terra_boi 0.0.12 → 1.0.1

data/lib/generators/terra_boi/templates/lib/terraform_modules/ecs_worker/ecs_role.tf.erb

@@ -0,0 +1,7 @@
+# ---------------------------------------------------------------------------------------------------------------------
+# 1. ECS IAM ROLE (Created in web_app)
+# ---------------------------------------------------------------------------------------------------------------------
+
+data "aws_iam_role" "ecs_execution_role" {
+  name = "ecs_${var.app_name}_execution_role"
+}

data/lib/generators/terra_boi/templates/lib/terraform_modules/ecs_worker/main.tf.erb

@@ -0,0 +1,120 @@
+provider "aws" {
+  version = "~> 2.0"
+  region  = var.region
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# 1. ECS TASK
+# ---------------------------------------------------------------------------------------------------------------------
+
+data "aws_ecr_repository" "ecr_repo" {
+  name = "${var.app_name}-ecr-repo"
+}
+
+data "aws_ecs_cluster" "ecs_cluster" {
+  cluster_name = "${var.app_name}-${var.environment}"
+}
+
+data "terraform_remote_state" "db" {
+  backend = "s3"
+
+  config = {
+    bucket = "${var.app_name}-terraform-state-storage"
+    key    = "terraform/${var.environment}-state/terra-boi-data"
+    region = "us-east-2"
+  }
+}
+
+data "template_file" "task" {
+  template = "${file("../../lib/task_templates/${var.template_filename}")}"
+
+  vars = {
+    image       = data.aws_ecr_repository.ecr_repo.repository_url
+    app_name    = var.app_name
+    app_type    = var.app_type
+    environment = var.environment
+    region      = var.region
+    memory      = var.worker_task.memory
+    cpu         = var.worker_task.cpu
+    db_host     = data.terraform_remote_state.db.outputs.address
+    db_username = data.terraform_remote_state.db.outputs.db_username
+    db_password = var.db_password
+    aws_access_key = var.aws_access_key
+    aws_secret_key = var.aws_secret_key
+  }
+}
+
+resource "aws_ecs_task_definition" "web_app" {
+  family                   = var.app_type           # Naming our first task
+  requires_compatibilities = ["FARGATE"]            # Stating that we are using ECS Fargate
+  network_mode             = "awsvpc"               # Using awsvpc as our network mode as this is required for Fargate
+  memory                   = var.worker_task.memory # Specifying the memory our container requires
+  # https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html
+  cpu                   = var.worker_task.cpu # Specifying the CPU our container requires
+  task_role_arn         = data.aws_iam_role.ecs_execution_role.arn
+  execution_role_arn    = data.aws_iam_role.ecs_execution_role.arn
+  container_definitions = data.template_file.task.rendered
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# 2. ECS SERVICE
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "aws_ecs_service" "app" {
+  name            = var.app_type                        # Naming our first service
+  cluster         = data.aws_ecs_cluster.ecs_cluster.id # Referencing our created Cluster
+  task_definition = aws_ecs_task_definition.web_app.arn # Referencing the task our service will spin up
+  launch_type     = "FARGATE"
+  desired_count   = var.worker_task.desired_count
+
+  network_configuration {
+    subnets          = [aws_default_subnet.default_subnet_a.id, aws_default_subnet.default_subnet_b.id, aws_default_subnet.default_subnet_c.id]
+    assign_public_ip = true
+    security_groups  = [aws_security_group.service_security_group.id]
+  }
+
+  depends_on = [aws_cloudwatch_log_group.logs]
+}
+
+resource "aws_security_group" "service_security_group" {
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# 3. REFERENCE NETWORK RESOURCES (to default VPC)
+# ---------------------------------------------------------------------------------------------------------------------
+
+# # Providing a reference to our default VPC
+resource "aws_default_vpc" "default_vpc" {
+}
+
+# Providing a reference to our default subnets
+resource "aws_default_subnet" "default_subnet_a" {
+  availability_zone = "${var.region}a"
+}
+
+resource "aws_default_subnet" "default_subnet_b" {
+  availability_zone = "${var.region}b"
+}
+
+resource "aws_default_subnet" "default_subnet_c" {
+  availability_zone = "${var.region}c"
+}
+
+# ---------------------------------------------------------------------------------------------------------------------
+# 4. Logging
+# ---------------------------------------------------------------------------------------------------------------------
+
+resource "aws_cloudwatch_log_group" "logs" {
+  name              = "/fargate/service/${var.app_name}-${var.environment}-${var.app_type}"
+  retention_in_days = 90
+
+  tags = {
+    app = var.app_name
+  }
+}

