From c40a6bd17a05a3e1c89cc39f9e5c3918d84cb304 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Mon, 18 Feb 2019 23:14:58 -0800 Subject: [PATCH 01/15] Refactor db to its own role --- beanstalk_env/main.tf | 66 ++------------------------------------ beanstalk_env/variables.tf | 22 +++---------- postgresdb/main.tf | 37 +++++++++++++++++++++ postgresdb/outputs.tf | 19 +++++++++++ postgresdb/variables.tf | 25 +++++++++++++++ test.tf | 30 +++++++++++++++++ 6 files changed, 118 insertions(+), 81 deletions(-) create mode 100644 postgresdb/main.tf create mode 100644 postgresdb/outputs.tf create mode 100644 postgresdb/variables.tf create mode 100644 test.tf diff --git a/beanstalk_env/main.tf b/beanstalk_env/main.tf index 6188c4e..4e93116 100644 --- a/beanstalk_env/main.tf +++ b/beanstalk_env/main.tf @@ -3,7 +3,7 @@ data "aws_elastic_beanstalk_solution_stack" "docker" { name_regex = "^64bit Amazon Linux (.*) running Docker (.*)$" } -resource "aws_security_group" "application" { +resource "aws_security_group" "instances" { name = "${var.app_name}-${var.app_instance}-app" // Allow HTTP connections from the load balancer @@ -48,42 +48,6 @@ resource "aws_security_group" "application-load-balancer" { } } -resource "aws_security_group" "database" { - name = "${var.app_name}-${var.app_instance}-db" - - // Allow HTTP connections from the application - ingress { - from_port = 5432 - to_port = 5432 - protocol = "tcp" - - security_groups = [ - "${aws_security_group.application.id}", - ] - } -} - -resource "aws_db_instance" "database" { - allocated_storage = 20 - storage_type = "gp2" - engine = "postgres" - engine_version = "10.5" - instance_class = "db.t2.micro" - deletion_protection = "${var.deletion_protection}" - identifier = "${var.app_name}-${var.app_instance}" - final_snapshot_identifier = "${var.app_name}-${var.app_instance}-final" - name = "${var.db_name}" - username = "${var.db_username}" - password = "${var.db_password}" - publicly_accessible = "false" - backup_retention_period = "7" - backup_window = "10:00-10:30" - - vpc_security_group_ids = [ - "${aws_security_group.database.id}", - ] -} - resource "aws_elastic_beanstalk_environment" "environment" { name = "${var.app_name}-${var.app_instance}" application = "${var.app_name}" @@ -100,7 +64,7 @@ resource "aws_elastic_beanstalk_environment" "environment" { setting { namespace = "aws:autoscaling:launchconfiguration" name = "SecurityGroups" - value = "${aws_security_group.application.name}" + value = "${join(",", concat(list(aws_security_group.instances.name), var.security_groups))}" } setting { @@ -160,37 +124,26 @@ resource "aws_elastic_beanstalk_environment" "environment" { name = "StreamLogs" value = "true" } - setting { namespace = "aws:elasticbeanstalk:cloudwatch:logs" name = "RetentionInDays" value = "90" } - setting { namespace = "aws:elasticbeanstalk:hostmanager" name = "LogPublicationControl" value = "true" } - setting { namespace = "aws:elasticbeanstalk:healthreporting:system" name = "SystemType" value = "enhanced" } - setting { namespace = "aws:autoscaling:updatepolicy:rollingupdate" name = "RollingUpdateEnabled" value = "true" } - - setting { - namespace = "aws:elasticbeanstalk:application:environment" - name = "DATABASE_URL" - value = "postgis://${var.db_username}:${var.db_password}@${aws_db_instance.database.endpoint}/${var.db_name}" - } - # Define environment variables for the application. # TODO Terraform v0.12 introduces dynamic nested blocks to make this better # https://www.hashicorp.com/blog/hashicorp-terraform-0-12-preview-for-and-for-each#dynamic-nested-blocks @@ -199,90 +152,75 @@ resource "aws_elastic_beanstalk_environment" "environment" { name = "${element(keys(var.environment_variables), 0)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 0),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 1)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 1),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 2)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 