terraformdsl 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
data/bin/setup ADDED
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
data/examples/Rakefile ADDED
@@ -0,0 +1,42 @@
1
+
2
+ task :setenv do
3
+ ENV['AWS_DEFAULT_REGION'] = "us-east-1"
4
+ ENV['APP_ENV'] ||= "prod"
5
+ #ENV['APP_ENV'] ||= "stg"
6
+ #ENV['APP_ENV'] ||= "dev"
7
+ end
8
+
9
+ desc "*.rb -> *.tf"
10
+ task :generate => :setenv do
11
+ sh "ruby aws-infra.rb > aws-infra.tf"
12
+ end
13
+
14
+ desc "terraform init"
15
+ task :init do
16
+ sh "terraform init"
17
+ end
18
+
19
+ desc "terraform plan"
20
+ task :plan => [:generate, :init] do
21
+ sh "terraform plan"
22
+ end
23
+
24
+ desc "terraform apply"
25
+ task :apply => [:generate, :init] do
26
+ sh "terraform apply"
27
+ end
28
+
29
+ desc "terraform destroy"
30
+ task :destroy do
31
+ sh "terraform destroy"
32
+ end
33
+
34
+ desc "terraform output"
35
+ task :output do
36
+ sh "terraform output"
37
+ end
38
+
39
+ desc "terraform refresh"
40
+ task :refresh do
41
+ sh "terraform refresh"
42
+ end
@@ -0,0 +1,204 @@
1
+ # -*- coding: utf-8 -*-
2
+
3
+ begin
4
+ require 'terraformdsl/aws'
5
+ rescue LoadError
6
+ require_relative '../lib/terraformdsl/aws'
7
+ end
8
+
9
+ region = ENV['AWS_DEFAULT_REGION'] or abort("$AWS_DEFAULT_REGION required.")
10
+ app_env = ENV['APP_ENV'] or abort("ERROR: $APP_ENV required.")
11
+ app_env =~ /^(prod|stg|dev)$/ or abort("ERROR: invalid $APP_ENV.")
12
+
13
+ var = TerraformDSL::Variables.new
14
+ var.define :base_domain , "ex: example.com"
15
+ var.define :office_ip , "ex: 123.123.123.123"
16
+ var.define :db_user , "ex: dbuser"
17
+ var.define :db_pass , "db password"
18
+
19
+ output = TerraformDSL::Outputs.new
20
+
21
+
22
+ vpc = nil
23
+ public_dns_records = []
24
+ private_dns_records = []
25
+
26
+ aws_infra = TerraformDSL::AWS.infra()
27
+
28
+
29
+ aws_infra.region(region) {
30
+
31
+ az_a = AZ("#{region}a") # ex: 'ap-east-1a'
32
+ az_b = AZ("#{region}b") # ex: 'ap-east-1b'
33
+ az_c = AZ("#{region}c") # ex: 'ap-east-1c'
34
+ az_d = AZ("#{region}d") # ex: 'ap-east-1d'
35
+
36
+ t3_nano = "t3.nano"
37
+ t3_micro = "t3.micro"
38
+
39
+ prefix = app_env.downcase()
40
+
41
+ ubuntu_ami = AMI('ubuntu18lts', "099720109477",
42
+ "ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1"
43
+ )
44
+
45
+ vpc = VPC("#{prefix}-vpc", "10.0.0.0/16") {|vpc|
46
+ vpc_cidr = vpc.cidr
47
+ ec2_sshkey_name = "#{prefix}-ubuntu"
48
+ bastion_sshkey_name = "#{prefix}-bastion"
49
+
50
+ ### Internet Gateway
51
+ gateway = InternetGateway("#{prefix}-gateway")
52
+
53
+ ## Route Table
54
+ public_rt = RouteTable("#{prefix}-public-routing") {
55
+ Route(nil, gateway: gateway)
56
+ }
57
+ private_rt = RouteTable("#{prefix}-private-routing") {
58
+ #Route(nil, gateway: gateway)
59
+ }
60
+
61
+ ### Subnet
62
+ public_a = Subnet("#{prefix}-public-a" , "10.0.1.0/24" , az_a, public_rt)
63
+ public_b = Subnet("#{prefix}-public-b" , "10.0.2.0/24" , az_b, public_rt)
64
