This repository has been archived by the owner on Oct 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improved security by updating the Security Groups configuration.
- Loading branch information
1 parent
da0d54c
commit 11b5dc2
Showing
16 changed files
with
309 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,4 +26,3 @@ resource "aws_lb_listener" "lb_listener" { | |
target_group_arn = "${aws_lb_target_group.lb_target.arn}" | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
module "asg" { | ||
source = "../../" | ||
|
||
aws-profile = "ds-web-products-staging" | ||
aws-region = "eu-west-3" | ||
instance-ami = "ami-0dd7e7ed60da8fb83" | ||
user-data-script = "./user-data.sh" | ||
asg-min-size = "2" | ||
asg-max-size = "4" | ||
asg-def-size = "2" | ||
alb-name = "rafa-ian-alb" | ||
placement-group-name = "rafa-ian-pg" | ||
target-group-name = "rafa-ian-tg" | ||
asg-name = "rafa-ian-asg" | ||
launch-config-name = "rafa-ian-lc" | ||
instance-associate-public-ip = "true" | ||
iam-role-name = "engage-ECR-read" | ||
ssh-allowed-ips = ["62.255.97.196/32", "62.255.97.197/32"] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/bash | ||
|
||
# basic patching | ||
sudo yum -y update | ||
|
||
# docker | ||
sudo yum -y install docker | ||
sudo service docker start | ||
|
||
# docker-compose | ||
sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | ||
sudo chmod +x /usr/local/bin/docker-compose | ||
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose | ||
|
||
# login to ECR | ||
sudo aws ecr get-login --no-include-email --region eu-west-2 > login.sh | ||
sudo bash login.sh | ||
|
||
# get docker-compose from S3 | ||
sudo aws s3api get-object \ | ||
--bucket docker-compose-engagement \ | ||
--key docker-compose.yml \ | ||
docker-compose.yml | ||
|
||
# get nginx configuration | ||
sudo mkdir container-balancer && cd container-balancer | ||
sudo aws s3api get-object \ | ||
--bucket docker-compose-engagement \ | ||
--key container-balancer/nginx.conf \ | ||
nginx.conf | ||
|
||
# create /etc/nginx directory if not exists | ||
sudo mkdir -p /etc/nginx | ||
|
||
# run app | ||
sudo docker-compose up |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
module "asg" { | ||
source = "EconomistDigitalSolutions/asg/aws" | ||
version = "1.0.0" | ||
|
||
# required variables | ||
aws-profile = "${var.aws-profile}" # provide a profile from ~/.aws/credentials | ||
aws-region = "${var.aws-region}" | ||
|
||
instance-ami = "ami-0dd7e7ed60da8fb83" # if you change region, you must change the AMI | ||
user-data-script = "./deploy-hello-node.sh" # deployment script | ||
asg-min-size = "2" # number of machines | ||
asg-max-size = "5" | ||
asg-def-size = "3" | ||
alb-name = "private-test" | ||
placement-group-name = "private-test" | ||
target-group-name = "private-test" | ||
asg-name = "private-test" | ||
launch-config-name = "private-test" | ||
instance-associate-public-ip = "false" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,165 @@ | ||
variable "aws-region" { | ||
description = "The AWS region" | ||
type = "string" | ||
} | ||
|
||
variable "aws-profile" { | ||
description = "The name of the AWS shared credentials account." | ||
type = "string" | ||
} | ||
|
||
variable "instance-ami" { | ||
description = "The AMI (Amazon Machine Image) that identifies the instance" | ||
type = "string" | ||
default = "ami-01419b804382064e4" | ||
} | ||
|
||
variable "instance-type" { | ||
description = "The instance type to be used" | ||
type = "string" | ||
default = "t2.micro" | ||
} | ||
|
||
variable "instance-key-name" { | ||
description = "The name of the SSH key to associate to the instance. Note that the key must exist already." | ||
type = "string" | ||
default = "" | ||
} | ||
|
||