2),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 3)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 3),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 4)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 4),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 5)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 5),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 6)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 6),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 7)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 7),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 8)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 8),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 9)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 9),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 10)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 10),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 11)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 11),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 12)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 12),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 13)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 13),"")}" } - setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 14)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 14),"")}" } - depends_on = ["aws_acm_certificate_validation.environment"] } diff --git a/beanstalk_env/variables.tf b/beanstalk_env/variables.tf index b9c96e9..62a430a 100644 --- a/beanstalk_env/variables.tf +++ b/beanstalk_env/variables.tf @@ -2,18 +2,6 @@ variable "app_name" { description = "Slugified name of the beanstalk application." } -variable "db_name" { - description = "Name of the RDS database to create for the application." -} - -variable "db_username" { - description = "RDS username to create for the application." -} - -variable "db_password" { - description = "RDS password to create for the application." -} - variable "app_instance" { description = "Name of this beanstalk environment e.g. (dev, staging, production, etc)." } @@ -36,13 +24,13 @@ variable "dns_zone_id" { description = "DNS zone (id) to use for beanstalk application." } -variable "deletion_protection" { - description = "Enable deletion protection on various components." - default = true -} - variable "environment_variables" { description = "Map of environment variables to set for this beanstalk environment." type = "map" default = {} } + +variable "security_groups" { + description = "List of security groups to attach to Beanstalk instances." + default = [] +} diff --git a/postgresdb/main.tf b/postgresdb/main.tf new file mode 100644 index 0000000..5a23bf3 --- /dev/null +++ b/postgresdb/main.tf @@ -0,0 +1,37 @@ +resource "aws_security_group" "allowed" { + name = "${var.namespace}-db-access" +} + +resource "aws_security_group" "database" { + name = "${var.namespace}-db" + + // Allow HTTP connections from the application instances + ingress { + from_port = 5432 + to_port = 5432 + protocol = "tcp" + + security_groups = ["${aws_security_group.allowed.id}"] + } +} + +resource "aws_db_instance" "database" { + allocated_storage = 20 + storage_type = "gp2" + engine = "postgres" + engine_version = "10.5" + instance_class = "db.t2.micro" + deletion_protection = "${var.deletion_protection}" + identifier = "${var.namespace}" + final_snapshot_identifier = "${var.namespace}-final" + name = "${var.db_name}" + username = "${var.db_username}" + password = "${var.db_password}" + publicly_accessible = "false" + backup_retention_period = "7" + backup_window = "10:00-10:30" + + vpc_security_group_ids = [ + "${aws_security_group.database.id}", + ] +} diff --git a/postgresdb/outputs.tf b/postgresdb/outputs.tf new file mode 100644 index 0000000..53444e4 --- /dev/null +++ b/postgresdb/outputs.tf @@ -0,0 +1,19 @@ +output "database_url" { + description = "DATABASE_URL to configure for applications to use this