kybernus 2.2.0 → 2.3.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kybernus",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "type": "module",
   "description": "The Ultimate Scaffolding CLI for Modern Developers",
   "main": "dist/index.js",

package/templates/java-spring/clean/infra/main.tf.hbs

@@ -5,9 +5,13 @@ terraform {
 
   required_providers {
     aws = {
-      source = "hashicorp/aws"
+      source  = "hashicorp/aws"
       version = "~> 5.0"
     }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5"
+    }
   }
 
 # Uncomment for remote state (recommended for production)
@@ -27,27 +31,27 @@ provider "aws" {
 # Variables
 variable "aws_region" {
   description = "AWS region"
-  type = string
-  default = "us-east-1"
+  type        = string
+  default     = "us-east-1"
 }
 
 variable "environment" {
   description = "Environment name (dev, staging, prod)"
-  type = string
-  default = "dev"
+  type        = string
+  default     = "dev"
 }
 
 variable "app_name" {
   description = "Application name"
-  type = string
-  default = "{{projectNameKebabCase}}"
+  type        = string
+  default     = "{{projectNameKebabCase}}"
 }
 
 # VPC
 module "vpc" {
   source = "./modules/vpc"
 
-  app_name = var.app_name
+  app_name    = var.app_name
   environment = var.environment
 }
 
@@ -55,29 +59,49 @@ module "vpc" {
 module "ecs" {
   source = "./modules/ecs"
 
-  app_name = var.app_name
-  environment = var.environment
-  vpc_id = module.vpc.vpc_id
-  subnet_ids = module.vpc.private_subnet_ids
+  app_name                    = var.app_name
+  environment                 = var.environment
+  vpc_id                      = module.vpc.vpc_id
+  public_subnet_ids           = module.vpc.public_subnet_ids
+  private_subnet_ids          = module.vpc.private_subnet_ids
+  alb_security_group_id       = module.vpc.alb_security_group_id
+  ecs_tasks_security_group_id = module.vpc.ecs_tasks_security_group_id
 }
 
 # RDS PostgreSQL
 module "rds" {
   source = "./modules/rds"
 
-  app_name = var.app_name
-  environment = var.environment
-  vpc_id = module.vpc.vpc_id
-  subnet_ids = module.vpc.private_subnet_ids
+  app_name          = var.app_name
+  environment       = var.environment
+  vpc_id            = module.vpc.vpc_id
+  subnet_ids        = module.vpc.private_subnet_ids
   security_group_id = module.vpc.db_security_group_id
 }
 
 # Outputs
+output "vpc_id" {
+  value = module.vpc.vpc_id
+}
+
 output "ecs_cluster_name" {
   value = module.ecs.cluster_name
 }
 
+output "ecr_repository_url" {
+  value = module.ecs.ecr_repository_url
+}
+
+output "alb_dns_name" {
+  value       = module.ecs.alb_dns_name
+  description = "The DNS name of the ALB to access the application"
+}
+
 output "rds_endpoint" {
-  value = module.rds.endpoint
+  value     = module.rds.endpoint
   sensitive = true
-}
+}
+
+output "db_name" {
+  value = module.rds.db_name
+}

package/templates/java-spring/clean/infra/modules/ecs/main.tf.hbs

@@ -12,21 +12,54 @@ variable "vpc_id" {
   type = string
 }
 
-variable "subnet_ids" {
+variable "public_subnet_ids" {
   type = list(string)
 }
 
