diff --git a/infra/alb.tf b/infra/alb.tf index 59d1018..5f39160 100644 --- a/infra/alb.tf +++ b/infra/alb.tf @@ -1,22 +1,31 @@ -resource "aws_lb" "this" { - name = "${var.app_name}-alb" - security_groups = [aws_security_group.alb.id] - load_balancer_type = "application" +resource "aws_security_group" "security_group_alb" { + name = "${var.app_name}-alb-sg" + description = "Security Group ALB" + vpc_id = aws_vpc.vpc.id + + ingress { + protocol = "tcp" + from_port = 80 + to_port = 80 + cidr_blocks = ["0.0.0.0/0"] + } - subnets = [ - aws_subnet.us-east-2a.id, - aws_subnet.us-east-2b.id - ] + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } tags = local.tags } -resource "aws_lb_target_group" "this" { +resource "aws_lb_target_group" "target_group_alb" { name = "${var.app_name}-target-group" port = 80 protocol = "HTTP" target_type = "ip" - vpc_id = aws_vpc.this.id + vpc_id = aws_vpc.vpc.id health_check { healthy_threshold = "3" @@ -29,35 +38,23 @@ resource "aws_lb_target_group" "this" { } } -resource "aws_lb_listener" "this" { - load_balancer_arn = aws_lb.this.arn +resource "aws_lb" "alb" { + name = "${var.app_name}-alb" + security_groups = [aws_security_group.security_group_alb.id] + load_balancer_type = "application" + + subnets = aws_subnet.public_subnet.*.id + + tags = local.tags +} + +resource "aws_lb_listener" "listener_alb" { + load_balancer_arn = aws_lb.alb.arn port = 80 protocol = "HTTP" default_action { type = "forward" - target_group_arn = aws_lb_target_group.this.arn - } -} - -resource "aws_security_group" "alb" { - name = "${var.app_name}-alb-sg" - description = "Security Group ALB" - vpc_id = aws_vpc.this.id - - ingress { - protocol = "tcp" - from_port = 80 - to_port = 80 - cidr_blocks = ["0.0.0.0/0"] + target_group_arn = aws_lb_target_group.target_group_alb.arn } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } - - tags = local.tags } diff --git a/infra/ecs.tf b/infra/ecs.tf index 65ebeac..374f2bf 100644 --- a/infra/ecs.tf +++ b/infra/ecs.tf @@ -154,7 +154,7 @@ resource "aws_ecs_service" "payment" { enable_execute_command = true network_configuration { - subnets = [aws_subnet.us-east-2a.id, aws_subnet.us-east-2b.id] + subnets = aws_subnet.private_subnet.*.id security_groups = [aws_security_group.ecs.id] assign_public_ip = true } @@ -192,17 +192,17 @@ resource "aws_ecs_service" "app" { launch_type = "FARGATE" scheduling_strategy = "REPLICA" desired_count = 1 - depends_on = [aws_lb.this, aws_db_instance.rds, aws_ecs_service.payment] + depends_on = [aws_lb.alb, aws_db_instance.rds, aws_ecs_service.payment] enable_execute_command = true load_balancer { - target_group_arn = aws_lb_target_group.this.arn + target_group_arn = aws_lb_target_group.target_group_alb.arn container_name = var.app_container_name container_port = var.app_container_port } network_configuration { - subnets = [aws_subnet.us-east-2a.id, aws_subnet.us-east-2b.id] + subnets = aws_subnet.private_subnet.*.id security_groups = [aws_security_group.ecs.id] assign_public_ip = true } @@ -236,13 +236,13 @@ resource "aws_ecs_service" "app" { resource "aws_security_group" "ecs" { name = "${var.cluster_name}-ecs-task-sg" description = "Security Group for ECS Task" - vpc_id = aws_vpc.this.id + vpc_id = aws_vpc.vpc.id ingress { protocol = "tcp" from_port = var.app_container_port to_port = var.app_container_port - security_groups = [aws_security_group.alb.id] + security_groups = [aws_security_group.security_group_alb.id] cidr_blocks = ["192.168.0.0/16"] } diff --git a/infra/locals.tf b/infra/locals.tf index fa6f88d..ff6fc72 100644 --- a/infra/locals.tf +++ b/infra/locals.tf @@ -1,6 +1,5 @@ locals { tags = { - Project = "Lanchonete App ECS" - Service = "ECS Fargate" + Environment = var.environment } } \ No newline at end of file diff --git a/infra/rds.tf b/infra/rds.tf index a35e798..178c191 100644 --- a/infra/rds.tf +++ b/infra/rds.tf @@ -1,10 +1,7 @@ resource "aws_db_subnet_group" "rds" { name = "subnet_group_rds" - subnet_ids = [ - aws_subnet.us-east-2a.id, - aws_subnet.us-east-2b.id - ] + subnet_ids = aws_subnet.private_subnet.*.id tags = { Name = "DB subnet group" @@ -14,7 +11,7 @@ resource "aws_db_subnet_group" "rds" { resource "aws_security_group" "rds" { name = "${var.app_name}-rds-sg" description = "SG for RDS" - vpc_id = aws_vpc.this.id + vpc_id = aws_vpc.vpc.id ingress = [{ cidr_blocks = [ "187.19.185.70/32" ] diff --git a/infra/variables.tf b/infra/variables.tf index 4960569..8dddbb1 100644 --- a/infra/variables.tf +++ b/infra/variables.tf @@ -1,3 +1,14 @@ +/*==== Global project variables ======*/ +variable "environment" { + type = string + default = "lanchonete" +} + +variable "aws_region" { + type = string + default = "us-east-2" +} + variable "app_name" { type = string default = "lanchonete-app" @@ -7,12 +18,32 @@ variable "cluster_name" { type = string default = "lanchonete-cluster" } +/*==== End global project variables ======*/ -variable "aws_region" { + +/*==== Variables for VPC ======*/ +variable "vpc_cidr" { type = string - default = "us-east-2" + default = "192.168.0.0/16" } +variable "public_subnets_cidr" { + type = list + default = ["192.168.0.0/20", "192.168.16.0/20"] +} + +variable "private_subnets_cidr" { + type = list + default = ["192.168.128.0/20", "192.168.144.0/20"] +} + +variable "availability_zones" { + type = list + default = ["us-east-2a", "us-east-2b"] +} +/*==== End variables for VPC ======*/ + + variable "user_github_actions" { type = string default = "github-actions" diff --git a/infra/vpc.tf b/infra/vpc.tf index 99bd420..c78480a 100644 --- a/infra/vpc.tf +++ b/infra/vpc.tf @@ -1,53 +1,112 @@ -resource "aws_vpc" "this" { - cidr_block = "192.168.0.0/16" - enable_dns_support = true - enable_dns_hostnames = true - - tags = merge(local.tags, { Name : "${var.app_name}-VPC" }) -} - -resource "aws_subnet" "us-east-2a" { - vpc_id = aws_vpc.this.id - availability_zone = "us-east-2a" - cidr_block = "192.168.1.0/24" - - tags = { - AZ = "a" - } -} - -resource "aws_subnet" "us-east-2b" { - vpc_id = aws_vpc.this.id - availability_zone = "us-east-2b" - cidr_block = "192.168.2.0/24" - - tags = { - AZ = "b" - } -} - -resource "aws_internet_gateway" "this" { - vpc_id = aws_vpc.this.id - tags = merge(local.tags, { Name : "${var.app_name}-IGW" }) -} - -resource "aws_route_table" "public" { - vpc_id = aws_vpc.this.id - - route { - cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.this.id - } - - tags = merge(local.tags, { Name : "${var.app_name}-route-table" }) -} - -resource "aws_route_table_association" "a" { - subnet_id = aws_subnet.us-east-2a.id - route_table_id = aws_route_table.public.id -} - -resource "aws_route_table_association" "b" { - subnet_id = aws_subnet.us-east-2b.id - route_table_id = aws_route_table.public.id +/*==== The VPC ======*/ +resource "aws_vpc" "vpc" { + cidr_block = var.vpc_cidr + enable_dns_hostnames = true + enable_dns_support = true + + tags = { + Name = "${var.environment}-vpc" + Environment = var.environment + } +} + +/*==== Subnets ======*/ +# Public subnet +resource "aws_subnet" "public_subnet" { + vpc_id = aws_vpc.vpc.id + count = length(var.public_subnets_cidr) + cidr_block = element(var.public_subnets_cidr, count.index) + availability_zone = element(var.availability_zones, count.index) + map_public_ip_on_launch = true + + tags = { + Name = "${var.environment}-${element(var.availability_zones, count.index)}-public-subnet" + Environment = var.environment + } +} + +# Private Subnet +resource "aws_subnet" "private_subnet" { + vpc_id = aws_vpc.vpc.id + count = length(var.private_subnets_cidr) + cidr_block = element(var.private_subnets_cidr, count.index) + availability_zone = element(var.availability_zones, count.index) + map_public_ip_on_launch = false + + tags = { + Name = "${var.environment}-${element(var.availability_zones, count.index)}-private-subnet" + Environment = var.environment + } +} + +# Internet gateway for the public subnet +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.vpc.id + tags = { + Name = "${var.environment}-igw" + Environment = var.environment + } +} + +# Elastic-IP (eip) for NAT public +resource "aws_eip" "nat_eip" { + domain = "vpc" + depends_on = [aws_internet_gateway.igw] +} + +# NAT +resource "aws_nat_gateway" "nat" { + allocation_id = aws_eip.nat_eip.id + subnet_id = element(aws_subnet.public_subnet.*.id, 0) + + tags = { + Name = "${var.environment}-nat" + Environment = var.environment + } +} + +# Routing tables to route traffic for Public Subnet +resource "aws_route_table" "public" { + vpc_id = aws_vpc.vpc.id + tags = { + Name = "${var.environment}-public-route-table" + Environment = var.environment + } +} + +# Routing tables to route traffic for Private Subnet +resource "aws_route_table" "private" { + vpc_id = aws_vpc.vpc.id + tags = { + Name = "${var.environment}-private-route-table" + Environment = var.environment + } +} + +# Route for Internet Gateway +resource "aws_route" "public_internet_gateway" { + route_table_id = aws_route_table.public.id + destination_cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.igw.id +} + +# Route for NAT +resource "aws_route" "private_nat_gateway" { + route_table_id = aws_route_table.private.id + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = aws_nat_gateway.nat.id +} + +# Route table associations for public subnets +resource "aws_route_table_association" "public" { + count = length(var.public_subnets_cidr) + subnet_id = element(aws_subnet.public_subnet.*.id, count.index) + route_table_id = aws_route_table.public.id +} + +# Route table associations for private subnets +resource "aws_route_table_association" "private" { + count = length(var.private_subnets_cidr) + subnet_id = element(aws_subnet.private_subnet.*.id, count.index) + route_table_id = aws_route_table.private.id } \ No newline at end of file