database." + value = "postgresql://${var.db_username}:${var.db_password}@${aws_db_instance.database.endpoint}/${var.db_name}" +} + +output "postgis_database_url" { + description = "DATABASE_URL to configure for applications to use this database, with postgis:// prefix." + value = "postgis://${var.db_username}:${var.db_password}@${aws_db_instance.database.endpoint}/${var.db_name}" +} + +output "security_group_id" { + description = "Id of the security group with access to database." + value = "${aws_security_group.allowed.id}" +} + +output "security_group_name" { + description = "Name of the security group with access to database." + value = "${aws_security_group.allowed.name}" +} diff --git a/postgresdb/variables.tf b/postgresdb/variables.tf new file mode 100644 index 0000000..bf5697e --- /dev/null +++ b/postgresdb/variables.tf @@ -0,0 +1,25 @@ +variable "namespace" { + description = "Name to help identify database resources, e.g. app-production." +} + +variable "db_name" { + description = "Name of the RDS database to create for the application." +} + +variable "db_username" { + description = "RDS username to create for the application." +} + +variable "db_password" { + description = "RDS password to create for the application." +} + +variable "deletion_protection" { + description = "Enable deletion protection." + default = true +} + +variable "security_groups_allowed" { + description = "Security groups allowed to access the database." + default = [] +} diff --git a/test.tf b/test.tf new file mode 100644 index 0000000..056fe02 --- /dev/null +++ b/test.tf @@ -0,0 +1,30 @@ +module "beanstalk_app_test" { + source = "./beanstalk_app" + + app_name = "terraform-modules" +} + +module "postgresdb_test" { + source = "./postgresdb" + namespace = "terraform-modules-test" + db_name = "terraform_modules" + db_password = "database-secret" + db_username = "dbuser" +} + +module "beanstalk_env_test" { + source = "./beanstalk_env" + + app_instance = "test" + app_name = "terraform-modules" + dns_zone = "aws.openoakland.org" + security_groups = ["${module.postgresdb_test.security_group_name}"] + + environment_variables = { + DATABASE_URL = "${module.postgresdb_test.database_url}" + } +} + +output "beanstalk_env_fqdn" { + value = "${module.beanstalk_env_test.fqdn}" +} From 942d22bc8386614a20bc60238bf3507c51baaca9 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Mon, 18 Feb 2019 23:16:32 -0800 Subject: [PATCH 02/15] Fix dns zone and ACM issue --- beanstalk_app/main.tf | 4 ---- beanstalk_app/outputs.tf | 9 --------- beanstalk_app/variables.tf | 5 ----- beanstalk_env/dns.tf | 10 +++++++--- beanstalk_env/outputs.tf | 9 +++++++++ beanstalk_env/variables.tf | 8 ++------ provider.tf | 3 +++ test.tf | 3 ++- 8 files changed, 23 insertions(+), 28 deletions(-) create mode 100644 beanstalk_env/outputs.tf create mode 100644 provider.tf diff --git a/beanstalk_app/main.tf b/beanstalk_app/main.tf index 750dffb..fe9b57e 100644 --- a/beanstalk_app/main.tf +++ b/beanstalk_app/main.tf @@ -2,10 +2,6 @@ data "aws_iam_role" "beanstalk_service" { name = "aws-elasticbeanstalk-service-role" } -resource "aws_route53_zone" "default" { - name = "${var.dns_zone}" -} - resource "aws_elastic_beanstalk_application" "default" { name = "${var.app_name}" diff --git a/beanstalk_app/outputs.tf b/beanstalk_app/outputs.tf index fb000f5..e69de29 100644 --- a/beanstalk_app/outputs.tf +++ b/beanstalk_app/outputs.tf @@ -1,9 +0,0 @@ -output "dns_zone" { - description = "DNS zone name." - value = "${aws_route53_zone.default.name}" -} - -output "dns_zone_id" { - description = "DNS zone_id created." - value = "${aws_route53_zone.default.zone_id}" -} diff --git a/beanstalk_app/variables.tf b/beanstalk_app/variables.tf index 40bf0fe..53833d7 100644 --- a/beanstalk_app/variables.tf +++ b/beanstalk_app/variables.tf @@ -3,11 +3,6 @@ variable "app_name" { type = "string" } -variable "dns_zone" { - description = "DNS Zone name to create where beanstalk environments will be hosted." - type = "string" -} - variable "delete_source_from_s3" { description = "When old application versions are removed, the source should also be deleted from S3." default = "true" diff --git a/beanstalk_env/dns.tf b/beanstalk_env/dns.tf index 7fea140..8e5d10c 100644 --- a/beanstalk_env/dns.tf +++ b/beanstalk_env/dns.tf @@ -1,5 +1,9 @@ +data "aws_route53_zone" "environment" { + name = "${var.dns_zone}." +} + resource "aws_route53_record" "environment" { - zone_id = "${var.dns_zone_id}" + zone_id = "${data.aws_route53_zone.environment.zone_id}" name = "${var.app_name}-${var.app_instance}" type = "CNAME" ttl = 300 @@ -8,7 +12,7 @@ resource "aws_route53_record" "environment" { // Create an SSL/TLS certificate for the domain resource "aws_acm_certificate" "environment" { - domain_name = "${var.app_name}-${var.app_instance}.${var.dns_zone_name}" + domain_name = "${var.app_name}-${var.app_instance}.${var.dns_zone}" validation_method = "DNS" lifecycle { @@ -20,7 +24,7 @@ resource "aws_acm_certificate" "environment" { resource "aws_route53_record" "cert_validation" { name = "${aws_acm_certificate.environment.domain_validation_options.0.resource_record_name}" type = "${aws_acm_certificate.environment.domain_validation_options.0.resource_record_type}" - zone_id = "${var.dns_zone_id}" + zone_id = "${data.aws_route53_zone.environment.zone_id}" records = ["${aws_acm_certificate.environment.domain_validation_options.0.resource_record_value}"] ttl = 60 } diff --git a/beanstalk_env/outputs.tf b/beanstalk_env/outputs.tf new file mode 100644 index 0000000..f44908b --- /dev/null +++ b/beanstalk_env/outputs.tf @@ -0,0 +1,9 @@ +output "cname" { + description = "CNAME of the created Beanstalk environment." + value = "${aws_elastic_beanstalk_environment.environment.cname}" +} + +output "fqdn" { + description = "Public FQDN of the created Beanstalk environment." + value = "${aws_route53_record.environment.fqdn}" +} diff --git a/beanstalk_env/variables.tf b/beanstalk_env/variables.tf index 62a430a..4619bae 100644 --- a/beanstalk_env/variables.tf +++ b/beanstalk_env/variables.tf @@ -16,12 +16,8 @@ variable "instance_type" { default = "t3.micro" } -variable "dns_zone_name" { - description = "DNS zone (name) to use for beanstalk application." -} - -variable "dns_zone_id" { - description = "DNS zone (id) to use for beanstalk application." +variable "dns_zone" { + description = "DNS zone to use for beanstalk application e.g. aws.example.com" } variable "environment_variables" { diff --git a/provider.tf b/provider.tf new file mode 100644 index 0000000..ce6d23d --- /dev/null +++ b/provider.tf @@ -0,0 +1,3 @@ +provider "aws" { + region = "us-west-2" +} diff --git a/test.tf b/test.tf index 056fe02..b7cade5 100644 --- a/test.tf +++ b/test.tf @@ -9,7 +9,8 @@ module "postgresdb_test" { namespace = "terraform-modules-test" db_name = "terraform_modules" db_password = "database-secret" - db_username = "dbuser" + db_username = "db_test_user" + deletion_protection = false } module "beanstalk_env_test" { From fa40a432ebf4a3f11a6960124d854fbd8e5fc516 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Mon, 18 Feb 2019 23:18:09 -0800 Subject: [PATCH 03/15] Update .gitignore --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 1e79887..e10eb82 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ *.tfplan -*.tfstore +*.tfstate +*.tfstate.backup terraform.tfvars .terraform From 960ad70e0aa643a7113aed2d433bb90b25b6d1a0 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Mon, 18 Feb 2019 23:18:41 -0800 Subject: [PATCH 04/15] terraform fmt --- beanstalk_app/outputs.tf | 1 + beanstalk_env/main.tf | 20 ++++++++++++++++++++ beanstalk_env/outputs.tf | 4 ++-- test.tf | 12 ++++++------ 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/beanstalk_app/outputs.tf b/beanstalk_app/outputs.tf index e69de29..8b13789 100644 --- a/beanstalk_app/outputs.tf +++ b/beanstalk_app/outputs.tf @@ -0,0 +1 @@ + diff --git a/beanstalk_env/main.tf b/beanstalk_env/main.tf index 4e93116..9fd7589 100644 --- a/beanstalk_env/main.tf +++ b/beanstalk_env/main.tf @@ -124,26 +124,31 @@ resource "aws_elastic_beanstalk_environment" "environment" { name = "StreamLogs" value = "true" } + setting { namespace = "aws:elasticbeanstalk:cloudwatch:logs" name = "RetentionInDays" value = "90" } + setting { namespace = "aws:elasticbeanstalk:hostmanager" name = "LogPublicationControl" value = "true" } + setting { namespace = "aws:elasticbeanstalk:healthreporting:system" name = "SystemType" value = "enhanced" } + setting { namespace = "aws:autoscaling:updatepolicy:rollingupdate" name = "RollingUpdateEnabled" value = "true" } + # Define environment variables for the application. # TODO Terraform v0.12 introduces dynamic nested blocks to make this better # https://www.hashicorp.com/blog/hashicorp-terraform-0-12-preview-for-and-for-each#dynamic-nested-blocks @@ -152,75 +157,90 @@ resource "aws_elastic_beanstalk_environment" "environment" { name = "${element(keys(var.environment_variables), 0)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 0),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 1)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 1),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 2)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 2),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 3)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 3),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 4)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 4),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 5)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 5),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 6)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 6),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 7)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 7),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 8)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 8),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 9)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 9),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 10)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 10),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 11)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 11),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 12)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 12),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 13)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 13),"")}" } + setting { namespace = "aws:elasticbeanstalk:application:environment" name = "${element(keys(var.environment_variables), 14)}" value = "${lookup(var.environment_variables, element(keys(var.environment_variables), 14),"")}" } + depends_on = ["aws_acm_certificate_validation.environment"] } diff --git a/beanstalk_env/outputs.tf b/beanstalk_env/outputs.tf index f44908b..fdf77cf 100644 --- a/beanstalk_env/outputs.tf +++ b/beanstalk_env/outputs.tf @@ -1,9 +1,9 @@ output "cname" { description = "CNAME of the created Beanstalk environment." - value = "${aws_elastic_beanstalk_environment.environment.cname}" + value = "${aws_elastic_beanstalk_environment.environment.cname}" } output "fqdn" { description = "Public FQDN of the created Beanstalk environment." - value = "${aws_route53_record.environment.fqdn}" + value = "${aws_route53_record.environment.fqdn}" } diff --git a/test.tf b/test.tf index b7cade5..bd2e397 100644 --- a/test.tf +++ b/test.tf @@ -5,11 +5,11 @@ module "beanstalk_app_test" { } module "postgresdb_test" { - source = "./postgresdb" - namespace = "terraform-modules-test" - db_name = "terraform_modules" - db_password = "database-secret" - db_username = "db_test_user" + source = "./postgresdb" + namespace = "terraform-modules-test" + db_name = "terraform_modules" + db_password = "database-secret" + db_username = "db_test_user" deletion_protection = false } @@ -18,7 +18,7 @@ module "beanstalk_env_test" { app_instance = "test" app_name = "terraform-modules" - dns_zone = "aws.openoakland.org" + dns_zone = "aws.openoakland.org" security_groups = ["${module.postgresdb_test.security_group_name}"] environment_variables = { From 0ebf54879e4c9ac55026bbe289a09e136d331526 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Tue, 26 Feb 2019 21:21:37 -0800 Subject: [PATCH 05/15] [beanstalk_env] add key_pair variable --- beanstalk_env/main.tf | 6 ++++++ beanstalk_env/variables.tf | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/beanstalk_env/main.tf b/beanstalk_env/main.tf index 9fd7589..52d0eae 100644 --- a/beanstalk_env/main.tf +++ b/beanstalk_env/main.tf @@ -61,6 +61,12 @@ resource "aws_elastic_beanstalk_environment" "environment" { value = "${var.instance_type}" } + setting { + namespace = "aws:autoscaling:launchconfiguration" + name = "EC2KeyName" + value = "${var.key_pair}" + } + setting { namespace = "aws:autoscaling:launchconfiguration" name = "SecurityGroups" diff --git a/beanstalk_env/variables.tf b/beanstalk_env/variables.tf index 4619bae..ee69bbd 100644 --- a/beanstalk_env/variables.tf +++ b/beanstalk_env/variables.tf @@ -26,6 +26,11 @@ variable "environment_variables" { default = {} } +variable "key_pair" { + description = "SSH key pair to assign to EC2 instances." + default = "" +} + variable "security_groups" { description = "List of security groups to attach to Beanstalk instances." default = [] From b2c4eea7db5bbda2893e96d1f069dfb646fa612c Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Tue, 26 Feb 2019 21:23:54 -0800 Subject: [PATCH 06/15] Update gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index e10eb82..e883f62 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +*.lock.info *.tfplan *.tfstate *.tfstate.backup From 870ee4067a28bdedc73e2136c0441dfd1a6792aa Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Tue, 26 Feb 2019 22:42:44 -0800 Subject: [PATCH 07/15] [postgresdb] add skip_final_snapshot for testing --- postgresdb/main.tf | 1 + postgresdb/variables.tf | 5 +++++ test.tf | 1 + 3 files changed, 7 insertions(+) diff --git a/postgresdb/main.tf b/postgresdb/main.tf index 5a23bf3..4abd6fa 100644 --- a/postgresdb/main.tf +++ b/postgresdb/main.tf @@ -30,6 +30,7 @@ resource "aws_db_instance" "database" { publicly_accessible = "false" backup_retention_period = "7" backup_window = "10:00-10:30" + skip_final_snapshot = "${var.skip_final_snapshot}" vpc_security_group_ids = [ "${aws_security_group.database.id}", diff --git a/postgresdb/variables.tf b/postgresdb/variables.tf index bf5697e..c248f01 100644 --- a/postgresdb/variables.tf +++ b/postgresdb/variables.tf @@ -23,3 +23,8 @@ variable "security_groups_allowed" { description = "Security groups allowed to access the database." default = [] } + +variable "skip_final_snapshot" { + description = "Disable final snapshot creation on deletion." + default = false +} diff --git a/test.tf b/test.tf index bd2e397..4a892f9 100644 --- a/test.tf +++ b/test.tf @@ -11,6 +11,7 @@ module "postgresdb_test" { db_password = "database-secret" db_username = "db_test_user" deletion_protection = false + skip_final_snapshot = true } module "beanstalk_env_test" { From bb6f5f6caa8ffb8e3a327effe134e1ca3b16e8fb Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Wed, 27 Feb 2019 07:42:08 -0800 Subject: [PATCH 08/15] Update README --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index dd4c5ea..5887298 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,21 @@ You'll need to install these. - [Terraform](https://www.terraform.io/downloads.html) v0.11+ +## Development + +### Setup + +Set your AWS access key. + + $ export AWS_ACCESS_KEY_ID= + $ export AWS_SECRET_ACCESS_KEY= + +There is no state for this repo. You can run `terraform plan` or `terraform +apply` with local state to make sure modules are created properly. Make changes +to `test.tf` template in order to test them. Make sure to delete your modules +afterwards with `terraform destroy`. + + ### Test your templates Runs `terraform validate` on all the