From b94f12c1814f7cf5fc19f10d1e8e9c2074490aec Mon Sep 17 00:00:00 2001
From: Egor Zuev <zyev.egor@rambler.ru>
Date: Sun, 11 Oct 2020 10:55:19 +0300
Subject: [PATCH] *monitoring - partial

---
 monitoring/app/index.js                 |  2 +-
 monitoring/infrastructure/apply.sh      |  4 +++
 monitoring/infrastructure/cloudwatch.tf |  9 +++++
 monitoring/infrastructure/destroy.sh    |  4 +++
 monitoring/infrastructure/ec2.tf        | 48 +++++++++++++++++++++++++
 monitoring/infrastructure/iam.tf        | 37 +++++++++++++++++++
 monitoring/infrastructure/main.tf       | 10 ++++++
 monitoring/infrastructure/plan.sh       |  4 +++
 monitoring/infrastructure/vars.tf       | 29 +++++++++++++++
 9 files changed, 146 insertions(+), 1 deletion(-)
 create mode 100644 monitoring/infrastructure/apply.sh
 create mode 100644 monitoring/infrastructure/cloudwatch.tf
 create mode 100644 monitoring/infrastructure/destroy.sh
 create mode 100644 monitoring/infrastructure/ec2.tf
 create mode 100644 monitoring/infrastructure/iam.tf
 create mode 100644 monitoring/infrastructure/main.tf
 create mode 100644 monitoring/infrastructure/plan.sh
 create mode 100644 monitoring/infrastructure/vars.tf

diff --git a/monitoring/app/index.js b/monitoring/app/index.js
index bb23502..1d29a14 100644
--- a/monitoring/app/index.js
+++ b/monitoring/app/index.js
@@ -1,11 +1,11 @@
 const express = require('express'),
   AWSXRay = require('aws-xray-sdk'),
+  AWS = require('aws-sdk'),
   config = require('./config'),
   app = express();
 
 const cloudWatchLogs = new AWS.CloudWatchLogs({apiVersion: config.logs.apiVersion, region: config.logs.region});
 
-
 app.use(AWSXRay.express.openSegment('MyApp'));
 
