Initial commit

.gitignore

@@ -0,0 +1,3 @@
+.idea/
+**/*.tfstate*
+**/.terraform/

README.md

@@ -0,0 +1,6 @@
+# Terraform AWS Web Stack
+
+## Overview
+
+This repository contains the [Terraform](https://www.terraform.io/)
+configuration modules for a demo web service on AWS infrastructure.

live/prod/main.tf

@@ -0,0 +1,4 @@
+module "web" {
+  source = "./web"
+  tags   = "${var.tags}"
+}

live/prod/vars.tf

@@ -0,0 +1,19 @@
+variable "tags" {
+  description = "The tags to apply to AWS resources."
+  type        = "map"
+}
+
+variable "subnets" {
+  description = "Subnets to use."
+  type        = "list"
+  default     = [
+    "subnet-789edf13",
+    "subnet-799edf12",
+    "subnet-7f9edf14"
+  ]
+}
+
+variable "vpc_id" {
+  description = "VPC to use."
+  default     = "vpc-7a9edf11"
+}

live/prod/web/main.tf

@@ -0,0 +1,23 @@
+locals {
+  subnets = [
+    "subnet-789edf13",
+    "subnet-799edf12",
+    "subnet-7f9edf14"
+  ]
+  vpc_id                  = "vpc-7a9edf11"
+}
+
+module "web" {
+  source           = "../../../modules/web"
+  environment      = "prod"
+  region           = "us-west-2"
+  owner            = "Allen Gooch"
+  description      = "terraform-aws-web-stack demo service"
+  source_ami       = "ami-e6d5969e"
+  instance_type    = "c5.xlarge"
+  min_size         = 1
+  max_size         = 1
+  subnets          = "${local.subnets}"
+  vpc_id           = "${local.vpc_id}"
+  tags             = "${var.tags}"
+}

live/prod/web/outputs.tf

@@ -0,0 +1,3 @@
+output "elb_dns_name" {
+  value = "${module.web.alb_dns_name}"
+}

live/prod/web/vars.tf

@@ -0,0 +1,4 @@
+variable "tags" {
+  description = "The tags to apply to AWS resources."
+  type        = "map"
+}

live/root.tf

@@ -0,0 +1,31 @@
+terraform {
+  required_version = ">= 0.11, < 0.12"
+
+  backend "s3" {
+    bucket         = "agooch-demo-svc-tfstate"
+    key            = "terraform.tfstate"
+    region         = "us-west-2"
+  }
+}
+
+locals {
+  tags = {
+    System         = "demo-svc"
+    Owner          = "Allen Gooch"
+  }
+}
+
+
+provider "aws" {
+  version          = "~> 1.24"
+  alias            = "usw2"
+  region           = "us-west-2"
+}
+
+module "prod" {
+  source           = "./prod"
+  tags             = "${local.tags}"
+  providers = {
+    aws            = "aws.usw2"
+  }
+}