modules. From 660591ef612267e1d33f3db45c21ff1f898b9f15 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Wed, 27 Feb 2019 07:46:16 -0800 Subject: [PATCH 09/15] [beanstalk_env] README --- beanstalk_env/README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 beanstalk_env/README.md diff --git a/beanstalk_env/README.md b/beanstalk_env/README.md new file mode 100644 index 0000000..aef6859 --- /dev/null +++ b/beanstalk_env/README.md @@ -0,0 +1,29 @@ +# beanstalk_env + +Creates an AWS Elastic Beanstalk environment. + + +## Usage + +```hcl +module "production_web" { + source = "github.com/openoakland/terraform-modules//beanstalk_env?ref=v1.0.0" + app_name = "my-app" + app_instance = "production" + dns_zone_name = "myapp.aws.example.com" + dns_zone_id = "${aws_route53_zone.myapp_zone.id}" + + environment_variables { + DATABASE_URL = "postgres://dbuser:dbpassword@dbhost/dbname" + } +} +``` + +### Variables + +See [beanstalk_env/variables.tf](./variables.tf). + + +### Outputs + +See [beanstalk_env/outputs.tf](./outputs.tf). From 09d731993a4d2c0db1ef563ae3060c5bc418eaf1 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Wed, 27 Feb 2019 07:48:02 -0800 Subject: [PATCH 10/15] [beanstalk_app] remove empty outputs --- beanstalk_app/outputs.tf | 1 - 1 file changed, 1 deletion(-) delete mode 100644 beanstalk_app/outputs.tf diff --git a/beanstalk_app/outputs.tf b/beanstalk_app/outputs.tf deleted file mode 100644 index 8b13789..0000000 --- a/beanstalk_app/outputs.tf +++ /dev/null @@ -1 +0,0 @@ - From 722405368b8deaf55ce8ad1a45bf73a7e948600f Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Wed, 27 Feb 2019 07:53:48 -0800 Subject: [PATCH 11/15] Update READMEs --- beanstalk_app/README.md | 22 ++++++++++++++++++++++ beanstalk_env/README.md | 2 +- postgresdb/README.md | 27 +++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 beanstalk_app/README.md create mode 100644 postgresdb/README.md diff --git a/beanstalk_app/README.md b/beanstalk_app/README.md new file mode 100644 index 0000000..2d5d258 --- /dev/null +++ b/beanstalk_app/README.md @@ -0,0 +1,22 @@ +# beanstalk_app + +Creates an Elastic Beanstalk app. + +## Usage + +```hcl +module "myapp" { + source = "github.com/openoakland/terraform-modules.git//beanstalk_app?ref=2.0.0 + + app_name = "myapp" +} +``` + +### Variables + +See [beanstalk_app/variables.tf](./variables.tf). + + +### Outputs + +N/A diff --git a/beanstalk_env/README.md b/beanstalk_env/README.md index aef6859..07512c0 100644 --- a/beanstalk_env/README.md +++ b/beanstalk_env/README.md @@ -7,7 +7,7 @@ Creates an AWS Elastic Beanstalk environment. ```hcl module "production_web" { - source = "github.com/openoakland/terraform-modules//beanstalk_env?ref=v1.0.0" + source = "github.com/openoakland/terraform-modules//beanstalk_env?ref=v2.0.0" app_name = "my-app" app_instance = "production" dns_zone_name = "myapp.aws.example.com" diff --git a/postgresdb/README.md b/postgresdb/README.md new file mode 100644 index 0000000..0dab16d --- /dev/null +++ b/postgresdb/README.md @@ -0,0 +1,27 @@ +# postgresd + +Creates a PostgreSQL RDS database instnace. + + +## Usage + +```hcl +module "db" { + source = "github.com/openoakland/terraform-modules.git//postgresdb?ref=2.0.0 + + db_name = "myapp_db" + db_password = "${var.db_password}" + db_username = "myappuser" + namespace = "myapp-prod" + +} +``` + +### Variables + +See [postgresdb/variables.tf](./variables.tf). + + +### Outputs + +See [postgresdb/outputs.tf](./outputs.tf). From fb0751dd5258d6a35ee57530494b831679bbbd32 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Wed, 27 Feb 2019 08:11:25 -0800 Subject: [PATCH 12/15] Update Makefile --- Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Makefile b/Makefile index c9843fe..b3c6572 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,4 @@ -MODULES := \ - beanstalk_app \ - beanstalk_env +MODULES := $(dir $(wildcard */)) MODULE_TEST_TARGETS := $(addprefix test., $(MODULES)) From 9d9f2d18e1212cd1d253fbd77adee9435fa7cc1e Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Sat, 2 Mar 2019 19:24:39 -0800 Subject: [PATCH 13/15] [beanstalk_env] include beanstalk_app for example --- beanstalk_env/README.