Merge remote-tracking branch 'origin/new_infrastructure' into fix/tp-…

…165/terraform-update

makefile

@@ -13,7 +13,7 @@ export BRANCH_NAME					:=$(shell git branch --show-current)
 all: deploy
 
 destroy:
-	cd terraform/ap-southeast-2 && terraform destroy -var="branch_name=$(BRANCH_NAME)" --auto-approve
+	cd terraform/ap-southeast-2/deployec2 && terraform destroy -var="branch_name=$(BRANCH_NAME)" --auto-approve
 
 ecr:
 	aws ecr get-login-password \
@@ -29,7 +29,7 @@ build: ecr
 	docker push $(ECR_REPO_URL)/$(PROJECT_NAME):$(VERSION)
 
 deploy: destroy
-	cd terraform/ap-southeast-2 && terraform apply -var="branch_name=$(BRANCH_NAME)" --auto-approve
+	cd terraform/ap-southeast-2/deployec2 && terraform apply -var="branch_name=$(BRANCH_NAME)" --auto-approve
 
 run-dev: ecr
 	docker-compose -f docker-compose.dev.yml up --build --force-recreate --remove-orphans -d

terraform/ap-southeast-2/main.tf → terraform/ap-southeast-2/deployec2/main.tf

@@ -1,5 +1,5 @@
 module "demo-infra" {
-  source           = "../modules/ec2_docker"
+  source           = "../../modules/ec2_docker"
   branch_name      = var.branch_name
   cloud_watch_name = var.cloud_watch_name
 }

terraform/ap-southeast-2/loadbalancer/backend.tf

@@ -0,0 +1,10 @@
+terraform {
+  backend "s3" {
+    bucket         = "trackback-terraform"
+    dynamodb_table = "terraform-locks"
+    key            = "trackback-dev-nodes.tfstate"
+    region         = "ap-southeast-2"
+    encrypt        = true
+    acl            = "bucket-owner-full-control"
+  }
+}

terraform/ap-southeast-2/loadbalancer/main.tf

@@ -0,0 +1,12 @@
+module "dev-nodes" {
+  source             = "../../modules/loadbalancer_r53"
+  certificate_arn    = var.certificate_arn
+  load_balancer_name = var.load_balancer_name
+  zone_id            = var.zone_id
+  domain             = var.domain
+
+}
+
+output "info" {
+  value = module.dev-nodes
+}

terraform/ap-southeast-2/loadbalancer/provider.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "3.50.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "ap-southeast-2"
+}

terraform/ap-southeast-2/loadbalancer/variables.tf

@@ -0,0 +1,21 @@
+variable "load_balancer_name" {
+  type    = string
+  default = "TrackBackDevChain"
+}
+
+variable "certificate_arn" {
+  type    = string
+  default = "arn:aws:acm:ap-southeast-2:533545012068:certificate/4fc4d08a-913c-468b-a9b2-69475b142193"
+}
+
+variable "zone_id" {
+  type    = string
+  default = "Z08514031O6MGON8YFSCB"
+}
+
+variable "domain" {
+  type    = string
+  default = "n01.trackback.dev"
+}
+
+

terraform/modules/ec2_attachment/cloudwatch.tf

@@ -0,0 +1,3 @@
+resource "aws_cloudwatch_log_group" "aws_cwl_ec2" {
+  name =  var.cloud_watch_name
+}