data/lib/generators/terra_boi/templates/lib/terraform_modules/ecs_worker/output.tf.erb

@@ -0,0 +1,7 @@
+output "ecs_service_name" {
+  value = aws_ecs_service.app.name
+}
+
+output "ecs_cluster_name" {
+  value = data.aws_ecs_cluster.ecs_cluster.cluster_name
+}

data/lib/generators/terra_boi/templates/lib/terraform_modules/ecs_worker/var.tf.erb

@@ -0,0 +1,57 @@
+# -----------------------------
+# 1. GENERAL
+# -----------------------------
+
+# Optional
+
+variable "region" {
+  type    = string
+  default = "us-east-2"
+}
+
+variable "app_name" {
+  type    = string
+  default = "<%= application_name %>"
+}
+
+variable "environment" {
+  type    = string
+  default = "dev"
+}
+
+variable "app_type" {
+  type    = string
+  default = "web_app"
+}
+
+variable "template_filename" {
+  type    = string
+  default = "web_app.json"
+}
+
+variable "db_password" {
+  description = "The password for the database"
+  type        = string
+}
+
+variable "aws_access_key" {
+  type        = string
+}
+
+variable "aws_secret_key" {
+  type        = string
+}
+
+# -----------------------------
+# 2. WEB APP TASK
+# -----------------------------
+
+variable "worker_task" {
+  type = map
+
+  default = {
+    memory        = 512
+    cpu           = 256
+    desired_count = 2
+  }
+}

data/lib/generators/terra_boi/templates/state_main.erb

@@ -3,7 +3,7 @@
 # ---------------------------------------------------------------------------------------------------------------------
 
 module "remote_state_locking" {
-  source = "github.com/charliereese/terraform_modules//state?ref=v0.0.23"
+  source = "github.com/charliereese/terraform_modules//state?ref=v0.0.25"
 
   app_name = "<%= application_name %>"
   region   = "us-east-2"

data/lib/generators/terra_boi/tf_cert_generator.rb

@@ -0,0 +1,28 @@
+require "generators/extensions"
+
+module TerraBoi
+	class TfCertGenerator < Rails::Generators::Base
+		attr_accessor :application_name, :class_options
+		class_option :domain_name, type: :string, default: 'example.com', aliases: ["d"]
+		source_root File.expand_path('templates', __dir__)
+
+		desc (<<-EOF
+			Generate HTTPS cert for domain
+			
+			To execute, run rails generate terra_boi:tf_cert
+			EOF
+			.gsub(/\t/, '')
+		)
+
+		def init
+			# defined in lib/generators/extensions
+			self.application_name = generate_application_name
+			self.class_options = options
+		end
+
+		def create_cert
+			template "cert/main.tf.erb", "terraform/cert/main.tf"
+			template "cert/var.tf.erb", "terraform/cert/var.tf"
+		end
+	end
+end

data/lib/generators/terra_boi/tf_ecr_generator.rb

@@ -0,0 +1,28 @@
+require "generators/extensions"
+
+module TerraBoi
+	class TfEcrGenerator < Rails::Generators::Base
+		attr_accessor :application_name
+		source_root File.expand_path('templates', __dir__)
+
+		desc (<<-EOF
+			Generate AWS Elastic Container Registry (for storing container images)
+			
+			To execute, run rails generate terra_boi:tf_ecr
+			EOF
+			.gsub(/\t/, '')
+		)
+
+		def init
+			# defined in lib/generators/extensions
+			self.application_name = generate_application_name
+		end
+
+		def create_ecr
+			template "ecr/ecs_role.tf.erb", "terraform/ecr/ecs_role.tf"
+			template "ecr/main.tf.erb", "terraform/ecr/main.tf"
+			template "ecr/output.tf.erb", "terraform/ecr/output.tf"
+			template "ecr/var.tf.erb", "terraform/ecr/var.tf"
+		end
+	end
+end

