140 lines
2.9 KiB
HCL
140 lines
2.9 KiB
HCL
provider "aws" {
|
|
region = var.aws_region
|
|
}
|
|
|
|
data "aws_availability_zones" "azs" {}
|
|
|
|
# Hardened remote-state S3 bucket
|
|
resource "aws_s3_bucket" "tfstate" {
|
|
bucket = "nvhi-atsila-tf-state"
|
|
|
|
server_side_encryption_configuration {
|
|
rule {
|
|
apply_server_side_encryption_by_default {
|
|
sse_algorithm = "AES256"
|
|
}
|
|
}
|
|
}
|
|
|
|
versioning {
|
|
enabled = true
|
|
}
|
|
|
|
tags = {
|
|
Name = "nvhi-atsila-tf-state"
|
|
Environment = "Production"
|
|
}
|
|
}
|
|
|
|
resource "aws_s3_bucket_public_access_block" "tfstate_block" {
|
|
bucket = aws_s3_bucket.tfstate.id
|
|
|
|
block_public_acls = true
|
|
block_public_policy = true
|
|
ignore_public_acls = true
|
|
restrict_public_buckets = true
|
|
}
|
|
|
|
resource "aws_dynamodb_table" "locks" {
|
|
name = "nvhi-atsila-locks"
|
|
billing_mode = "PAY_PER_REQUEST"
|
|
hash_key = "LockID"
|
|
|
|
attribute {
|
|
name = "LockID"
|
|
type = "S"
|
|
}
|
|
|
|
point_in_time_recovery {
|
|
enabled = true
|
|
}
|
|
|
|
tags = {
|
|
Name = "nvhi-atsila-locks"
|
|
Environment = "Production"
|
|
}
|
|
}
|
|
|
|
resource "aws_vpc" "main" {
|
|
cidr_block = var.vpc_cidr
|
|
tags = {
|
|
Name = "${var.cluster_name}-vpc"
|
|
}
|
|
}
|
|
|
|
resource "aws_subnet" "public" {
|
|
count = length(split(",", var.public_subnets))
|
|
vpc_id = aws_vpc.main.id
|
|
cidr_block = element(split(",", var.public_subnets), count.index)
|
|
availability_zone = data.aws_availability_zones.azs.names[count.index]
|
|
map_public_ip_on_launch = true
|
|
tags = {
|
|
Name = "${var.cluster_name}-public-${count.index}"
|
|
}
|
|
}
|
|
|
|
resource "aws_security_group" "ecs_sg" {
|
|
name = "${var.cluster_name}-sg"
|
|
description = "Allow SSH & HTTP to ECS"
|
|
vpc_id = aws_vpc.main.id
|
|
|
|
ingress {
|
|
from_port = 22
|
|
to_port = 22
|
|
protocol = "tcp"
|
|
cidr_blocks = [var.jenkins_ip_cidr]
|
|
}
|
|
|
|
ingress {
|
|
from_port = 8080
|
|
to_port = 8080
|
|
protocol = "tcp"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
egress {
|
|
from_port = 0
|
|
to_port = 0
|
|
protocol = "-1"
|
|
cidr_blocks = ["0.0.0.0/0"]
|
|
}
|
|
|
|
tags = {
|
|
Name = "${var.cluster_name}-sg"
|
|
}
|
|
}
|
|
|
|
resource "aws_key_pair" "deployer" {
|
|
key_name = var.key_pair_name
|
|
public_key = file("${path.module}/../lenape_key.pub")
|
|
}
|
|
|
|
data "aws_ami" "ubuntu" {
|
|
most_recent = true
|
|
owners = ["099720109477"]
|
|
filter {
|
|
name = "name"
|
|
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
|
|
}
|
|
}
|
|
|
|
resource "aws_ecs_cluster" "main" {
|
|
name = var.cluster_name
|
|
}
|
|
|
|
resource "aws_instance" "ecs_instance" {
|
|
ami = data.aws_ami.ubuntu.id
|
|
instance_type = var.instance_type
|
|
subnet_id = aws_subnet.public[0].id
|
|
vpc_security_group_ids = [aws_security_group.ecs_sg.id]
|
|
key_name = aws_key_pair.deployer.key_name
|
|
|
|
tags = {
|
|
Name = "${var.cluster_name}-instance"
|
|
}
|
|
}
|
|
|
|
output "ecs_instance_public_ip" {
|
|
value = aws_instance.ecs_instance.public_ip
|
|
}
|