lenape/nvhi-atsila-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

automated terminal push

Browse Source
This commit is contained in:
lenape
2025-07-12 08:51:48 +00:00
parent 751acfe646
commit 0282e18140
10 changed files with 361 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
terraform/backend.tf Normal file
View File

@@ -0,0 +1,8 @@
terraform {
backend "s3" {
bucket = "nvhi-atsila-tf-state"
key = "ecs/terraform.tfstate"
region = "us-east-2"
dynamodb_table = "nvhi-atsila-locks"
}
}

139
terraform/main.tf Normal file
View File

@@ -0,0 +1,139 @@
provider "aws" {
region = var.aws_region
}
data "aws_availability_zones" "azs" {}
# Hardened remote-state S3 bucket
resource "aws_s3_bucket" "tfstate" {
bucket = "nvhi-atsila-tf-state"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
versioning {
enabled = true
}
tags = {
Name = "nvhi-atsila-tf-state"
Environment = "Production"
}
}
resource "aws_s3_bucket_public_access_block" "tfstate_block" {
bucket = aws_s3_bucket.tfstate.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
resource "aws_dynamodb_table" "locks" {
name = "nvhi-atsila-locks"
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
point_in_time_recovery {
enabled = true
}
tags = {
Name = "nvhi-atsila-locks"
Environment = "Production"
}
}
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
tags = {
Name = "${var.cluster_name}-vpc"
}
}
resource "aws_subnet" "public" {
count = length(split(",", var.public_subnets))
vpc_id = aws_vpc.main.id
cidr_block = element(split(",", var.public_subnets), count.index)
availability_zone = data.aws_availability_zones.azs.names[count.index]
map_public_ip_on_launch = true
tags = {
Name = "${var.cluster_name}-public-${count.index}"
}
}
resource "aws_security_group" "ecs_sg" {
name = "${var.cluster_name}-sg"
description = "Allow SSH & HTTP to ECS"
vpc_id = aws_vpc.main.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.jenkins_ip_cidr]
}
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.cluster_name}-sg"
}
}
resource "aws_key_pair" "deployer" {
key_name = var.key_pair_name
public_key = file("${path.module}/../lenape_key.pub")
}
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"]
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
}
resource "aws_ecs_cluster" "main" {
name = var.cluster_name
}
resource "aws_instance" "ecs_instance" {
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
subnet_id = aws_subnet.public[0].id
vpc_security_group_ids = [aws_security_group.ecs_sg.id]
key_name = aws_key_pair.deployer.key_name
tags = {
Name = "${var.cluster_name}-instance"
}
}
output "ecs_instance_public_ip" {
value = aws_instance.ecs_instance.public_ip
}

34
terraform/variables.tf Normal file
View File

@@ -0,0 +1,34 @@
variable "aws_region" {
type = string
default = "us-east-2"
}
variable "jenkins_ip_cidr" {
description = "CIDR block for SSH access from Jenkins (injected by pipeline)"
type = string
}
variable "cluster_name" {
description = "Name of the ECS cluster"
type = string
}
variable "vpc_cidr" {
description = "VPC CIDR block"
type = string
}
variable "public_subnets" {
description = "Comma-separated public subnet CIDRs"
type = string
}
variable "instance_type" {
description = "EC2 instance type"
type = string
}
variable "key_pair_name" {
description = "EC2 Key Pair name"
type = string
}