From 478e9e86083c10ec0665bcd514d58a1671261985 Mon Sep 17 00:00:00 2001 From: Gayan Date: Fri, 10 Sep 2021 13:19:21 +1200 Subject: [PATCH 1/9] Deployment fix --- makefile | 6 +++--- terraform/modules/ec2_docker/ec2.tf | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/makefile b/makefile index 57a7285..57f432f 100644 --- a/makefile +++ b/makefile @@ -13,7 +13,7 @@ export BRANCH_NAME :=$(shell git branch --show-current) all: deploy destroy: - cd terraform/ap-southeast-2 && terraform destroy -var="branch_name=$(BRANCH_NAME)" --auto-approve + cd terraform/ap-southeast-2 && terraform destroy -var="branch_name=$(BRANCH_NAME)" --auto-approve ecr: aws ecr get-login-password \ @@ -24,12 +24,12 @@ ecr: build: ecr docker build -f Dockerfile.dev --no-cache -t $(PROJECT_NAME):latest . - + docker tag $(PROJECT_NAME):latest $(ECR_REPO_URL)/$(PROJECT_NAME):$(VERSION) docker push $(ECR_REPO_URL)/$(PROJECT_NAME):$(VERSION) deploy: destroy - cd terraform/ap-southeast-2 && terraform apply -var="branch_name=$(BRANCH_NAME)" --auto-approve + cd terraform/ap-southeast-2 && terraform apply -var="branch_name=$(BRANCH_NAME)" --auto-approve run-dev: ecr docker-compose -f docker-compose.dev.yml up --build --force-recreate --remove-orphans -d diff --git a/terraform/modules/ec2_docker/ec2.tf b/terraform/modules/ec2_docker/ec2.tf index 2bce84b..7d3e444 100644 --- a/terraform/modules/ec2_docker/ec2.tf +++ b/terraform/modules/ec2_docker/ec2.tf @@ -100,10 +100,10 @@ unzip awscliv2.zip sudo ./aws/install apt install -y make -git clone --single-branch --branch ${var.branch_name} https://${var.git_token}@github.com/trackback-blockchain/tanz-demo-node.git -chown ubuntu:ubuntu -R tanz-demo-node +git clone --single-branch --branch ${var.branch_name} https://${var.git_token}@github.com/trackback-blockchain/trackback-node.git repo +chown ubuntu:ubuntu -R repo -cd tanz-demo-node +cd repo make run-dev EOF From 9e309187ffdf9d6beaf7a524b487e84622c23cc2 Mon Sep 17 00:00:00 2001 From: Don Date: Wed, 22 Sep 2021 11:26:48 +1200 Subject: [PATCH 2/9] update ec2 node --- terraform/modules/ec2_docker/ec2.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/modules/ec2_docker/ec2.tf b/terraform/modules/ec2_docker/ec2.tf index 7d3e444..46b0d63 100644 --- a/terraform/modules/ec2_docker/ec2.tf +++ b/terraform/modules/ec2_docker/ec2.tf @@ -58,19 +58,19 @@ resource "aws_security_group" "tanz_node" { resource "aws_instance" "tanz_demo_web" { ami = "ami-0567f647e75c7bc05" - instance_type = "t3.medium" + instance_type = "c4.xlarge" vpc_security_group_ids = [aws_security_group.tanz_node.id] associate_public_ip_address = false key_name = var.key_name iam_instance_profile = aws_iam_instance_profile.tz-demo-profile.id tags = { - Name = "tanz_demo_web" + Name = "TrackBack-Node" } root_block_device { volume_type = "gp2" - volume_size = 30 + volume_size = 100 } user_data = <<-EOF From 2192d9d1e2037331883aa6b33b6326307d5f3166 Mon Sep 17 00:00:00 2001 From: Don Date: Wed, 22 Sep 2021 14:11:49 +1200 Subject: [PATCH 3/9] cloudwatch logging --- docker-compose.