*monitoring - partial

ega-forever · Oct 11, 2020 · b94f12c · b94f12c
1 parent baa2595
commit b94f12c
Show file tree

Hide file tree

Showing 9 changed files with 146 additions and 1 deletion.
diff --git a/monitoring/app/index.js b/monitoring/app/index.js
@@ -1,11 +1,11 @@
 const express = require('express'),
   AWSXRay = require('aws-xray-sdk'),
+  AWS = require('aws-sdk'),
   config = require('./config'),
   app = express();
 
 const cloudWatchLogs = new AWS.CloudWatchLogs({apiVersion: config.logs.apiVersion, region: config.logs.region});
 
-
 app.use(AWSXRay.express.openSegment('MyApp'));
 
 app.get('/', (req, res) => {

diff --git a/monitoring/infrastructure/apply.sh b/monitoring/infrastructure/apply.sh
@@ -0,0 +1,4 @@
+terraform apply -var="vpc_id=vpc-e816318f" \
+  -var="ec2_keypair_name=akvelon_keypair" \
+  -var="loggroup_name=my_app_lg" \
+  -var="logstream_name=my_app_stream"
diff --git a/monitoring/infrastructure/cloudwatch.tf b/monitoring/infrastructure/cloudwatch.tf
@@ -0,0 +1,9 @@
+resource "aws_cloudwatch_log_group" "app_lg" {
+  name = var.loggroup_name
+}
+
+resource "aws_cloudwatch_log_stream" "app_log_stream" {
+  log_group_name = aws_cloudwatch_log_group.app_lg.name
+  name = var.logstream_name
+  depends_on = [aws_cloudwatch_log_group.app_lg]
+}
diff --git a/monitoring/infrastructure/destroy.sh b/monitoring/infrastructure/destroy.sh
@@ -0,0 +1,4 @@
+terraform destroy -var="vpc_id=vpc-e816318f" \
+  -var="ec2_keypair_name=akvelon_keypair" \
+  -var="loggroup_name=my_app_lg" \
+  -var="logstream_name=my_app_stream"
diff --git a/monitoring/infrastructure/ec2.tf b/monitoring/infrastructure/ec2.tf
@@ -0,0 +1,48 @@
+resource "aws_security_group" "app_sg" {
+  description = "Enable HTTP access via port 80 locked down to the load balancer + SSH access"
+  ingress {
+    from_port = 80
+    protocol = "tcp"
+    to_port = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port = 22
+    protocol = "tcp"
+    to_port = 22
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  vpc_id = var.vpc_id
+  egress {
+    from_port = 0
+    protocol = "-1"
+    to_port = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_instance" "app" {
+  ami           = var.ec2_ami
+  instance_type = var.ec2_instance_type
+  key_name = var.ec2_keypair_name
+  depends_on = [aws_security_group.app_sg]
+  vpc_security_group_ids = [aws_security_group.app_sg.id]
+  iam_instance_profile = aws_iam_instance_profile.app_cloudwatch_role_profile.name
+
+  user_data = <<-EOT
+  #!/bin/bash
+  export LOGS_REGION=${data.aws_region.current.name}
+  export LOGS_API_VERSION=2014-03-28
+  export LOGS_GROUP=${aws_cloudwatch_log_group.app_lg.name}
+  export LOGS_STREAM=${aws_cloudwatch_log_stream.app_log_stream.name}
+
+  curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
+  sudo apt-get install -y nodejs
+  sudo npm install -g pm2
+  curl https://s3.dualstack.eu-west-1.amazonaws.com/aws-xray-assets.eu-west-1/xray-daemon/aws-xray-daemon-3.x.deb -o xray.deb && dpkg -i ./xray.deb
+  git clone https://github.com/ega-forever/akvelon-cloud-aws.git ~/app
+  cd ~/app/monitoring/app && npm install --unsafe-perm && npm run build && pm2 startup ubuntu && pm2 start build/index.js && pm2 save
+
+  EOT
+
+}
diff --git a/monitoring/infrastructure/iam.tf b/monitoring/infrastructure/iam.tf
@@ -0,0 +1,37 @@
+data "aws_iam_policy_document" "app-cloudwatch-policy-inline" {
+  statement {
+    actions = ["logs:PutLogEvents"]
+    resources = [aws_cloudwatch_log_stream.app_log_stream.arn]
+  }
+  statement {
+    actions = ["xray:Put*"]
+    resources = ["*"]
+  }
+}
+
+data "aws_iam_policy_document" "instance-assume-role-policy-inline" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy" "app-role-policy" {
+  name = "app-role-policy"
+  role = aws_iam_role.app_cloudwatch_role.id
+  policy = data.aws_iam_policy_document.app-cloudwatch-policy-inline.json
+}
+
+resource "aws_iam_role" "app_cloudwatch_role" {
+  name = "app_cloudwatch_role"
+  assume_role_policy = data.aws_iam_policy_document.instance-assume-role-policy-inline.json
+}
+
+resource "aws_iam_instance_profile" "app_cloudwatch_role_profile" {
+  name = "test_profile"
+  role = aws_iam_role.app_cloudwatch_role.name
+}
diff --git a/monitoring/infrastructure/main.tf b/monitoring/infrastructure/main.tf
@@ -0,0 +1,10 @@
+provider "aws" {
+  region = "eu-west-1"
+  version = "3.5.0"
+}
+
+data "aws_region" "current" {}
+
+output "app_instance" {
+  value = aws_instance.app.public_ip
+}
diff --git a/monitoring/infrastructure/plan.sh b/monitoring/infrastructure/plan.sh
@@ -0,0 +1,4 @@
+terraform plan -var="vpc_id=vpc-e816318f" \
+  -var="ec2_keypair_name=akvelon_keypair" \
+  -var="loggroup_name=my_app_lg" \
+  -var="logstream_name=my_app_stream"
diff --git a/monitoring/infrastructure/vars.tf b/monitoring/infrastructure/vars.tf
@@ -0,0 +1,29 @@
+variable "ec2_keypair_name" {
+  type    = string
+  default = "app_keypair"
+}
+
+variable "ec2_ami" {
+  type    = string
+  default = "ami-0701e7be9b2a77600" # ubuntu image
+}
+
+variable "ec2_instance_type" {
+  type    = string
+  default = "t2.small"
+}
+
+variable "vpc_id" {
+  type    = string
+  default = ""
+}
+
+variable "loggroup_name" {
+  type    = string
+  default = ""
+}
+
+variable "logstream_name" {
+  type    = string
+  default = ""
+}