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/beanstalk_env/README.md b/beanstalk_env/README.md index 07512c0..4df4023 100644 --- a/beanstalk_env/README.md +++ b/beanstalk_env/README.md @@ -6,9 +6,15 @@ Creates an AWS Elastic Beanstalk environment. ## Usage ```hcl -module "production_web" { +module "myapp" { + source = "github.com/openoakland/terraform-modules.git//beanstalk_app?ref=2.0.0 + + app_name = "myapp" +} + +module "myapp_prod_web" { source = "github.com/openoakland/terraform-modules//beanstalk_env?ref=v2.0.0" - app_name = "my-app" + app_name = "myapp" app_instance = "production" dns_zone_name = "myapp.aws.example.com" dns_zone_id = "${aws_route53_zone.myapp_zone.id}" From 6e3c2c93d53d6e7e63dc2ba06b4f735b120a17a8 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Tue, 5 Mar 2019 19:51:52 -0800 Subject: [PATCH 14/15] beanstalk_env -> beanstalk_web_env --- {beanstalk_env => beanstalk_web_env}/README.md | 0 {beanstalk_env => beanstalk_web_env}/dns.tf | 0 {beanstalk_env => beanstalk_web_env}/main.tf | 0 {beanstalk_env => beanstalk_web_env}/outputs.tf | 0 {beanstalk_env => beanstalk_web_env}/variables.tf | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename {beanstalk_env => beanstalk_web_env}/README.md (100%) rename {beanstalk_env => beanstalk_web_env}/dns.tf (100%) rename {beanstalk_env => beanstalk_web_env}/main.tf (100%) rename {beanstalk_env => beanstalk_web_env}/outputs.tf (100%) rename {beanstalk_env => beanstalk_web_env}/variables.tf (100%) diff --git a/beanstalk_env/README.md b/beanstalk_web_env/README.md similarity index 100% rename from beanstalk_env/README.md rename to beanstalk_web_env/README.md diff --git a/beanstalk_env/dns.tf b/beanstalk_web_env/dns.tf similarity index 100% rename from beanstalk_env/dns.tf rename to beanstalk_web_env/dns.tf diff --git a/beanstalk_env/main.tf b/beanstalk_web_env/main.tf similarity index 100% rename from beanstalk_env/main.tf rename to beanstalk_web_env/main.tf diff --git a/beanstalk_env/outputs.tf b/beanstalk_web_env/outputs.tf similarity index 100% rename from beanstalk_env/outputs.tf rename to beanstalk_web_env/outputs.tf diff --git a/beanstalk_env/variables.tf b/beanstalk_web_env/variables.tf similarity index 100% rename from beanstalk_env/variables.tf rename to beanstalk_web_env/variables.tf From 5dfe97815c00e11a5e68899a8d8c976df71ecdb9 Mon Sep 17 00:00:00 2001 From: Aaron D Borden Date: Tue, 5 Mar 2019 19:53:40 -0800 Subject: [PATCH 15/15] [beanstalk_web_env] update name --- beanstalk_web_env/README.md | 11 ++++++----- test.tf | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/beanstalk_web_env/README.md b/beanstalk_web_env/README.md index 4df4023..81f42fe 100644 --- a/beanstalk_web_env/README.md +++ b/beanstalk_web_env/README.md @@ -1,6 +1,7 @@ -# beanstalk_env +# beanstalk_web_env -Creates an AWS Elastic Beanstalk environment. +Creates an AWS Elastic Beanstalk web environment with load balancer and auto +scaling group. ## Usage @@ -13,7 +14,7 @@ module "myapp" { } module "myapp_prod_web" { - source = "github.com/openoakland/terraform-modules//beanstalk_env?ref=v2.0.0" + source = "github.com/openoakland/terraform-modules//beanstalk_web_env?ref=v2.0.0" app_name = "myapp" app_instance = "production" dns_zone_name = "myapp.aws.example.com" @@ -27,9 +28,9 @@ module "myapp_prod_web" { ### Variables -See [beanstalk_env/variables.tf](./variables.tf). +See [beanstalk_web_env/variables.tf](./variables.tf). ### Outputs -See [beanstalk_env/outputs.tf](./outputs.tf). +See [beanstalk_web_env/outputs.tf](./outputs.tf). diff --git a/test.tf b/test.tf index 4a892f9..44ccc79 100644 --- a/test.tf +++ b/test.tf @@ -15,7 +15,7 @@ module "postgresdb_test" { } module "beanstalk_env_test" { - source = "./beanstalk_env" + source = "./beanstalk_web_env" app_instance = "test" app_name = "terraform-modules"