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index db04f5f..ee5921f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -21,4 +21,10 @@ services: - type: bind source: ./.local target: /root/.local + logging: + driver: awslogs + options: + awslogs-group: substrate + awslogs-region: ap-southeast-2 + awslogs-stream: poc_node command: bash -c "cargo build --release && ./target/release/node-template --dev --ws-external" From bfbbe8941c7a193b50c658a54d9afa3b641fe043 Mon Sep 17 00:00:00 2001 From: Don Date: Wed, 22 Sep 2021 14:12:21 +1200 Subject: [PATCH 4/9] cloudwatch logging --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index ee5921f..052f3f1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,5 +26,5 @@ services: options: awslogs-group: substrate awslogs-region: ap-southeast-2 - awslogs-stream: poc_node + awslogs-stream: trackbackNode command: bash -c "cargo build --release && ./target/release/node-template --dev --ws-external" From 8305c2b54b631aa303ac4b6b5672e106483e9402 Mon Sep 17 00:00:00 2001 From: Don Date: Wed, 22 Sep 2021 14:16:39 +1200 Subject: [PATCH 5/9] cloudwatch logging --- terraform/ap-southeast-2/main.tf | 5 ++-- terraform/ap-southeast-2/variables.tf | 6 ++++- terraform/modules/ec2_docker/cloudwatch.tf | 3 +++ terraform/modules/ec2_docker/iam.tf | 27 ++++++++++++++++++++++ terraform/modules/ec2_docker/variables.tf | 6 ++++- 5 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 terraform/modules/ec2_docker/cloudwatch.tf diff --git a/terraform/ap-southeast-2/main.tf b/terraform/ap-southeast-2/main.tf index 0c067ee..f1ba7e2 100644 --- a/terraform/ap-southeast-2/main.tf +++ b/terraform/ap-southeast-2/main.tf @@ -1,6 +1,7 @@ module "demo-infra" { - source = "../modules/ec2_docker" - branch_name = var.branch_name + source = "../modules/ec2_docker" + branch_name = var.branch_name + cloud_watch_name = var.cloud_watch_name } output "info" { diff --git a/terraform/ap-southeast-2/variables.tf b/terraform/ap-southeast-2/variables.tf index bb7d41a..82afadd 100644 --- a/terraform/ap-southeast-2/variables.tf +++ b/terraform/ap-southeast-2/variables.tf @@ -1,3 +1,7 @@ variable "branch_name" { type = string -} \ No newline at end of file +} +variable "cloud_watch_name" { + type = string + default = "substrate" +} diff --git a/terraform/modules/ec2_docker/cloudwatch.tf b/terraform/modules/ec2_docker/cloudwatch.tf new file mode 100644 index 0000000..41b69b8 --- /dev/null +++ b/terraform/modules/ec2_docker/cloudwatch.tf @@ -0,0 +1,3 @@ +resource "aws_cloudwatch_log_group" "aws_cwl_ec2" { + name = var.cloud_watch_name +} \ No newline at end of file diff --git a/terraform/modules/ec2_docker/iam.tf b/terraform/modules/ec2_docker/iam.tf index ec7b7f5..9450430 100644 --- a/terraform/modules/ec2_docker/iam.tf +++ b/terraform/modules/ec2_docker/iam.tf @@ -20,6 +20,33 @@ data "aws_iam_policy_document" "tz-demo-role-ecr" { "ecr:DescribeImageScanFindings" ] } + + statement { + effect = "Allow" + + resources = ["*"] + + actions = [ + "cloudwatch:PutMetricData", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ] + } + + statement { + effect = "Allow" + + resources = ["arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"] + + actions = [ + "ssm:GetParameter" + ] + } } data "aws_iam_policy_document" "tz-demo-assume-role-policy" { diff --git a/terraform/modules/ec2_docker/variables.tf b/terraform/modules/ec2_docker/variables.tf index 6dd8f26..407dae5 100644 --- a/terraform/modules/ec2_docker/variables.tf +++ b/terraform/modules/ec2_docker/variables.tf @@ -11,4 +11,8 @@ variable "git_token" { variable "branch_name" { type = string -} \ No newline at end of file +} + +variable "cloud_watch_name" { + type = string +} From 4d42238f9aef11ae535cccdfae6833e0c61ffc1b Mon Sep 17 00:00:00 2001 From: Don Date: Wed, 22 Sep 2021 14:18:24 +1200 Subject: [PATCH 6/9] updates --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 052f3f1..4cbf659 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,4 +27,4 @@ services: awslogs-group: substrate awslogs-region: ap-southeast-2 awslogs-stream: trackbackNode - command: bash -c "cargo build --release && ./target/release/node-template --dev --ws-external" + command: bash -c "cargo build --release && RUST_LOG=debug RUST_BACKTRACE=1 ./target/release/node-template -lruntime=debug --dev" From d4267364515761bba58fc95d060fc7c37c390683 Mon Sep 17 00:00:00 2001 From: Don Date: Wed, 22 Sep 2021 14:57:19 +1200 Subject: [PATCH 7/9] updates --- Dockerfile.dev | 2 +- docker-compose.dev.yml | 12 ++++++++++++ docker-compose.yml | 2 ++ docker-prom.yaml | 14 ++++++++++++++ 4 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 docker-prom.yaml diff --git a/Dockerfile.dev b/Dockerfile.dev index a316a56..3a86d45 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -11,4 +11,4 @@ RUN rustup target add wasm32-unknown-unknown --toolchain nightly-2020-08-23 RUN bash -c "cargo build --release" -CMD ["./target/release/node-template", "--dev", "--ws-external"] \ No newline at end of file +CMD ["./target/release/node-template", "--dev", "-lruntime=debug","--ws-external"] \ No newline at end of file diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 0272ae9..d212f8e 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -8,7 +8,19 @@ services: - "80:80" default: image: 533545012068.dkr.ecr.ap-southeast-2.amazonaws.com/tanz-demo-node:latest + #build: + # context: . + # dockerfile : ./Dockerfile.dev ports: - "9944:9944" - "30333:30333" - "9933:9933" + environment: + - RUST_LOG=debug + - RUST_BACKTRACE=1 + logging: + driver: awslogs + options: + awslogs-group: substrate + awslogs-region: ap-southeast-2 + awslogs-stream: trackbackNode diff --git a/docker-compose.yml b/docker-compose.yml index 4cbf659..984a4d1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,8 @@ services: - "9933:9933" environment: - CARGO_HOME=/var/www/node-template/.cargo + - RUST_LOG=debug + - RUST_BACKTRACE=1 volumes: - .:/var/www/node-template - type: bind diff --git a/docker-prom.yaml b/docker-prom.yaml new file mode 100644 index 0000000..862c3c0 --- /dev/null +++ b/docker-prom.yaml @@ -0,0 +1,14 @@ +version: "3.2" + +services: + prometheus: + image: prom/prometheus + container_name: prometheus + ports: + - "9090:9090" + grafana: + image: grafana/grafana + container_name: grafana + ports: + - "3000:3000" + From ef122156b978f789ba84709ec7fc4eacf22003c1 Mon Sep 17 00:00:00 2001 From: Don Date: Fri, 24 Sep 2021 13:56:34 +1200 Subject: [PATCH 8/9] terraform for add loadbalancer and r53 --- makefile | 4 +- .../{ => deployec2}/.terraform.lock.hcl | 0 .../ap-southeast-2/{ => deployec2}/backend.tf | 0 .../ap-southeast-2/{ => deployec2}/main.tf | 2 +- .../{ => deployec2}/provider.tf | 0 .../{ => deployec2}/variables.tf | 0 .../ap-southeast-2/loadbalancer/backend.tf | 10 ++ terraform/ap-southeast-2/loadbalancer/main.tf | 12 ++ .../ap-southeast-2/loadbalancer/provider.tf | 12 ++ .../ap-southeast-2/loadbalancer/variables.tf | 21 +++ .../modules/ec2_attachment/cloudwatch.tf | 3 + terraform/modules/ec2_attachment/ec2.tf | 122 ++++++++++++++++++ terraform/modules/ec2_attachment/iam.tf | 79 ++++++++++++ terraform/modules/ec2_attachment/variables.tf | 18 +++ .../modules/loadbalancer_r53/loadbalancer.tf | 117 +++++++++++++++++ terraform/modules/loadbalancer_r53/route53.tf | 11 ++ .../modules/loadbalancer_r53/variables.tf | 15 +++ 17 files changed, 423 insertions(+), 3 deletions(-) rename terraform/ap-southeast-2/{ => deployec2}/.terraform.lock.hcl (100%) rename