  value = aws_route_table.public_route_table.id
+}

terraform/step1/variables.tf

@@ -0,0 +1,29 @@
+#VARIABLES
+
+variable "aws_region" {
+  type = string
+}
+
+variable "project_name" {
+  type = string
+}
+
+variable "vpc_name" {
+  type = string
+}
+
+variable "vpc_cidr_block" {
+  type = string
+}
+
+variable "vpc_private_subnets" {
+  type = list(string)
+}
+
+variable "vpc_public_subnets" {
+  type = list(string)
+}
+
+variable "availability_zones" {
+  type = list(string)
+}