+ public_c = Subnet("#{prefix}-public-c" , "10.0.3.0/24" , az_c, public_rt)
65
+ private_a = Subnet("#{prefix}-private-a", "10.0.11.0/24", az_a, private_rt)
66
+ private_b = Subnet("#{prefix}-private-b", "10.0.12.0/24", az_b, private_rt)
67
+ private_c = Subnet("#{prefix}-private-c", "10.0.13.0/24", az_c, private_rt)
68
+
69
+ ## Security Group
70
+ bastion_server = "#{prefix}-bastion"
71
+ bastion_secgrp = SecurityGroup("#{prefix}-bastion-secgrp", "allows ssh") {
72
+ #Ingress(:any , 0, :self)
73
+ Ingress(:tcp , 22, "#{var.office_ip}/32") # allows ssh only from office ip
74
+ Ingress(:icmp, nil, [vpc_cidr, "#{var.office_ip}/32"])
75
+ Egress( :any , 0, nil)
76
+ }
77
+ public_secgrp = SecurityGroup("#{prefix}-public-secgrp", "allows http,https") {
78
+ Ingress(:any , 0, :self)
79
+ Ingress(:tcp , 22, bastion_server)
80
+ Ingress(:tcp , 80, nil)
81
+ Ingress(:tcp , 443, nil)
82
+ Ingress(:icmp, nil, vpc_cidr)
83
+ Egress( :any , 0, nil)
84
+ }
85
+ private_secgrp = SecurityGroup("#{prefix}-private-secgrp", "deny inbound, allow outbound") {
86
+ Ingress(:any , 0, :self)
87
+ Ingress(:tcp , 22, bastion_server)
88
+ Ingress(:tcp , 5432, public_secgrp) # PostgreSQL port
89
+ Ingress(:icmp, nil, vpc_cidr)
90
+ Egress( :any , 0, nil)
91
+ }
92
+
93
+ ### EC2 and EIP
94
+ let public_a, bastion_secgrp, ubuntu_ami, bastion_sshkey_name do
95
+ |sn, sg, ami, kn|
96
+ bastion = EC2(bastion_server , t3_nano, ami, sn, sg, kn)
97
+ bastion_ip = EIP("#{prefix}-bastion-ip", bastion)
98
+ public_dns_records << [:A, "bastion", bastion_ip]
99
+ private_dns_records << [:A, "bastion", bastion]
100
+ output[:bastion_ip] = bastion_ip.attr(:public_ip)
101
+ end
102
+ let public_a, public_secgrp, ubuntu_ami, ec2_sshkey_name do
103
+ |sn, sg, ami, kn|
104
+ www_ec2 = EC2("#{prefix}-www-ec2" , t3_micro, ami, sn, sg, kn)
105
+ www_ip = EIP("#{prefix}-www-ip" , www_ec2)
106
+ public_dns_records << [:A, "www" , www_ip]
107
+ private_dns_records << [:A, "www" , www_ec2]
108
+ output[:www_ip] = www_ip.attr(:public_ip)
109
+ end
110
+
111
+ ### RDS
112
+ rds_master = nil
113
+ rds_slave = nil
114
+ let do
115
+ subnetgrp = RDS_SubnetGroup("rds-subnetgrp", [private_a, private_c])
116
+ paramgrp = RDS_ParameterGroup("pg10-paramgrp", "postgres10", {
117
+ #"rds.log_retention_period" => 10080, # = 60min * 24h * 7day
118
+ #"random_page_cost" => 1.1,
119
+ "work_mem" => 16384, # = 1024KB * 16MB
120
+ "maintenance_work_mem" => 32768, # = 1024KB * 32MB
121
+ #"log_filename" => "postgresql.log.%Y-%m-%d",
122
+ #"log_rotation_age" => 1440, # = 60min * 24h
123
+ #"log_lock_waits" => 1,
124
+ #"log_min_messages" => "notice",
125
+ #"log_min_duration_statement" => 200, # msec
126
+ #"log_temp_files" => 0,
127
+ #"log_connections" => 1,
128
+ #"log_disconnections" => 1,
129
+ "shared_preload_libraries!" => "auto_explain,pg_stat_statements",
130
+ #"auto_explain.log_min_duration" => 200, # msec
131
+ #"auto_explain.log_format" => "text", # text,xml,json,yaml
132
+ #"auto_explain.log_analyze" => 1,