terraform/ap-southeast-2/{ => deployec2}/backend.tf (100%) rename terraform/ap-southeast-2/{ => deployec2}/main.tf (75%) rename terraform/ap-southeast-2/{ => deployec2}/provider.tf (100%) rename terraform/ap-southeast-2/{ => deployec2}/variables.tf (100%) create mode 100644 terraform/ap-southeast-2/loadbalancer/backend.tf create mode 100644 terraform/ap-southeast-2/loadbalancer/main.tf create mode 100644 terraform/ap-southeast-2/loadbalancer/provider.tf create mode 100644 terraform/ap-southeast-2/loadbalancer/variables.tf create mode 100644 terraform/modules/ec2_attachment/cloudwatch.tf create mode 100644 terraform/modules/ec2_attachment/ec2.tf create mode 100644 terraform/modules/ec2_attachment/iam.tf create mode 100644 terraform/modules/ec2_attachment/variables.tf create mode 100644 terraform/modules/loadbalancer_r53/loadbalancer.tf create mode 100644 terraform/modules/loadbalancer_r53/route53.tf create mode 100644 terraform/modules/loadbalancer_r53/variables.tf diff --git a/makefile b/makefile index 57f432f..760a09b 100644 --- a/makefile +++ b/makefile @@ -13,7 +13,7 @@ export BRANCH_NAME :=$(shell git branch --show-current) all: deploy destroy: - cd terraform/ap-southeast-2 && terraform destroy -var="branch_name=$(BRANCH_NAME)" --auto-approve + cd terraform/ap-southeast-2/deployec2 && terraform destroy -var="branch_name=$(BRANCH_NAME)" --auto-approve ecr: aws ecr get-login-password \ @@ -29,7 +29,7 @@ build: ecr docker push $(ECR_REPO_URL)/$(PROJECT_NAME):$(VERSION) deploy: destroy - cd terraform/ap-southeast-2 && terraform apply -var="branch_name=$(BRANCH_NAME)" --auto-approve + cd terraform/ap-southeast-2/deployec2 && terraform apply -var="branch_name=$(BRANCH_NAME)" --auto-approve run-dev: ecr docker-compose -f docker-compose.dev.yml up --build --force-recreate --remove-orphans -d diff --git a/terraform/ap-southeast-2/.terraform.lock.hcl b/terraform/ap-southeast-2/deployec2/.terraform.lock.hcl similarity index 100% rename from terraform/ap-southeast-2/.terraform.lock.hcl rename to terraform/ap-southeast-2/deployec2/.terraform.lock.hcl diff --git a/terraform/ap-southeast-2/backend.tf b/terraform/ap-southeast-2/deployec2/backend.tf similarity index 100% rename from terraform/ap-southeast-2/backend.tf rename to terraform/ap-southeast-2/deployec2/backend.tf diff --git a/terraform/ap-southeast-2/main.tf b/terraform/ap-southeast-2/deployec2/main.tf similarity index 75% rename from terraform/ap-southeast-2/main.tf rename to terraform/ap-southeast-2/deployec2/main.tf index f1ba7e2..46bc9f5 100644 --- a/terraform/ap-southeast-2/main.tf +++ b/terraform/ap-southeast-2/deployec2/main.tf @@ -1,5 +1,5 @@ module "demo-infra" { - source = "../modules/ec2_docker" + source = "../../modules/ec2_docker" branch_name = var.branch_name cloud_watch_name = var.cloud_watch_name } diff --git a/terraform/ap-southeast-2/provider.tf b/terraform/ap-southeast-2/deployec2/provider.tf similarity index 100% rename from terraform/ap-southeast-2/provider.tf rename to terraform/ap-southeast-2/deployec2/provider.tf diff --git a/terraform/ap-southeast-2/variables.tf b/terraform/ap-southeast-2/deployec2/variables.tf similarity index 100% rename from terraform/ap-southeast-2/variables.tf rename to terraform/ap-southeast-2/deployec2/variables.tf diff --git a/terraform/ap-southeast-2/loadbalancer/backend.tf b/terraform/ap-southeast-2/loadbalancer/backend.tf new file mode 100644 index 0000000..ce1ba3a --- /dev/null +++ b/terraform/ap-southeast-2/loadbalancer/backend.tf @@ -0,0 +1,10 @@ +terraform { + backend "s3" { + bucket = "trackback-terraform" + dynamodb_table = "terraform-locks" + key = "trackback-dev-nodes.tfstate" + region = "ap-southeast-2" + encrypt = true + acl = "bucket-owner-full-control" + } +} diff --git a/terraform/ap-southeast-2/loadbalancer/main.tf b/terraform/ap-southeast-2/loadbalancer/main.tf new file mode 100644 index 0000000..c7238c0 --- /dev/null +++ b/terraform/ap-southeast-2/loadbalancer/main.tf @@ -0,0 +1,12 @@ +module "dev-nodes" { + source = "../../modules/loadbalancer_r53" + certificate_arn = var.certificate_arn + load_balancer_name = var.load_balancer_name + zone_id = var.zone_id + domain = var.domain + +} + +output "info" { + value = module.dev-nodes +} diff --git a/terraform/ap-southeast-2/loadbalancer/provider.tf b/terraform/ap-southeast-2/loadbalancer/provider.tf new file mode 100644 index 0000000..6d915cf --- /dev/null +++ b/terraform/ap-southeast-2/loadbalancer/provider.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "3.50.0" + } + } +} + +provider "aws" { + region = "ap-southeast-2" +} diff --git a/terraform/ap-southeast-2/loadbalancer/variables.tf b/terraform/ap-southeast-2/loadbalancer/variables.tf new file mode 100644 index 0000000..3ef7fc7 --- /dev/null +++ b/terraform/ap-southeast-2/loadbalancer/variables.tf @@ -0,0 +1,21 @@ +variable "load_balancer_name" { + type = string + default = "TrackBackDevChain" +} + +variable "certificate_arn" { + type = string + default = "arn:aws:acm:ap-southeast-2:533545012068:certificate/4fc4d08a-913c-468b-a9b2-69475b142193" +} + +variable "zone_id" { + type = string + default = "Z08514031O6MGON8YFSCB" +} + +variable "domain" { + type = string + default = "n01.trackback.dev" +} + + diff --git a/terraform/modules/ec2_attachment/cloudwatch.tf b/terraform/modules/ec2_attachment/cloudwatch.tf new file mode 100644 index 0000000..41b69b8 --- /dev/null +++ b/terraform/modules/ec2_attachment/cloudwatch.tf @@ -0,0 +1,3 @@ +resource "aws_cloudwatch_log_group" "aws_cwl_ec2" { + name = var.cloud_watch_name +} \ No newline at end of file diff --git a/terraform/modules/ec2_attachment/ec2.tf b/terraform/modules/ec2_attachment/ec2.tf new file mode 100644 index 0000000..46b0d63 --- /dev/null +++ b/terraform/modules/ec2_attachment/ec2.tf @@ -0,0 +1,122 @@ +data "aws_lb_target_group" "tg_substrateNode" { + arn = "arn:aws:elasticloadbalancing:ap-southeast-2:533545012068:targetgroup/SubstrateNode/0314959edf168f21" +} + +resource "aws_security_group" "tanz_node" { + name = "security_group for substrate node" + + ingress { + description = "SSH from the internet" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "80 from the internet" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "9944 from the internet" + from_port = 9944 + to_port = 9944 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "9933 from the internet" + from_port = 9933 + to_port = 9933 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "30333 from the internet" + from_port = 30333 + to_port = 30333 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + +} + + + +resource "aws_instance" "tanz_demo_web" { + ami = "ami-0567f647e75c7bc05" + instance_type = "c4.xlarge" + vpc_security_group_ids = [aws_security_group.tanz_node.id] + associate_public_ip_address = false + key_name = var.key_name + iam_instance_profile = aws_iam_instance_profile.tz-demo-profile.id + + tags = { + Name = "TrackBack-Node" + } + + root_block_device { + volume_type = "gp2" + volume_size = 100 + } + + user_data = <<-EOF +#!