variable "iam-role-name" { | ||
description = "The IAM role to assign to the instance" | ||
type = "string" | ||
default = "" | ||
} | ||
|
||
variable "instance-associate-public-ip" { | ||
description = "Defines if the EC2 instance has a public IP address." | ||
type = "string" | ||
default = "true" | ||
} | ||
|
||
variable "user-data-script" { | ||
description = "The filepath to the user-data script, that is executed upon spinning up the instance" | ||
type = "string" | ||
default = "" | ||
} | ||
|
||
variable "instance-tag-name" { | ||
description = "instance-tag-name" | ||
type = "string" | ||
default = "EC2-instance-created-with-terraform" | ||
} | ||
|
||
variable "vpc-cidr-block" { | ||
description = "The CIDR block to associate to the VPC" | ||
type = "string" | ||
default = "10.0.0.0/16" | ||
} | ||
|
||
variable "subnet-1-cidr-block" { | ||
description = "The CIDR block to associate to the subnet" | ||
type = "string" | ||
default = "10.0.0.0/24" | ||
} | ||
|
||
variable "subnet-2-cidr-block" { | ||
description = "The CIDR block to associate to the subnet" | ||
type = "string" | ||
default = "10.0.1.0/24" | ||
} | ||
|
||
variable "vpc-tag-name" { | ||
description = "The Name to apply to the VPC" | ||
type = "string" | ||
default = "VPC-created-with-terraform" | ||
} | ||
|
||
variable "ig-tag-name" { | ||
description = "The name to apply to the Internet gateway tag" | ||
type = "string" | ||
default = "aws-ig-created-with-terraform" | ||
} | ||
|
||
variable "subnet-tag-name" { | ||
description = "The Name to apply to the VPN" | ||
type = "string" | ||
default = "VPN-created-with-terraform" | ||
} | ||
|
||
variable "sg-tag-name" { | ||
description = "The Name to apply to the security group" | ||
type = "string" | ||
default = "SG-created-with-terraform" | ||
} | ||
|
||
variable "environment" { | ||
description = "The environment (production/staging)" | ||
type = "string" | ||
default = "staging" | ||
} | ||
|
||
variable "alb-name" { | ||
description = "The application Load Balancer name" | ||
type = "string" | ||
default = "app-load-balancer-w-terraform" | ||
} | ||
|
||
variable "sg-alb-tag-name" { | ||
description = "The name of the SG associated with the ALB" | ||
type = "string" | ||
default = "SG-to-theapp-load-balancer-with-terraform" | ||
} | ||
|
||
variable "placement-group-name" { | ||
description = "The name of the placement group" | ||
type = "string" | ||
default = "placement-group-created-w-terraform" | ||
} | ||
|
||
variable "target-group-name" { | ||
description = "The name of the placement group" | ||
type = "string" | ||
default = "target-group-created-w-terraform" | ||
} | ||
|
||
variable "launch-config-name" { | ||
description = "The name of the launch configuration" | ||
type = "string" | ||
default = "launch-configuration-created-with-terraform" | ||
} | ||
|
||
variable "asg-name" { | ||
description = "The name of the Auto Scaling Group" | ||
type = "string" | ||
default = "ASG-created-with-terraform" | ||
} | ||
|
||
variable "asg-min-size" { | ||
description = "The minimum size of the Auto Scaling Group" | ||
type = "string" | ||
default = "2" | ||
} | ||
|
||
variable "asg-max-size" { | ||
description = "The maximum size of the Auto Scaling Group" | ||
type = "string" | ||
default = "4" | ||
} | ||
|
||
variable "asg-def-size" { | ||
description = "The default/recommended size of the Auto Scaling Group" | ||
type = "string" | ||
default = "3" | ||
} | ||
|
||
variable "domain-name" { | ||
description = "The apps public domain name" | ||
type = "string" | ||
default = "" | ||
} | ||
|
||
variable "sub-domain-name" { | ||
description = "The apps public sub domain name" | ||
type = "string" | ||
default = "" | ||
} |
Oops, something went wrong.