133
+ #"auto_explain.log_buffers" => 1,
134
+ #"auto_explain.log_nested_statements" => 1,
135
+ #"pg_stat_statements.save" => 1, # default: 1
136
+ #"pg_stat_statements.track" => "all", # default: top
137
+ #"pg_stat_statements.max!" => 1000, # default: 1000
138
+ #"track_activity_query_size!" => 1024, # default: 1024
139
+ })
140
+ #optiongrp = RDS_OptionGroup("")
141
+ optiongrp = nil
142
+ #
143
+ rds_master = RDS_Instance("db-master", "db.t2.small")
144
+ let rds_master do |rds|
145
+ rds.database = {engine: "postgres", version: "10.6",
146
+ name: nil, port: 5432,
147
+ user: var.db_user, password: var.db_pass,
148
+ parameter_group: paramgrp, option_group: optiongrp}
149
+ rds.network = {subnet_group: subnetgrp,
150
+ security_group: [private_secgrp],
151
+ az: az_a, public_access: false, multi_az: false}
152
+ rds.storage = {type: :general, size: '20GB'}
153
+ rds.encryption = {enable: false}
154
+ rds.backup = {days: 14, window: {start: '00:00', hours: 0.5}}
155
+ rds.monitoring = {interval: 60} # 60sec
156
+ rds.maintenance = {auto_upgrade: true, maintenace_window: nil}
157
+ end
158
+ output[:rds_master_endpoint] = rds_master.attr(:endpoint)
159
+ #
160
+ rds_slave = RDS_ReadReplica("db-slave", "db.t2.micro", rds_master)
161
+ let rds_slave do |rds|
162
+ rds.database = {port: 5432}
163
+ rds.network = {region: region, subnet_group: subnetgrp,
164
+ az: az_c, public_access: false, multi_az: false}
165
+ rds.storage = {type: :general, size: '20GB'}
166
+ rds.encryption = {enable: false}
167
+ rds.monitoring = {interval: 60} # 60sec
168
+ rds.maintenance = {auto_upgrade: true}
169
+ end
170
+ output[:rds_slave_endpoint] = rds_slave.attr(:endpoint)
171
+ end#let
172
+
173
+ }#vpc
174
+
175
+ }#region
176
+
177
+
178
+ aws_infra.global {
179
+
180
+ Route53() {
181
+
182
+ Zone("public-#{app_env}", var.base_domain) {
183
+ s = app_env == "prod" ? "" : "#{app_env}-"
184
+ public_dns_records.each do |type, name, value|
185
+ Record(type, s+name, value)
186
+ end
187
+ }
188
+
189
+ PrivateZone("private-#{app_env}", "#{app_env}", vpc) {
190
+ private_dns_records.each do |type, name, value|
191
+ Record(type, name, value)
192
+ end
193
+ }
194
+
195
+ }
196
+
197
+ }
198
+
199
+
200
+ if __FILE__ == $0
201
+ puts var.generate_tf()
202
+ puts aws_infra.generate_tf()
203
+ puts output.generate_tf()
204
+ end
@@ -0,0 +1,472 @@
1
+ variable "base_domain" {
2
+ description = "ex: example.com"
3
+ }
4
+ variable "office_ip" {
5
+ description = "ex: 123.123.123.123"
6
+ }
7
+ variable "db_user" {
8
+ description = "ex: dbuser"
9
+ }
10
+ variable "db_pass" {
11
+ description = "db password"
12
+ }
13
+
14
+ provider "aws" {
15
+ #access_key = "${var.access_key}"
16
+ #secret_key = "${var.secret_key}"
17
+ region = "us-east-1"
18
+ }
19
+
20
+ data "aws_ami" "ubuntu18lts" {
21
+ most_recent = true
22
+ owners = ["099720109477"]
23
+ filter {
24
+ name = "name"
25
+ values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1"]