modules/web/main.tf

@@ -0,0 +1,183 @@
+data "aws_availability_zones" "all" {}
+
+locals {
+  cluster_name            = "${var.tags["System"]}-${var.environment}"
+  http_port               = 80
+  https_port              = 443
+  ssh_port                = 22
+  tags = {
+    Description           = "${var.description}"
+    Environment           = "${var.environment}"
+    Owner                 = "${var.owner}"
+  }
+}
+
+#------------------------------------------------------------------------------
+# Back-end Auto-scaling Group (ASG) Resources
+#------------------------------------------------------------------------------
+
+resource "aws_launch_configuration" "backend" {
+  name                    = "${local.cluster_name}-launch-configuration"
+  image_id                = "${var.source_ami}"
+  instance_type           = "${var.instance_type}"
+  security_groups         = ["${aws_security_group.backend.id}"]
+
+  user_data = <<-EOF
+            #!/bin/bash
+            echo "Hello, World" > index.html
+            nohup busybox httpd -f -p "${local.http_port}" &
+            EOF
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_autoscaling_group" "backend" {
+  name                    = "${local.cluster_name}-asg"
+  launch_configuration    = "${aws_launch_configuration.backend.id}"
+  availability_zones      = ["${data.aws_availability_zones.all.names}"]
+  load_balancers          = ["${aws_alb.frontend.name}"]
+  health_check_type       = "ELB"
+  min_size                = "${var.min_size}"
+  max_size                = "${var.max_size}"
+  // This resource type uses different tags specification format.
+  // A list comp over the locals tags map would sure come in handy to keep
+  // things DRY.
+  tags                    = [
+    {
+      key                 = "System"
+      value               = "${var.tags["System"]}"
+      propagate_at_launch = true
+    },
+    {
+      key                 = "Environment"
+      value               = "${local.tags["Environment"]}"
+      propagate_at_launch = true
+    },
+    {
+      key                 = "Owner"
+      value               = "${local.tags["Owner"]}"
+      propagate_at_launch = true
+    },
+    {
+      key                 = "Description"
+      value               = "${local.tags["Description"]}"
+      propagate_at_launch = true
+    }
+  ]
+}
+
+resource "aws_security_group" "backend" {
+  name                    = "${local.cluster_name}-backend-sg"
+  tags                    = "${merge(var.tags, local.tags)}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "backend_allow_http_inbound" {
+  type                    = "ingress"
+  security_group_id       = "${aws_security_group.backend.id}"
+  from_port               = "${local.http_port}"
+  to_port                 = "${local.http_port}"
+  protocol                = "tcp"
+  cidr_blocks             = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "backend_allow_ssh_inbound" {
+  type                    = "ingress"
+  security_group_id       = "${aws_security_group.backend.id}"
+  from_port               = "${local.ssh_port}"
+  to_port                 = "${local.ssh_port}"
+  protocol                = "tcp"
+  cidr_blocks             = ["0.0.0.0/0"]
+}
+
+#------------------------------------------------------------------------------
+# Front-end Application Load Balancer (ALB) Resources
+#------------------------------------------------------------------------------
+
+resource "aws_alb" "frontend" {
+  name                    = "${local.cluster_name}-alb"
+  internal                = false
+  load_balancer_type      = "application"
+  subnets                 = "${var.subnets}"
+  security_groups         = ["${aws_security_group.frontend.id}"]
+  idle_timeout            = "60"
+  tags                    = "${merge(var.tags, local.tags)}"
+}
+
+resource "aws_alb_listener" "frontend" {
+  load_balancer_arn       = "${aws_alb.frontend.arn}"
+  port                    = "${local.https_port}"
+  protocol                = "HTTPS"
+  ssl_policy              = "ELBSecurityPolicy-TLS-1-2-2017-01"
+
+  default_action {
+    target_group_arn      = "${aws_alb.frontend.arn}"
+    type                  = "forward"
+  }
+}
+
+resource "aws_alb_listener_rule" "frontend" {
+  depends_on = ["aws_alb_target_group.frontend"]
+  listener_arn = "${aws_alb_listener.frontend.arn}"
+
+  action {
+    target_group_arn = "${aws_alb_target_group.frontend.arn}"
+    type = "forward"
+  }
+
+  condition {
+    field = "host-header"
+    values = ["*"]
+  }
+}
+
+resource "aws_alb_target_group" "frontend" {
+  name                    = "${local.cluster_name}-alb"
+  port                    = "${local.http_port}"
+  protocol                = "HTTP"
+  vpc_id                  = "${var.vpc_id}"
+  tags                    = "${merge(var.tags, local.tags)}"
+
+  health_check {
+    healthy_threshold     = 2
+    unhealthy_threshold   = 2
+    timeout               = 3
+    interval              = 30
+    port                  = "${local.http_port}"
+    protocol              = "HTTP"
+    path                  = "/"
+  }
+}
+
+resource "aws_autoscaling_attachment" "frontend" {
+  alb_target_group_arn    = "${aws_alb_target_group.frontend.arn}"
+  autoscaling_group_name = "${aws_autoscaling_group.backend.id}"
+}
+
+resource "aws_security_group" "frontend" {
+  name                    = "${local.cluster_name}-frontend-sg"
+  tags                    = "${merge(var.tags, local.tags)}"
+}
+
+resource "aws_security_group_rule" "frontend_allow_http_inbound" {
+  type                    = "ingress"
+  security_group_id       = "${aws_security_group.frontend.id}"
+  from_port               = "${local.http_port}"
+  to_port                 = "${local.http_port}"
+  protocol                = "tcp"
+  cidr_blocks             = ["0.0.0.0/0"]
+}
+
+resource "aws_security_group_rule" "frontend_allow_all_outbound" {
+  type                    = "egress"
+  security_group_id       = "${aws_security_group.frontend.id}"
+  from_port               = 0
+  to_port                 = 0
+  protocol                = "-1"
+  cidr_blocks             = ["0.0.0.0/0"]
+}

modules/web/outputs.tf

@@ -0,0 +1,11 @@
+output "alb_dns_name" {
+  value = "${aws_alb.frontend.dns_name}"
+}
+
+output "alb_security_group_id" {
+  value = "${aws_security_group.frontend.id}"
+}
+
+output "asg_name" {
+  value = "${aws_autoscaling_group.backend.name}"
+}

modules/web/vars.tf

@@ -0,0 +1,48 @@
+variable "environment" {
+  description = "Environment name"
+}
+
+variable "region" {
+  description = "Environment region"
+}
+
+variable "owner" {
+  description = "Environment owner name"
+}
+
+variable "description" {
+  description = "Environment description"
+}
+
+variable "source_ami" {
+  description = "The AMI to use"
+}
+
+variable "instance_type" {
+  description = "The type of EC2 Instances to run in the ASG"
+  default     = "t2.micro"
+}
+
+variable "min_size" {
+  description = "The minimum number of EC2 Instances in the ASG"
+  default     = 1
+}
+
+variable "max_size" {
+  description = "The maximum number of EC2 Instances in the ASG"
+  default     = 1
+}
+
+variable "tags" {
+  description = "The tags to apply to AWS resources"
+  type        = "map"
+}
+
+variable "subnets" {
+  description = "EC2 instance subnets"
+  type        = "list"
+}
+
+variable "vpc_id" {
+  description = "EC2 VPC id"
+}