/bin/bash +apt-get update +apt-get install -y apt-transport-https ca-certificates curl software-properties-common +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - +add-apt-repository \ + "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ + $(lsb_release -cs) \ + stable" +apt-get update +apt-get install -y docker-ce +chmod 666 /var/run/docker.sock +apt-get install -y git +usermod -aG docker ubuntu + +# Install docker-compose +curl -L https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose + +cd /home/ubuntu + +curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" +apt install -y unzip +unzip awscliv2.zip +sudo ./aws/install +apt install -y make + +git clone --single-branch --branch ${var.branch_name} https://${var.git_token}@github.com/trackback-blockchain/trackback-node.git repo +chown ubuntu:ubuntu -R repo + +cd repo +make run-dev + +EOF + +} + +resource "aws_lb_target_group_attachment" "tg_attachment" { + target_group_arn = data.aws_lb_target_group.tg_substrateNode.arn + target_id = aws_instance.tanz_demo_web.id + port = 9944 +} + +output "tanz_demo_web" { + value = aws_instance.tanz_demo_web +} + diff --git a/terraform/modules/ec2_attachment/iam.tf b/terraform/modules/ec2_attachment/iam.tf new file mode 100644 index 0000000..9450430 --- /dev/null +++ b/terraform/modules/ec2_attachment/iam.tf @@ -0,0 +1,79 @@ +data "aws_iam_policy_document" "tz-demo-role-ecr" { + statement { + sid = "" + effect = "Allow" + + resources = ["*"] + + actions = [ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecr:DescribeImages", + "ecr:BatchGetImage", + "ecr:GetLifecyclePolicy", + "ecr:GetLifecyclePolicyPreview", + "ecr:ListTagsForResource", + "ecr:DescribeImageScanFindings" + ] + } + + statement { + effect = "Allow" + + resources = ["*"] + + actions = [ + "cloudwatch:PutMetricData", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ] + } + + statement { + effect = "Allow" + + resources = ["arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"] + + actions = [ + "ssm:GetParameter" + ] + } +} + +data "aws_iam_policy_document" "tz-demo-assume-role-policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } +} + +resource "aws_iam_role" "tz-demo-role" { + name = "tz-demo-role" + + assume_role_policy = data.aws_iam_policy_document.tz-demo-assume-role-policy.json +} + +resource "aws_iam_instance_profile" "tz-demo-profile" { + name = "tz-demo-profile" + role = aws_iam_role.tz-demo-role.id +} + +resource "aws_iam_role_policy" "tz-demo-role_policy" { + name = "tz-demo-role_policy" + role = aws_iam_role.tz-demo-role.id + + policy = data.aws_iam_policy_document.tz-demo-role-ecr.json +} diff --git a/terraform/modules/ec2_attachment/variables.tf b/terraform/modules/ec2_attachment/variables.tf new file mode 100644 index 0000000..407dae5 --- /dev/null +++ b/terraform/modules/ec2_attachment/variables.tf @@ -0,0 +1,18 @@ +variable "key_name" { + type = string + default = "ec2_key" +} + + +variable "git_token" { + type = string + default = "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" +} + +variable "branch_name" { + type = string +} + +variable "cloud_watch_name" { + type = string +} diff --git a/terraform/modules/loadbalancer_r53/loadbalancer.tf b/terraform/modules/loadbalancer_r53/loadbalancer.tf new file mode 100644 index 0000000..e8c106c --- /dev/null +++ b/terraform/modules/loadbalancer_r53/loadbalancer.tf @@ -0,0 +1,117 @@ + +locals { + targetGroupSettings = { + "9944" : { port : "9944", listenerPort : "443" }, + "9933" : { port : "9933", listenerPort : "9933" }, + "30333" : { port : "30333", listenerPort : "30333" }, + } + +} + +resource "aws_security_group" "aws_sg_lb" { + name = "${var.load_balancer_name} SG: 22 80 9944 9933 30333" + + ingress { + description = "SSH from the internet" + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "80 from the internet" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "9944 from the internet" + from_port = 9944 + to_port = 9944 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "9933 from the internet" + from_port = 9933 + to_port = 9933 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + description = "30333 from the internet" + from_port = 30333 + to_port = 30333 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } + +} + + +resource "aws_lb" "main" { + name = var.load_balancer_name + + internal = false + load_balancer_type = "application" + subnets = ["subnet-ea47828c", "subnet-ece91fa4", "subnet-cd384f95"] + + security_groups = [aws_security_group.aws_sg_lb.id] +} + +resource "aws_lb_target_group" "targetGroups" { + + for_each = local.targetGroupSettings + name = "${var.load_balancer_name}TG${each.value.port}" + port = each.value.port + protocol = "HTTP" + vpc_id = "vpc-fa9f829d" + + health_check { + enabled = true + port = 80 + path = "/" + } +} + + +resource "aws_lb_listener" "listners" { + + for_each = { + for tg in aws_lb_target_group.targetGroups : tg.name => { + arn : tg.arn + port : tg.port == 9944 ? 443 : tg.port + } + } + + load_balancer_arn = aws_lb.main.arn + port = each.value.port + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + certificate_arn = var.certificate_arn + + default_action { + type = "forward" + target_group_arn = each.value.arn + } +} + +output "targetGroups" { + value = { + for tg in aws_lb_target_group.targetGroups : tg.name => { + arn : tg.arn + } + } +} diff --git a/terraform/modules/loadbalancer_r53/route53.tf b/terraform/modules/loadbalancer_r53/route53.tf new file mode 100644 index 0000000..48e5825 --- /dev/null +++ b/terraform/modules/loadbalancer_r53/route53.tf @@ -0,0 +1,11 @@ +resource "aws_route53_record" "www" { + zone_id = var.zone_id + name = var.domain + type = "A" + + alias { + name = aws_lb.main.dns_name + zone_id = aws_lb.main.zone_id + evaluate_target_health = true + } +} diff --git a/terraform/modules/loadbalancer_r53/variables.tf b/terraform/modules/loadbalancer_r53/variables.tf new file mode 100644 index 0000000..3e43fd1 --- /dev/null +++ b/terraform/modules/loadbalancer_r53/variables.tf @@ -0,0 +1,15 @@ +variable "certificate_arn" { + type = string +} + +variable "load_balancer_name" { + type = string +} + +variable "zone_id" { + type = string +} + +variable "domain" { + type = string +} From 71d6414289cc6220162079cbb5eb66b4fa3e9687 Mon Sep 17 00:00:00 2001 From: Gayan Date: Wed, 29 Sep 2021 12:00:09 +1300 Subject: [PATCH 9/9] Fixed Terraform key name --- terraform/ap-southeast-2/loadbalancer/backend.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/ap-southeast-2/loadbalancer/backend.tf b/terraform/ap-southeast-2/loadbalancer/backend.tf index ce1ba3a..385e9f9 100644 --- a/terraform/ap-southeast-2/loadbalancer/backend.tf +++ b/terraform/ap-southeast-2/loadbalancer/backend.tf @@ -2,7 +2,7 @@ terraform { backend "s3" { bucket = "trackback-terraform" dynamodb_table = "terraform-locks" - key = "trackback-dev-nodes.tfstate" + key = "trackback-staging.tfstate" region = "ap-southeast-2" encrypt = true acl = "bucket-owner-full-control"