data/lib/generators/terra_boi/tf_env_generator.rb

@@ -0,0 +1,54 @@
+require "generators/extensions"
+
+module TerraBoi
+	class TfEnvGenerator < Rails::Generators::Base
+		attr_accessor :application_name, :class_options
+		class_option :envs, type: :array, default: ['staging', 'prod'], aliases: ["e"]
+		class_option :domain_name, type: :string, default: 'example.com', aliases: ["d"]
+		source_root File.expand_path('templates', __dir__)
+
+		TEMPLATES = {
+			ecs_cluster: [
+				"ecs_cluster.tf",
+			],
+			head_worker: [
+				"ecs.tf",
+			],
+			web_app: [
+				"ecs.tf",
+			],
+			data: [
+				"main.tf",
+				"output.tf",
+			]
+		}
+
+		desc (<<-EOF
+			Generate ecs directory (with cluster, web app service and head worker service) for each env
+			
+			To execute, run rails generate terra_boi:tf_ecs
+
+			Note: use -e or --env flag to specify list of infrastructure environments. Defaults to staging and prod
+			EOF
+			.gsub(/\t/, '')
+		)
+
+		def init
+			# defined in lib/generators/extensions
+			self.application_name = generate_application_name
+			self.class_options = options
+		end
+
+		def create_ecs
+			class_options[:envs].each do |env|
+				TEMPLATES.each do |dir, file_arr|
+					file_arr.each do |filename|
+						template "env/#{dir}/#{filename}.erb", "terraform/#{env}/#{dir}/#{filename}", {
+							env: env,
+						}
+					end
+				end
+			end
+		end
+	end
+end

data/lib/generators/terra_boi/tf_lib_generator.rb

@@ -0,0 +1,57 @@
+require "generators/extensions"
+
+module TerraBoi
+	class TfLibGenerator < Rails::Generators::Base
+		attr_accessor :application_name, :class_options
+		class_option :domain_name, type: :string, default: 'example.com', aliases: ["d"]
+		source_root File.expand_path('templates', __dir__)
+
+		TEMPLATES = {
+			scripts: [
+				"push_to_ecr.sh",
+				"update_service_pull_from_ecr.sh",
+			],
+			task_templates: [
+				"web_app.json",
+				"head_worker.json",
+			],
+			terraform_modules: [
+				"ecs_cluster/main.tf",
+				"ecs_cluster/var.tf",
+
+				"ecs_web_app/ecs_role.tf",
+				"ecs_web_app/load_balancer.tf",
+				"ecs_web_app/main.tf",
+				"ecs_web_app/output.tf",
+				"ecs_web_app/var.tf",
+
+				"ecs_worker/ecs_role.tf",
+				"ecs_worker/main.tf",
+				"ecs_worker/output.tf",
+				"ecs_worker/var.tf",
+			]
+		}
+
+		desc (<<-EOF
+			Generate lib directory with templates, scripts, and modules for deploying application containers to AWS ECS
+			
+			To execute, run rails generate terra_boi:tf_lib
+			EOF
+			.gsub(/\t/, '')
+		)
+
+		def init
+			# defined in lib/generators/extensions
+			self.application_name = generate_application_name
+			self.class_options = options
+		end
+
+		def create_ecr
+			TEMPLATES.each do |dir, file_arr|
+				file_arr.each do |filename|
+					template "lib/#{dir}/#{filename}.erb", "terraform/lib/#{dir}/#{filename}" 
+				end
+			end
+		end
+	end
+end

