From 81e78c18e1dba7c8c157e03fb9f338745a6f7bde Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Fri, 18 Jun 2021 07:02:49 +0000 Subject: [PATCH] Start messing around with ASGs --- tf/infra.tf | 144 +++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 108 insertions(+), 36 deletions(-) diff --git a/tf/infra.tf b/tf/infra.tf index bf81128..b8ee940 100644 --- a/tf/infra.tf +++ b/tf/infra.tf @@ -11,26 +11,28 @@ terraform { } } -locals { - tags = { - Terraform = "Managed by Terraform" - BillingCategory = "Riju" - } -} - data "external" "env" { program = ["jq", "-n", "env"] } provider "aws" { region = "us-west-1" + default_tags { + tags = { + Terraform = "Managed by Terraform" + BillingCategory = "Riju" + } + } } data "aws_region" "current" {} +data "aws_vpc" "default" { + default = true +} + resource "aws_iam_user" "deploy" { name = "riju-deploy" - tags = local.tags } resource "aws_iam_access_key" "deploy" { @@ -104,7 +106,6 @@ data "aws_iam_policy_document" "riju" { resource "aws_s3_bucket" "riju" { bucket = data.external.env.result.S3_BUCKET - tags = local.tags } resource "aws_s3_bucket_public_access_block" "riju" { @@ -169,42 +170,113 @@ resource "aws_security_group" "server" { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } - - tags = local.tags } -resource "aws_instance" "server" { - instance_type = "t3.small" - ami = data.aws_ami.server.id - availability_zone = "${data.aws_region.current.name}b" - security_groups = [aws_security_group.server.name] - tags = merge(local.tags, { - Name = "Riju server" - }) - root_block_device { - tags = merge(local.tags, { - Name = "Riju server root volume" - }) +resource "aws_security_group" "alb" { + name = "riju-alb" + description = "Security group for Riju application load balancer" + + ingress { + description = "HTTP" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "HTTPS" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] } } -resource "aws_ebs_volume" "data" { - availability_zone = "${data.aws_region.current.name}b" - size = 125 - type = "gp3" - tags = merge(local.tags, { - Name = "Riju Docker data" - }) +resource "aws_launch_template" "server" { + name = "riju-server" + image_id = data.aws_ami.server.id + instance_type = "t3.small" + security_group_names = [aws_security_group.server.name] + + block_device_mappings { + device_name = "/dev/sdh" + ebs { + volume_type = "gp3" + volume_size = 125 + } + } + + tags = { + Name = "Riju server" + } + + tag_specifications { + resource_type = "instance" + tags = { + Name = "Riju server" + } + } } -resource "aws_volume_attachment" "data" { - device_name = "/dev/sdh" - volume_id = aws_ebs_volume.data.id - instance_id = aws_instance.server.id +resource "aws_autoscaling_group" "server" { + availability_zones = [ + "${data.aws_region.current.name}b", + "${data.aws_region.current.name}c", + ] + desired_capacity = 1 + min_size = 1 + max_size = 3 + + launch_template { + id = aws_launch_template.server.id + } + + tag { + key = "Name" + value = "Riju server" + propagate_at_launch = false + } } -output "server_ip_address" { - value = aws_instance.server.public_ip +resource "aws_lb" "server" { + name = "riju-server" + security_groups = [aws_security_group.alb.name] +} + +resource "aws_lb_target_group" "server_http" { + name = "riju-server-http" + port = 80 + protocol = "HTTP" + vpc_id = data.aws_vpc.default.id +} + +resource "aws_autoscaling_attachment" "server_http" { + autoscaling_group_name = aws_autoscaling_group.server.id + alb_target_group_arn = aws_lb_target_group.server_http.arn +} + +resource "aws_lb_target_group" "server_https" { + name = "riju-server-https" + port = 443 + protocol = "HTTPS" + vpc_id = data.aws_vpc.default.id +} + +resource "aws_autoscaling_attachment" "server_https" { + autoscaling_group_name = aws_autoscaling_group.server.id + alb_target_group_arn = aws_lb_target_group.server_https.arn +} + +output "alb_dns_name" { + value = aws_lb.server } output "deploy_aws_access_key_id" {