+variable "private_subnet_ids" {
+  type = list(string)
+}
+
+variable "alb_security_group_id" {
+  type = string
+}
+
+variable "ecs_tasks_security_group_id" {
+  type = string
+}
+
+variable "container_port" {
+  type    = number
+  default = 3000
+}
+
+# ECR Repository
+resource "aws_ecr_repository" "app" {
+  name                 = "${var.app_name}-${var.environment}"
+  image_tag_mutability = "MUTABLE"
+  force_delete         = true
+
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}"
+    Environment = var.environment
+  }
+}
+
 # ECS Cluster
 resource "aws_ecs_cluster" "main" {
   name = "${var.app_name}-${var.environment}"
 
   setting {
-    name = "containerInsights"
+    name  = "containerInsights"
     value = "enabled"
   }
 
   tags = {
-    Name = "${var.app_name}-${var.environment}"
+    Name        = "${var.app_name}-${var.environment}"
     Environment = var.environment
   }
 }
@@ -38,12 +71,182 @@ resource "aws_ecs_cluster_capacity_providers" "main" {
   capacity_providers = ["FARGATE", "FARGATE_SPOT"]
 
   default_capacity_provider_strategy {
-    base = 1
-    weight = 100
+    base              = 1
+    weight            = 100
     capacity_provider = "FARGATE"
   }
 }
 
+# Application Load Balancer
+resource "aws_lb" "main" {
+  name               = "${var.app_name}-${var.environment}-alb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [var.alb_security_group_id]
+  subnets            = var.public_subnet_ids
+
+  enable_deletion_protection = false
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-alb"
+    Environment = var.environment
+  }
+}
+
+# ALB Target Group
+resource "aws_lb_target_group" "app" {
+  name        = "${var.app_name}-${var.environment}-tg"
+  port        = var.container_port
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+  target_type = "ip"
+
+  health_check {
+    path                = "/health"
+    healthy_threshold   = 2
+    unhealthy_threshold = 10
+    timeout             = 30
+    interval            = 40
+    matcher             = "200-399"
+  }
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-tg"
+    Environment = var.environment
+  }
+}
+
+# ALB Listener (HTTP)
+resource "aws_lb_listener" "http" {
+  load_balancer_arn = aws_lb.main.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.app.arn
+  }
+}
+
+# CloudWatch Log Group for ECS
+resource "aws_cloudwatch_log_group" "ecs" {
+  name              = "/ecs/${var.app_name}-${var.environment}"
+  retention_in_days = 14
+
+  tags = {
+    Environment = var.environment
+  }
+}
+
+# IAM Role for ECS Task Execution
+resource "aws_iam_role" "ecs_task_execution_role" {
+  name = "${var.app_name}-${var.environment}-ecs-execution-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "ecs-tasks.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_task_execution_role_policy" {
+  role       = aws_iam_role.ecs_task_execution_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+}
+
+# IAM Role for ECS Task (the application itself)
+resource "aws_iam_role" "ecs_task_role" {
+  name = "${var.app_name}-${var.environment}-ecs-task-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "ecs-tasks.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+# ECS Task Definition
+resource "aws_ecs_task_definition" "app" {
+  family                   = "${var.app_name}-${var.environment}"
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  cpu                      = 256
+  memory                   = 512
+  execution_role_arn       = aws_iam_role.ecs_task_execution_role.arn
+  task_role_arn            = aws_iam_role.ecs_task_role.arn
+
+  container_definitions = jsonencode([
+    {
+      name      = "${var.app_name}"
+      image     = "${aws_ecr_repository.app.repository_url}:latest"
+      essential = true
+      
+      portMappings = [
+        {
+          containerPort = var.container_port
+          hostPort      = var.container_port
+          protocol      = "tcp"
+        }
+      ]
+
+      environment = [
+        { name = "NODE_ENV", value = var.environment == "prod" ? "production" : "development" },
+        { name = "PORT", value = tostring(var.container_port) }
+      ]
+
+      # Note: Add Secrets (like DB passwords) via SSM Parameter Store dynamically in a real deployment
+      
+      logConfiguration = {
+        logDriver = "awslogs"
+        options = {
+          "awslogs-group"         = aws_cloudwatch_log_group.ecs.name
+          "awslogs-region"        = "us-east-1"
+          "awslogs-stream-prefix" = "ecs"
+        }
+      }
+    }
+  ])
+}
+
+# ECS Service
+resource "aws_ecs_service" "app" {
+  name            = "${var.app_name}-${var.environment}"
+  cluster         = aws_ecs_cluster.main.id
+  task_definition = aws_ecs_task_definition.app.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    subnets          = var.private_subnet_ids
+    security_groups  = [var.ecs_tasks_security_group_id]
+    assign_public_ip = false
+  }
+
+  load_balancer {
+    target_group_arn = aws_lb_target_group.app.arn
+    container_name   = "${var.app_name}"
+    container_port   = var.container_port
+  }
+
+  depends_on = [
+    aws_lb_listener.http
+  ]
+}
+
 # Outputs
 output "cluster_name" {
   value = aws_ecs_cluster.main.name
@@ -51,4 +254,12 @@ output "cluster_name" {
 