26
+ }
27
+ }
28
+
29
+ resource "aws_vpc" "dev-vpc" {
30
+ cidr_block = "10.0.0.0/16"
31
+ enable_dns_support = true
32
+ enable_dns_hostnames = true
33
+ tags {
34
+ Name = "dev-vpc"
35
+ }
36
+ }
37
+
38
+ resource "aws_internet_gateway" "dev-gateway" {
39
+ vpc_id = "${aws_vpc.dev-vpc.id}"
40
+ tags {
41
+ Name = "dev-gateway"
42
+ }
43
+ }
44
+
45
+ resource "aws_route_table" "dev-public-routing" {
46
+ vpc_id = "${aws_vpc.dev-vpc.id}"
47
+ tags {
48
+ Name = "dev-public-routing"
49
+ }
50
+ route {
51
+ cidr_block = "0.0.0.0/0"
52
+ gateway_id = "${aws_internet_gateway.dev-gateway.id}"
53
+ }
54
+ }
55
+
56
+ resource "aws_route_table" "dev-private-routing" {
57
+ vpc_id = "${aws_vpc.dev-vpc.id}"
58
+ tags {
59
+ Name = "dev-private-routing"
60
+ }
61
+ }
62
+
63
+ resource "aws_subnet" "dev-public-a" {
64
+ vpc_id = "${aws_vpc.dev-vpc.id}"
65
+ availability_zone = "us-east-1a"
66
+ cidr_block = "10.0.1.0/24"
67
+ tags {
68
+ Name = "dev-public-a"
69
+ }
70
+ }
71
+
72
+ resource "aws_route_table_association" "dev-public-routing-dev-public-a" {
73
+ route_table_id = "${aws_route_table.dev-public-routing.id}"
74
+ subnet_id = "${aws_subnet.dev-public-a.id}"
75
+ }
76
+
77
+ resource "aws_subnet" "dev-public-b" {
78
+ vpc_id = "${aws_vpc.dev-vpc.id}"
79
+ availability_zone = "us-east-1b"
80
+ cidr_block = "10.0.2.0/24"
81
+ tags {
82
+ Name = "dev-public-b"
83
+ }
84
+ }
85
+
86
+ resource "aws_route_table_association" "dev-public-routing-dev-public-b" {
87
+ route_table_id = "${aws_route_table.dev-public-routing.id}"
88
+ subnet_id = "${aws_subnet.dev-public-b.id}"
89
+ }
90
+
91
+ resource "aws_subnet" "dev-public-c" {
92
+ vpc_id = "${aws_vpc.dev-vpc.id}"
93
+ availability_zone = "us-east-1c"
94
+ cidr_block = "10.0.3.0/24"
95
+ tags {
96
+ Name = "dev-public-c"
97
+ }
98
+ }
99
+
100
+ resource "aws_route_table_association" "dev-public-routing-dev-public-c" {
101
+ route_table_id = "${aws_route_table.dev-public-routing.id}"
102
+ subnet_id = "${aws_subnet.dev-public-c.id}"
103
+ }
104
+
105
+ resource "aws_subnet" "dev-private-a" {
106
+ vpc_id = "${aws_vpc.dev-vpc.id}"
107
+ availability_zone = "us-east-1a"
108
+ cidr_block = "10.0.11.0/24"
109
+ tags {
110
+ Name = "dev-private-a"
111
+ }
112
+ }
113
+
114
+ resource "aws_route_table_association" "dev-private-routing-dev-private-a" {
115
+ route_table_id = "${aws_route_table.dev-private-routing.id}"
116
+ subnet_id = "${aws_subnet.dev-private-a.id}"
117
+ }
118
+
119
+ resource "aws_subnet" "dev-private-b" {
120
+ vpc_id = "${aws_vpc.dev-vpc.id}"
121
+ availability_zone = "us-east-1b"
122
+ cidr_block = "10.0.12.0/24"
123
+ tags {
124
+ Name = "dev-private-b"
125
+ }
126
+ }
127
+
128
+ resource "aws_route_table_association" "dev-private-routing-dev-private-b" {
129
+ route_table_id = "${aws_route_table.dev-private-routing.id}"
130
+ subnet_id = "${aws_subnet.dev-private-b.id}"
131
+ }
132
+
133
+ resource "aws_subnet" "dev-private-c" {
134