data/lib/generators/terra_boi/tf_state_generator.rb

@@ -0,0 +1,24 @@
+require "generators/extensions"
+
+module TerraBoi
+	class TfStateGenerator < Rails::Generators::Base
+		attr_accessor :application_name
+		source_root File.expand_path('templates', __dir__)
+
+		desc (<<-EOF
+			Generate DB and S3 bucket for storing and locking terraform state
+			
+			To execute, run rails generate terra_boi:tf_state
+			EOF
+			.gsub(/\t/, '')
+		)
+
+		def init
+			self.application_name = generate_application_name
+		end
+
+		def create_main_terraform_file
+			template "state_main.erb", "terraform/state/main.tf"
+		end
+	end
+end

data/lib/tasks/terra_boi_tasks.rake

@@ -1,4 +1,280 @@
-# desc "Explaining what the task does"
-# task :terra_boi do
-#   # Task goes here
-# end
+require 'colorize'
+
+namespace :terra_boi do	
+	desc """
+	Generate terraform (AWS) infrastructure code for your rails application.
+
+	Creates infrastructure code for RDS DBs, ALBs, ECRs, ECS clusters, services, 
+	and tasks, and various security groups and other resources for each 
+	deployment environment (e.g. staging and prod)
+
+	Usage without ENVS arg (creates staging and prod envs by default):
+	rake \"terra_boi:generate_infra\"
+
+	Usage with ENVS arg:
+	rake \"terra_boi:generate_infra[ENV1 ENV2 ENVn]\"
+	e.g. rake \"terra_boi:generate_infra[dev staging prod]\"
+
+	Takes one optional arg:
+	arg 1: envs (default value: staging prod)
+	"""
+	task :generate_infra, [:envs] => [:environment] do |_, args|
+		ENVS = get_envs(args)
+
+		create_boilerplate_files
+		apply_terraform_state
+		apply_terraform_cert
+		apply_ecr
+		apply_data
+		push_container_to_ecr
+		apply_web_app_and_worker
+		puts_urls_for_alb
+		puts_how_to_connect_domain_and_load_balancer
+		puts_twitter_plug
+	end
+
+	desc """
+	Destroy terraform (AWS) infrastructure code for your rails application.
+
+	Usage without ENVS arg (creates staging and prod envs by default):
+	rake \"terra_boi:destroy_infra\"
+
+	Usage with ENVS arg:
+	rake \"terra_boi:destroy_infra[ENV1 ENV2 ENVn]\"
+	e.g. rake \"terra_boi:destroy_infra[dev staging prod]\"
+
+	Takes one optional arg:
+	arg 1: envs (default value: staging prod)
+	"""
+	task :destroy_infra, [:envs] => [:environment] do |_, args|
+		ENVS = get_envs(args)
+		
+		ENVS.each do |env|	
+			puts "\nDestroying application infrastructure for #{env}...\n".cyan.bold
+			
+			directories = [:head_worker, :web_app, :ecs_cluster, :data]
+			directories.each do |dir_name|
+				sh "cd terraform/#{env}/#{dir_name} && terraform destroy"
+			end
+		end
+
+		sh "cd terraform/ecr && terraform destroy"
+		sh "cd terraform/cert && terraform destroy"
+		sh "cd terraform/state && terraform destroy"
+	end
+end
+
+desc """
+Deploy your rails application.
+
+By default, deploys to staging and prod.
+
+Usage without ENVS arg (deploys to staging and prod envs by default):
+rake \"terra_boi:deploy\"
+
+Usage with ENVS arg:
+rake \"terra_boi:deploy[ENV1 ENV2 ENVn]\"
+e.g. rake \"terra_boi:deploy[staging prod]\"
+
+Takes one arg:
+arg 1: envs (default value: staging prod)
+"""
+task :deploy, [:envs] => [:environment] do |task, args|
+	ENVS = get_envs(args)
+	puts "\nDeploying rails application to #{ENVS.to_sentence} infrastructure\n".cyan.bold
+
+	conditional_push_container_to_ecr
+	
+	ENVS.each do |env|		
+		ecs_tasks = [:web_app, :head_worker]
+		ecs_tasks.each do |task_name|
