terraform basic

CSSE6400 · Apr 6, 2024 · f38b579 · f38b579
1 parent c6bc75d
commit f38b579
Show file tree

Hide file tree

Showing 6 changed files with 301 additions and 16 deletions.
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
diff --git a/database.tf b/database.tf
@@ -0,0 +1,34 @@
+resource "aws_db_instance" "database" {
+  allocated_storage      = 20
+  max_allocated_storage  = 1000
+  engine                 = "postgres"
+  engine_version         = "14"
+  instance_class         = "db.t4g.micro"
+  db_name                = "spamoverflow"
+  username               = local.database_username
+  password               = local.database_password
+  parameter_group_name   = "default.postgres14"
+  skip_final_snapshot    = true
+  vpc_security_group_ids = [aws_security_group.database.id]
+  publicly_accessible    = true
+}
+
+resource "aws_security_group" "database" {
+  name        = "spamoverflow-database"
+  description = "Allow inbound Postgres traffic"
+
+  ingress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+}
diff --git a/ecs.tf b/ecs.tf
@@ -0,0 +1,94 @@
+resource "aws_ecs_cluster" "spamoverflow" {
+  name = "spamoverflow"
+}
+
+resource "aws_ecs_task_definition" "spamoverflow" {
+  family                   = "spamoverflow"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 1024
+  memory                   = 2048
+  execution_role_arn       = data.aws_iam_role.lab.arn
+  depends_on               = [docker_image.spamoverflow]
+
+  container_definitions = <<DEFINITION
+ [ 
+   { 
+    "image": "${docker_registry_image.spamoverflow.name}", 
+    "cpu": 1024, 
+    "memory": 2048, 
+    "name": "spamoverflow", 
+    "networkMode": "awsvpc", 
+    "portMappings": [ 
+      { 
+       "containerPort": 8080, 
+       "hostPort": 8080 
+      } 
+    ], 
+    "environment": [ 
+      { 
+       "name": "SQLALCHEMY_DATABASE_URI", 
+       "value": "postgresql://${local.database_username}:${local.database_password}@${aws_db_instance.database.address}:${aws_db_instance.database.port}/${aws_db_instance.database.db_name}" 
+      } 
+    ], 
+    "logConfiguration": { 
+      "logDriver": "awslogs", 
+      "options": { 
+       "awslogs-group": "/spamoverflow/api", 
+       "awslogs-region": "us-east-1", 
+       "awslogs-stream-prefix": "ecs", 
+       "awslogs-create-group": "true" 
+      } 
+    } 
+   } 
+ ] 
+ DEFINITION 
+}
+
+
+resource "aws_ecs_service" "spamoverflow" {
+  name            = "spamoverflow"
+  cluster         = aws_ecs_cluster.spamoverflow.id
+  task_definition = aws_ecs_task_definition.spamoverflow.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+  depends_on      = [aws_ecs_task_definition.spamoverflow]
+
+  network_configuration {
+    subnets          = data.aws_subnets.private.ids
+    security_groups  = [aws_security_group.spamoverflow.id]
+    assign_public_ip = true
+  }
+  load_balancer {
+    target_group_arn = aws_lb_target_group.spamoverflow.arn
+    container_name   = "spamoverflow"
+    container_port   = 8080
+  }
+
+}
+
+resource "aws_security_group" "spamoverflow" {
+  name        = "spamoverflow"
+  description = "TaskOverflow Security Group"
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/images.tf b/images.tf
@@ -0,0 +1,14 @@
+resource "docker_image" "spamoverflow" {
+  name = "${aws_ecr_repository.spamoverflow.repository_url}:latest"
+  build {
+    context = "."
+  }
+}
+
+resource "docker_registry_image" "spamoverflow" {
+  name = docker_image.spamoverflow.name
+}
+
+resource "aws_ecr_repository" "spamoverflow" {
+  name = "spamoverflow"
+}
diff --git a/loadBalancer.tf b/loadBalancer.tf
@@ -0,0 +1,36 @@
+resource "aws_lb_target_group" "spamoverflow" { 
+  name          = "spamoverflow" 
+  port          = 8080 
+  protocol      = "HTTP" 
+  vpc_id        = aws_security_group.spamoverflow.vpc_id 
+  target_type   = "ip" 
+
+  health_check { 
+    path                = "/api/v1/health" 
+    port                = "8080" 
+    protocol            = "HTTP" 
+    healthy_threshold   = 2 
+    unhealthy_threshold = 2 
+    timeout             = 5 
+    interval            = 10 
+  } 
+}
+
+resource "aws_lb" "spamoverflow" {
+  name               = "spamoverflow"
+  internal           = false
+  load_balancer_type = "application"
+  subnets            = data.aws_subnets.private.ids
+  security_groups    = [aws_security_group.spamoverflow.id]
+}
+
+resource "aws_lb_listener" "spamoverflow" {
+  load_balancer_arn = aws_lb.spamoverflow.arn
+  port              = "8080"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.spamoverflow.arn
+  }
+}
diff --git a/main.tf b/main.tf
@@ -1,25 +1,63 @@
 terraform {
-    required_providers {
-        aws = {
-            source  = "hashicorp/aws"
-            version = "~> 4.0"
-        }
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.0"
     }
+    docker = {
+      source  = "kreuzwerker/docker"
+      version = "3.0.2"
+    }
+  }
+}
+
+data "aws_ecr_authorization_token" "ecr_token" {}
+
+provider "docker" {
+  registry_auth {
+    address  = data.aws_ecr_authorization_token.ecr_token.proxy_endpoint
+    username = data.aws_ecr_authorization_token.ecr_token.user_name
+    password = data.aws_ecr_authorization_token.ecr_token.password
+  }
 }
 
+
 provider "aws" {
-    region = "us-east-1"
-    shared_credentials_files = ["./credentials"]
-    default_tags {
-        tags = {
-            Course       = "CSSE6400"
-            Name         = "SpamOverflow"
-            Automation   = "Terraform"
-        }
+  region                   = "us-east-1"
+  shared_credentials_files = ["./credentials"]
+  default_tags {
+    tags = {
+      Course       = "CSSE6400"
+      Name         = "SpamOverflow"
+      Automation   = "Terraform"
+      Student_Name = "Nimesh Garg"
+      Student_ID   = "47285398"
     }
+  }
 }
 
 resource "local_file" "url" {
-    content  = "http://my-url/" # replace this with a URL from your terraform
-    filename = "./api.txt"
-}
+  content    = aws_lb.spamoverflow.dns_name # replace this with a URL from your terraform
+  filename   = "./api.txt"
+  depends_on = [aws_lb.spamoverflow]
+}
+
+data "aws_iam_role" "lab" {
+  name = "LabRole"
+}
+
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "private" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+locals {
+  database_password = "passwordNimesh"
+  database_username = "adminNimesh"
+}