+ vpc_id = "${aws_vpc.dev-vpc.id}"
135
+ availability_zone = "us-east-1c"
136
+ cidr_block = "10.0.13.0/24"
137
+ tags {
138
+ Name = "dev-private-c"
139
+ }
140
+ }
141
+
142
+ resource "aws_route_table_association" "dev-private-routing-dev-private-c" {
143
+ route_table_id = "${aws_route_table.dev-private-routing.id}"
144
+ subnet_id = "${aws_subnet.dev-private-c.id}"
145
+ }
146
+
147
+ resource "aws_security_group" "dev-bastion-secgrp" {
148
+ name = "dev-bastion-secgrp"
149
+ description = "allows ssh"
150
+ vpc_id = "${aws_vpc.dev-vpc.id}"
151
+ tags {
152
+ Name = "dev-bastion-secgrp"
153
+ }
154
+ ingress {
155
+ from_port = "22"
156
+ to_port = "22"
157
+ protocol = "tcp"
158
+ cidr_blocks = ["${var.office_ip}/32"]
159
+ }
160
+ ingress {
161
+ from_port = "-1"
162
+ to_port = "-1"
163
+ protocol = "icmp"
164
+ cidr_blocks = ["10.0.0.0/16", "${var.office_ip}/32"]
165
+ }
166
+ egress {
167
+ from_port = "0"
168
+ to_port = "0"
169
+ protocol = "-1"
170
+ cidr_blocks = ["0.0.0.0/0"]
171
+ }
172
+ }
173
+
174
+ resource "aws_security_group" "dev-public-secgrp" {
175
+ name = "dev-public-secgrp"
176
+ description = "allows http,https"
177
+ vpc_id = "${aws_vpc.dev-vpc.id}"
178
+ tags {
179
+ Name = "dev-public-secgrp"
180
+ }
181
+ ingress {
182
+ from_port = "0"
183
+ to_port = "0"
184
+ protocol = "-1"
185
+ self = true
186
+ }
187
+ ingress {
188
+ from_port = "22"
189
+ to_port = "22"
190
+ protocol = "tcp"
191
+ cidr_blocks = ["${aws_instance.dev-bastion.private_ip}/32"]
192
+ }
193
+ ingress {
194
+ from_port = "80"
195
+ to_port = "80"
196
+ protocol = "tcp"
197
+ cidr_blocks = ["0.0.0.0/0"]
198
+ }
199
+ ingress {
200
+ from_port = "443"
201
+ to_port = "443"
202
+ protocol = "tcp"
203
+ cidr_blocks = ["0.0.0.0/0"]
204
+ }
205
+ ingress {
206
+ from_port = "-1"
207
+ to_port = "-1"
208
+ protocol = "icmp"
209
+ cidr_blocks = ["10.0.0.0/16"]
210
+ }
211
+ egress {
212
+ from_port = "0"
213
+ to_port = "0"
214
+ protocol = "-1"
215
+ cidr_blocks = ["0.0.0.0/0"]
216
+ }
217
+ }
218
+
219
+ resource "aws_security_group" "dev-private-secgrp" {
220
+ name = "dev-private-secgrp"
221
+ description = "deny inbound, allow outbound"
222
+ vpc_id = "${aws_vpc.dev-vpc.id}"
223
+ tags {
224
+ Name = "dev-private-secgrp"
225
+ }
226
+ ingress {
227
+ from_port = "0"
228
+ to_port = "0"
229
+ protocol = "-1"
230
+ self = true
231
+ }
232
+ ingress {
233
+ from_port = "22"
234
+ to_port = "22"
235
+ protocol = "tcp"
236
+ cidr_blocks = ["${aws_instance.dev-bastion.private_ip}/32"]
237
+ }
238
+ ingress {
239
+ from_port = "5432"
240
+ to_port = "5432"
241
+ protocol = "tcp"
242
+ security_groups = ["${aws_security_group.dev-public-secgrp.id}"]
243
+ }
244
+ ingress {
245
+ from_port = "-1"
246
+ to_port = "-1"
247
+ protocol = "icmp"
248
+ cidr_blocks = ["10.0.0.0/16"]
249
+ }
250
+ egress {
251
+ from_port = "0"
252
+ to_port = "0"
253
+ protocol = "-1"
254
+ cidr_blocks = ["0.0.0.0/0"]
255
+ }
256
+ }
257
+
258
+ resource "aws_instance" "dev-bastion" {