 app.get('/', (req, res) => {
diff --git a/monitoring/infrastructure/apply.sh b/monitoring/infrastructure/apply.sh
new file mode 100644
index 0000000..542951d
--- /dev/null
+++ b/monitoring/infrastructure/apply.sh
@@ -0,0 +1,4 @@
+terraform apply -var="vpc_id=vpc-e816318f" \
+  -var="ec2_keypair_name=akvelon_keypair" \
+  -var="loggroup_name=my_app_lg" \
+  -var="logstream_name=my_app_stream"
diff --git a/monitoring/infrastructure/cloudwatch.tf b/monitoring/infrastructure/cloudwatch.tf
new file mode 100644
index 0000000..fb6990a
--- /dev/null
+++ b/monitoring/infrastructure/cloudwatch.tf
@@ -0,0 +1,9 @@
+resource "aws_cloudwatch_log_group" "app_lg" {
+  name = var.loggroup_name
+}
+
+resource "aws_cloudwatch_log_stream" "app_log_stream" {
+  log_group_name = aws_cloudwatch_log_group.app_lg.name
+  name = var.logstream_name
+  depends_on = [aws_cloudwatch_log_group.app_lg]
+}
diff --git a/monitoring/infrastructure/destroy.sh b/monitoring/infrastructure/destroy.sh
new file mode 100644
index 0000000..539d90a
--- /dev/null
+++ b/monitoring/infrastructure/destroy.sh
@@ -0,0 +1,4 @@
+terraform destroy -var="vpc_id=vpc-e816318f" \
+  -var="ec2_keypair_name=akvelon_keypair" \
+  -var="loggroup_name=my_app_lg" \
+  -var="logstream_name=my_app_stream"
diff --git a/monitoring/infrastructure/ec2.tf b/monitoring/infrastructure/ec2.tf
new file mode 100644
index 0000000..5802f92
--- /dev/null
+++ b/monitoring/infrastructure/ec2.tf
@@ -0,0 +1,48 @@
+resource "aws_security_group" "app_sg" {
+  description = "Enable HTTP access via port 80 locked down to the load balancer + SSH access"
+  ingress {
+    from_port = 80
+    protocol = "tcp"
+    to_port = 80
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port = 22
+    protocol = "tcp"
+    to_port = 22
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  vpc_id = var.vpc_id
+  egress {
+    from_port = 0
+    protocol = "-1"
+    to_port = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_instance" "app" {
+  ami           = var.ec2_ami
+  instance_type = var.ec2_instance_type
+  key_name = var.ec2_keypair_name
+  depends_on = [aws_security_group.app_sg]
+  vpc_security_group_ids = [aws_security_group.app_sg.id]
+  iam_instance_profile = aws_iam_instance_profile.app_cloudwatch_role_profile.name
+
+  user_data = <<-EOT
+  #!/bin/bash
+  export LOGS_REGION=${data.aws_region.current.name}
+  export LOGS_API_VERSION=2014-03-28
+  export LOGS_GROUP=${aws_cloudwatch_log_group.app_lg.name}
+  export LOGS_STREAM=${aws_cloudwatch_log_stream.app_log_stream.name}
+
+  curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
+  sudo apt-get install -y nodejs
+  sudo npm install -g pm2
+  curl https://s3.dualstack.eu-west-1.amazonaws.com/aws-xray-assets.eu-west-1/xray-daemon/aws-xray-daemon-3.x.deb -o xray.deb && dpkg -i ./xray.deb
+  git clone https://github.com/ega-forever/akvelon-cloud-aws.git ~/app
+  cd ~/app/monitoring/app && npm install --unsafe-perm && npm run build && pm2 startup ubuntu && pm2 start build/index.js && pm2 save
+
+  EOT
+
+}
diff --git a/monitoring/infrastructure/iam.tf b/monitoring/infrastructure/iam.tf
new file mode 100644
index 0000000..06b4f91
--- /dev/null
+++ b/monitoring/infrastructure/iam.tf
@@ -0,0 +1,37 @@
+data "aws_iam_policy_document" "app-cloudwatch-policy-inline" {
+  statement {
+    actions = ["logs:PutLogEvents"]
+    resources = [aws_cloudwatch_log_stream.app_log_stream.arn]
+  }
+  statement {
+    actions = ["xray:Put*"]
+    resources = ["*"]
+  }
+}
+
+data "aws_iam_policy_document" "instance-assume-role-policy-inline" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy" "app-role-policy" {
+  name = "app-role-policy"
+  role = aws_iam_role.app_cloudwatch_role.id
+  policy = data.aws_iam_policy_document.app-cloudwatch-policy-inline.json
+}
+
+resource "aws_iam_role" "app_cloudwatch_role" {
+  name = "app_cloudwatch_role"
+  assume_role_policy = data.aws_iam_policy_document.instance-assume-role-policy-inline.json
+}
+
+resource "aws_iam_instance_profile" "app_cloudwatch_role_profile" {
+  name = "test_profile"
+  role = aws_iam_role.app_cloudwatch_role.name
+}
diff --git a/monitoring/infrastructure/main.tf b/monitoring/infrastructure/main.tf
new file mode 100644
index 0000000..76cbff6
--- /dev/null
+++ b/monitoring/infrastructure/main.tf
@@ -0,0 +1,10 @@
+provider "aws" {
+  region = "eu-west-1"
+  version = "3.5.0"
+}
+
+data "aws_region" "current" {}
+
+output "app_instance" {
+  value = aws_instance.app.public_ip
+}
diff --git a/monitoring/infrastructure/plan.sh b/monitoring/infrastructure/plan.sh
new file mode 100644
index 0000000..5236735
--- /dev/null
+++ b/monitoring/infrastructure/plan.sh
@@ -0,0 +1,4 @@
+terraform plan -var="vpc_id=vpc-e816318f" \
+  -var="ec2_keypair_name=akvelon_keypair" \
+  -var="loggroup_name=my_app_lg" \
+  -var="logstream_name=my_app_stream"
diff --git a/monitoring/infrastructure/vars.tf b/monitoring/infrastructure/vars.tf
new file mode 100644
index 0000000..610b7cf
--- /dev/null
+++ b/monitoring/infrastructure/vars.tf
@@ -0,0 +1,29 @@
+variable "ec2_keypair_name" {
+  type    = string
+  default = "app_keypair"
+}
+
+variable "ec2_ami" {
+  type    = string
+  default = "ami-0701e7be9b2a77600" # ubuntu image
+}
+
+variable "ec2_instance_type" {
+  type    = string
+  default = "t2.small"
+}
+
+variable "vpc_id" {
+  type    = string
+  default = ""
+}
+
+variable "loggroup_name" {
+  type    = string
+  default = ""
+}
+
+variable "logstream_name" {
+  type    = string
+  default = ""
+}