+			puts "\nDeploying #{env} #{task_name} task\n".cyan.bold
+			sh "./terraform/lib/scripts/update_service_pull_from_ecr.sh #{env} #{task_name}"
+		end
+	end
+end
+
+# ---------------------------------
+# Helper methods
+# ---------------------------------
+
+def get_envs(args)
+	if args[:envs]
+		args[:envs].split(' ')
+	else
+		[:staging, :prod]
+	end
+end
+
+def create_boilerplate_files
+	config = {}
+
+	puts "\nTERRA_BOI | Generating boilerplate infrastructure as code with terra_boi for your rails project...\n".cyan.bold
+	sleep 1
+	config[:ruby_version] = get_ruby_docker_base_image
+	sleep 1
+	config[:domain_name] = get_domain_name 
+	sleep 1
+
+	puts "\nTERRA_BOI | Generating infrastructure code using the configuration you provided...\n".cyan.bold
+	sleep 1
+
+	sh "rails g terra_boi:boilerplate -d #{config[:domain_name]} -r #{config[:ruby_version]}"
+
+	sleep 1
+	puts "\nTERRA_BOI | Marking deployment scripts executable...\n".bold
+	sh "chmod +x ./terraform/lib/scripts/*"
+end
+
+def apply_terraform_state
+	puts "\nTERRA_BOI | Creating terraform state...\n".cyan.bold
+	sh "cd terraform/state && terraform init && terraform apply -input=false -auto-approve"
+end
+
+def apply_terraform_cert
+	puts "\nTERRA_BOI | Creating HTTPS certificate in AWS Certificate Manager...\n".cyan.bold
+	sh "cd terraform/cert && terraform init"
+
+	print_certificate_validation_instructions
+	sleep 2
+	sh "cd terraform/cert && terraform apply -input=false -auto-approve"
+	confirm_certificate_successfully_validated
+end
+
+def apply_data
+	ENVS.each do |env|
+		puts "\nTERRA_BOI | Creating RDS DB instance and S3 bucket for #{env}...\n".cyan.bold
+		sh "cd terraform/#{env}/data && terraform init && terraform apply -input=false -auto-approve"
+	end
+end
+
+def apply_ecr
+	puts "\nTERRA_BOI | Creating AWS ECR (Elastic Container Registry) for your application's docker images...\n".cyan.bold
+	sh "cd terraform/ecr && terraform init && terraform apply -input=false -auto-approve"
+end
+
+def push_container_to_ecr
+	puts "\nTERRA_BOI | Building application docker container then pushing to ECR...\n".cyan.bold
+	sh "./terraform/lib/scripts/push_to_ecr.sh" do |ok, res|
+		if !ok
+			puts "\nTERRA_BOI | Docker container build and push failed (status = #{res.exitstatus})".cyan.bold
+			puts "\nTERRA_BOI | Pruning docker (to create more memory) and retrying...\n".cyan.bold
+			sh "docker system prune -a && ./terraform/lib/scripts/push_to_ecr.sh"
+		end
+	end
+end
+
+def apply_web_app_and_worker
+	directories = [:ecs_cluster, :web_app, :head_worker]
+	ENVS.each do |env|	
+		puts "\nTERRA_BOI | Building web app and worker ECS infrastructure for #{env}...\n".cyan.bold
+		directories.each do |dir_name|
+			sh "cd terraform/#{env}/#{dir_name} && terraform init && terraform apply -input=false -auto-approve"
+		end
+	end
+end
+
+def puts_urls_for_alb
+	ENVS.each do |env|
+		url = `cd terraform/#{env}/web_app && terraform output alb_dns`
+		puts "\nTERRA_BOI | Public application load balancer URL for #{env}:".cyan.bold
+		puts "#{env} alb_dns: #{url}"
+	end
+end
+
+def puts_how_to_connect_domain_and_load_balancer
+	puts "\nTERRA_BOI | GIDDY UP! TERRA_BOI HAS FINISHED CREATING INFRASTRUCTURE FOR YOUR RAILS APPLICATION!".cyan.bold
+
+	puts "\nTERRA_BOI | To connect your domain name to your application's new AWS infrastructure:".red
+	puts "1) Go to your domain register (e.g. Namecheap)"