259
+ instance_type = "t3.nano"
260
+ ami = "${data.aws_ami.ubuntu18lts.image_id}"
261
+ subnet_id = "${aws_subnet.dev-public-a.id}"
262
+ vpc_security_group_ids = ["${aws_security_group.dev-bastion-secgrp.id}"]
263
+ key_name = "dev-bastion"
264
+ credit_specification {
265
+ cpu_credits = "unlimited"
266
+ }
267
+ tags {
268
+ Name = "dev-bastion"
269
+ }
270
+ }
271
+
272
+ resource "aws_eip" "dev-bastion-ip" {
273
+ vpc = true
274
+ instance = "${aws_instance.dev-bastion.id}"
275
+ tags {
276
+ Name = "dev-bastion-ip"
277
+ }
278
+ }
279
+
280
+ resource "aws_instance" "dev-www-ec2" {
281
+ instance_type = "t3.micro"
282
+ ami = "${data.aws_ami.ubuntu18lts.image_id}"
283
+ subnet_id = "${aws_subnet.dev-public-a.id}"
284
+ vpc_security_group_ids = ["${aws_security_group.dev-public-secgrp.id}"]
285
+ key_name = "dev-ubuntu"
286
+ credit_specification {
287
+ cpu_credits = "unlimited"
288
+ }
289
+ tags {
290
+ Name = "dev-www-ec2"
291
+ }
292
+ }
293
+
294
+ resource "aws_eip" "dev-www-ip" {
295
+ vpc = true
296
+ instance = "${aws_instance.dev-www-ec2.id}"
297
+ tags {
298
+ Name = "dev-www-ip"
299
+ }
300
+ }
301
+
302
+ resource "aws_db_subnet_group" "rds-subnetgrp" {
303
+ name = "rds-subnetgrp"
304
+ subnet_ids = ["${aws_subnet.dev-private-a.id}", "${aws_subnet.dev-private-c.id}"]
305
+ tags {
306
+ Name = "rds-subnetgrp"
307
+ }
308
+ }
309
+
310
+ resource "aws_db_parameter_group" "pg10-paramgrp" {
311
+ name = "pg10-paramgrp"
312
+ family = "postgres10"
313
+ parameter {
314
+ name = "work_mem"
315
+ value = "16384"
316
+ }
317
+ parameter {
318
+ name = "maintenance_work_mem"
319
+ value = "32768"
320
+ }
321
+ parameter {
322
+ name = "shared_preload_libraries"
323
+ value = "auto_explain,pg_stat_statements"
324
+ apply_method = "pending-reboot"
325
+ }
326
+ }
327
+
328
+ resource "aws_db_instance" "db-master" {
329
+ allocated_storage = "20"
330
+ auto_minor_version_upgrade = "true"
331
+ availability_zone = "us-east-1a"
332
+ backup_retention_period = "14"
333
+ backup_window = "00:00-00:30"
334
+ copy_tags_to_snapshot = "true"
335
+ db_subnet_group_name = "rds-subnetgrp"
336
+ engine = "postgres"
337
+ engine_version = "10.6"
338
+ identifier = "db-master"
339
+ instance_class = "db.t2.small"
340
+ monitoring_interval = "60"
341
+ monitoring_role_arn = "${aws_iam_role.rds-monitoring-role.arn}"
342
+ multi_az = "false"
343
+ parameter_group_name = "pg10-paramgrp"
344
+ password = "${var.db_pass}"
345
+ port = "5432"
346
+ publicly_accessible = "false"
347
+ storage_encrypted = "false"
348
+ storage_type = "gp2"
349
+ #timezone = "UTC"
350
+ username = "${var.db_user}"
351
+ vpc_security_group_ids = ["${aws_security_group.dev-private-secgrp.id}"]
352
+ #tags = {
353
+ # Name = "db-master"
354
+ #}
355
+ }
356
+
357
+ resource "aws_db_instance" "db-slave" {
358
+ allocated_storage = "20"
359
+ availability_zone = "us-east-1c"
360
+ copy_tags_to_snapshot = "true"
361
+ identifier = "db-slave"
362