terraform/modules/ec2_attachment/ec2.tf

@@ -0,0 +1,122 @@
+data "aws_lb_target_group" "tg_substrateNode" {
+  arn = "arn:aws:elasticloadbalancing:ap-southeast-2:533545012068:targetgroup/SubstrateNode/0314959edf168f21"
+}
+
+resource "aws_security_group" "tanz_node" {
+  name = "security_group for substrate node"
+
+  ingress {
+    description = "SSH from the internet"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "80 from the internet"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "9944 from the internet"
+    from_port   = 9944
+    to_port     = 9944
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "9933 from the internet"
+    from_port   = 9933
+    to_port     = 9933
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "30333 from the internet"
+    from_port   = 30333
+    to_port     = 30333
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+}
+
+
+
+resource "aws_instance" "tanz_demo_web" {
+  ami                         = "ami-0567f647e75c7bc05"
+  instance_type               = "c4.xlarge"
+  vpc_security_group_ids      = [aws_security_group.tanz_node.id]
+  associate_public_ip_address = false
+  key_name                    = var.key_name
+  iam_instance_profile        = aws_iam_instance_profile.tz-demo-profile.id
+
+  tags = {
+    Name = "TrackBack-Node"
+  }
+
+  root_block_device {
+    volume_type = "gp2"
+    volume_size = 100
+  }
+
+  user_data = <<-EOF
+#!/bin/bash
+apt-get update
+apt-get install -y apt-transport-https ca-certificates curl software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+apt-get update
+apt-get install -y docker-ce
+chmod 666 /var/run/docker.sock
+apt-get install -y git
+usermod -aG docker ubuntu
+
+# Install docker-compose
+curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
+chmod +x /usr/local/bin/docker-compose
+
+cd /home/ubuntu
+
+curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+apt install -y unzip
+unzip awscliv2.zip
+sudo ./aws/install
+apt install -y make
+
+git clone --single-branch --branch ${var.branch_name} https://${var.git_token}@github.com/trackback-blockchain/trackback-node.git repo
+chown ubuntu:ubuntu -R repo
+
+cd repo
+make run-dev
+
+EOF
+
+}
+
+resource "aws_lb_target_group_attachment" "tg_attachment" {
+  target_group_arn = data.aws_lb_target_group.tg_substrateNode.arn
+  target_id        = aws_instance.tanz_demo_web.id
+  port             = 9944
+}
+
+output "tanz_demo_web" {
+  value = aws_instance.tanz_demo_web
+}
+

terraform/modules/ec2_attachment/iam.tf

@@ -0,0 +1,79 @@
+data "aws_iam_policy_document" "tz-demo-role-ecr" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+
+    resources = ["*"]
+
+    actions = [
+      "ecr:GetAuthorizationToken",
+      "ecr:BatchCheckLayerAvailability",
+      "ecr:GetDownloadUrlForLayer",
+      "ecr:GetRepositoryPolicy",
+      "ecr:DescribeRepositories",
+      "ecr:ListImages",
+      "ecr:DescribeImages",
+      "ecr:BatchGetImage",
+      "ecr:GetLifecyclePolicy",
+      "ecr:GetLifecyclePolicyPreview",
+      "ecr:ListTagsForResource",
+      "ecr:DescribeImageScanFindings"
+    ]
+  }
+
+  statement {
+    effect = "Allow"
+
+    resources = ["*"]
+
+    actions = [
+      "cloudwatch:PutMetricData",
+      "ec2:DescribeVolumes",
+      "ec2:DescribeTags",
+      "logs:PutLogEvents",
+      "logs:DescribeLogStreams",
+      "logs:DescribeLogGroups",
+      "logs:CreateLogStream",
+      "logs:CreateLogGroup"
+    ]
+  }
+
+  statement {
+    effect = "Allow"
+
+    resources = ["arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"]
+
+    actions = [
+      "ssm:GetParameter"
+    ]
+  }
+}
+
+data "aws_iam_policy_document" "tz-demo-assume-role-policy" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role" "tz-demo-role" {
+  name = "tz-demo-role"
+
+  assume_role_policy = data.aws_iam_policy_document.tz-demo-assume-role-policy.json
+}
+
+resource "aws_iam_instance_profile" "tz-demo-profile" {
+  name = "tz-demo-profile"
+  role = aws_iam_role.tz-demo-role.id
+}
+
+resource "aws_iam_role_policy" "tz-demo-role_policy" {
+  name = "tz-demo-role_policy"
+  role = aws_iam_role.tz-demo-role.id
+
+  policy = data.aws_iam_policy_document.tz-demo-role-ecr.json
+}

terraform/modules/ec2_attachment/variables.tf

@@ -0,0 +1,18 @@
+variable "key_name" {
+  type    = string
+  default = "ec2_key"
+}
+
+
+variable "git_token" {
+  type = string
+  default = "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"
+}
+
+variable "branch_name" {
+  type = string
+}
+
+variable "cloud_watch_name" {
+  type = string
+}