+	puts "2) Add the alb_dns output value (i.e. the public URL for your load balancer) to your domain's DNS records. alb_dns public URL values are output above"
+	puts """E.g. to redirect staging.YOUR_DOMAIN_NAME to the load balancer you just deployed, add the following record to your DNS records: 
+	TYPE: ALIAS
+	HOST: staging
+	VALUE: alb_dns output value (something like app-staging-725123955.us-east-2.elb.amazonaws.com)"""
+
+	puts "\nNote: you can have multiple ALIAS records for different subdomains\n"
+end
+
+def puts_twitter_plug
+	puts "\nTERRA_BOI | Let me know what you think about terra_boi on Twitter @charlieinthe6!".cyan.bold
+end
+
+def conditional_push_container_to_ecr
+	print "TERRA_BOI | Question: ".red
+	puts "Build and push container updates to ECR first (y/n)?"
+	puts "Answer y if you haven't built and pushed most recent updates to ECR yet."
+	puts "...and answer y if you aren't sure."
+	print "==> ".red
+	answer = STDIN.gets.downcase.gsub(/[^yn]/, "")
+
+	push_container_to_ecr if answer == 'y'
+end
+
+# ---------------------------------
+# Helper^2 methods
+# ---------------------------------
+
+def print_certificate_validation_instructions
+	puts "\nTERRA_BOI | Certificate validation instructions:".red
+	puts "1) Log into AWS Console and go to AWS Certificate Manager (default region is us-east-2)"
+	puts "2) Expand issued certificate for your domain, and find CNAME record for domain validation"
+	puts "3) Add CNAME record listed for your domain to your domain's DNS records (i.e. log into where you purchased your domain and add CNAME record to it)\n\n"
+	puts "NOTE: the Host field for your CNAME record will be something like _123f2cc99f15298ff717ac26dd6993. The Value field for your CNAME record will be something like _bf123a01234a134123412341324.dasfjkhasd.acm-validation.aws.\n\n".bold
+end
+
+def confirm_certificate_successfully_validated
+	answer = ''
+	until answer == 'y'
+		print "TERRA_BOI | Question 3: ".red
+		puts "Has your HTTPS / SSL certificate successfully validated in AWS Console - AWS Certificate Manager (y/n)?"
+		print "==> ".red
+		answer = STDIN.gets.downcase.gsub(/[^yn]/, "")
+		
+		if answer == 'y' 
+			next
+		else
+			print_certificate_validation_instructions
+			sleep 5
+		end
+	end
+end
+
+def get_ruby_docker_base_image
+	print "TERRA_BOI | Question 1: ".red
+	puts "Do you want to use the default ruby Docker base image 2.7.1 (y/n)?"
+	print "==> ".red
+	answer = STDIN.gets.downcase.gsub(/[^yn]/, "")
+
+	if answer == 'y'
+		ruby_docker_base_image = "2.7.1"
+	else
+		ruby_docker_base_image = ""
+		print "\nTERRA_BOI | Question 1 follow-up: ".red
+		puts "Which ruby Docker base image would you like to use (https://hub.docker.com/_/ruby/)?"
+		puts "Recommended answer: 2.7.1"
+		
+		until ruby_docker_base_image.length > 0
+			print "==> ".red
+			ruby_docker_base_image = STDIN.gets.gsub(/[^0-9\.]/, "")
+		end
+	end
+
+	puts "\nGreat! Using #{ruby_docker_base_image} as the base Docker image for your infrastructure.".bold
+	return ruby_docker_base_image
+end
+
+def get_domain_name
+	print "\nTERRA_BOI | Question 2: ".red
+	puts "What domain name will you be using for your project?"
+	puts "E.g. example.com (do not include a subdomain or 'www')"
+	
+	domain_name = ""
+	until domain_name.length > 2
+		print "==> ".red
+		domain_name = STDIN.gets.chomp
+	end
+
+	puts "\nRad! Setting #{domain_name} as your domain_name.".bold
+	return domain_name
+end