+ instance_class = "db.t2.micro"
363
+ monitoring_interval = "60"
364
+ monitoring_role_arn = "${aws_iam_role.rds-monitoring-role.arn}"
365
+ multi_az = "false"
366
+ parameter_group_name = "pg10-paramgrp"
367
+ port = "5432"
368
+ publicly_accessible = "false"
369
+ replicate_source_db = "${aws_db_instance.db-master.id}"
370
+ storage_encrypted = "false"
371
+ storage_type = "gp2"
372
+ #timezone = "UTC"
373
+ vpc_security_group_ids = ["${aws_security_group.dev-private-secgrp.id}"]
374
+ #tags = {
375
+ # Name = "db-slave"
376
+ #}
377
+ }
378
+
379
+ resource "aws_route53_zone" "public-dev" {
380
+ name = "${var.base_domain}"
381
+ tags {
382
+ Name = "public-dev"
383
+ }
384
+ }
385
+
386
+ resource "aws_route53_record" "public-dev-dev-bastion-A" {
387
+ zone_id = "${aws_route53_zone.public-dev.zone_id}"
388
+ type = "A"
389
+ name = "dev-bastion"
390
+ ttl = "5"
391
+ records = ["${aws_eip.dev-bastion-ip.public_ip}"]
392
+ }
393
+
394
+ resource "aws_route53_record" "public-dev-dev-www-A" {
395
+ zone_id = "${aws_route53_zone.public-dev.zone_id}"
396
+ type = "A"
397
+ name = "dev-www"
398
+ ttl = "5"
399
+ records = ["${aws_eip.dev-www-ip.public_ip}"]
400
+ }
401
+
402
+ resource "aws_route53_zone" "private-dev" {
403
+ name = "dev"
404
+ vpc {
405
+ vpc_id = "${aws_vpc.dev-vpc.id}"
406
+ }
407
+ tags {
408
+ Name = "private-dev"
409
+ }
410
+ }
411
+
412
+ resource "aws_route53_record" "private-dev-bastion-A" {
413
+ zone_id = "${aws_route53_zone.private-dev.zone_id}"
414
+ type = "A"
415
+ name = "bastion"
416
+ ttl = "5"
417
+ records = ["${aws_instance.dev-bastion.private_ip}"]
418
+ }
419
+
420
+ resource "aws_route53_record" "private-dev-www-A" {
421
+ zone_id = "${aws_route53_zone.private-dev.zone_id}"
422
+ type = "A"
423
+ name = "www"
424
+ ttl = "5"
425
+ records = ["${aws_instance.dev-www-ec2.private_ip}"]
426
+ }
427
+
428
+ resource "aws_iam_role" "rds-monitoring-role" {
429
+ name = "rds-monitoring-role"
430
+ path = "/"
431
+ assume_role_policy = <<POLICY
432
+ {
433
+ "Version": "2012-10-17",
434
+ "Statement": [
435
+ {
436
+ "Sid": "",
437
+ "Effect": "Allow",
438
+ "Principal": {
439
+ "Service": "monitoring.rds.amazonaws.com"
440
+ },
441
+ "Action": "sts:AssumeRole"
442
+ }
443
+ ]
444
+ }
445
+ POLICY
446
+ }
447
+
448
+ resource "aws_iam_policy_attachment" "AmazonRDSEnhancedMonitoringRole-policy-attachment" {
449
+
450
+ name = "AmazonRDSEnhancedMonitoringRole-policy-attachment"
451
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
452
+ groups = []
453
+ users = []
454
+ roles = ["rds-monitoring-role"]
455
+ }
456
+
457
+ output "bastion_ip" {
458
+ value = "${aws_eip.dev-bastion-ip.public_ip}"
459
+ }
460
+
461
+ output "www_ip" {
462
+ value = "${aws_eip.dev-www-ip.public_ip}"
463
+ }
464
+
465
+ output "rds_master_endpoint" {
466
+ value = "${aws_db_instance.db-master.endpoint}"
467
+ }
468
+
469
+ output "rds_slave_endpoint" {
470
+ value = "${aws_db_instance.db-slave.endpoint}"
471
+ }
472
+