 output "cluster_arn" {
   value = aws_ecs_cluster.main.arn
-}
+}
+
+output "ecr_repository_url" {
+  value = aws_ecr_repository.app.repository_url
+}
+
+output "alb_dns_name" {
+  value = aws_lb.main.dns_name
+}

package/templates/java-spring/clean/infra/modules/rds/main.tf.hbs

@@ -22,11 +22,11 @@ variable "security_group_id" {
 
 # DB Subnet Group
 resource "aws_db_subnet_group" "main" {
-  name = "${var.app_name}-${var.environment}"
+  name       = "${var.app_name}-${var.environment}"
   subnet_ids = var.subnet_ids
 
   tags = {
-    Name = "${var.app_name}-${var.environment}"
+    Name        = "${var.app_name}-${var.environment}"
     Environment = var.environment
   }
 }
@@ -35,43 +35,43 @@ resource "aws_db_subnet_group" "main" {
 resource "aws_db_instance" "main" {
   identifier = "${var.app_name}-${var.environment}"
 
-  engine = "postgres"
+  engine         = "postgres"
   engine_version = "16"
   instance_class = "db.t3.micro"
 
-  allocated_storage = 20
+  allocated_storage     = 20
   max_allocated_storage = 100
-  storage_type = "gp3"
-  storage_encrypted = true
+  storage_type          = "gp3"
+  storage_encrypted     = true
 
-  db_name = replace(var.app_name, "-", "_")
+  db_name  = replace(var.app_name, "-", "_")
   username = "postgres"
   password = random_password.db_password.result
 
-  db_subnet_group_name = aws_db_subnet_group.main.name
+  db_subnet_group_name   = aws_db_subnet_group.main.name
   vpc_security_group_ids = [var.security_group_id]
 
   backup_retention_period = 7
-  skip_final_snapshot = var.environment != "prod"
+  skip_final_snapshot     = var.environment != "prod"
 
   tags = {
-    Name = "${var.app_name}-${var.environment}"
+    Name        = "${var.app_name}-${var.environment}"
     Environment = var.environment
   }
 }
 
 # Random password for DB
 resource "random_password" "db_password" {
-  length = 32
+  length  = 32
   special = false
 }
 
 # Store password in SSM
 resource "aws_ssm_parameter" "db_password" {
-  name = "/${var.app_name}/${var.environment}/db-password"
+  name        = "/${var.app_name}/${var.environment}/db-password"
   description = "Database password for ${var.app_name}"
-  type = "SecureString"
-  value = random_password.db_password.result
+  type        = "SecureString"
+  value       = random_password.db_password.result
 
   tags = {
     Environment = var.environment
@@ -85,4 +85,4 @@ output "endpoint" {
 
 output "db_name" {
   value = aws_db_instance.main.db_name
-}
+}

package/templates/java-spring/clean/infra/modules/vpc/main.tf.hbs

@@ -10,81 +10,213 @@ variable "environment" {
 
 # VPC
 resource "aws_vpc" "main" {
-  cidr_block = "10.0.0.0/16"
+  cidr_block           = "10.0.0.0/16"
   enable_dns_hostnames = true
-  enable_dns_support = true
+  enable_dns_support   = true
 
   tags = {
-    Name = "${var.app_name}-${var.environment}-vpc"
+    Name        = "${var.app_name}-${var.environment}-vpc"
     Environment = var.environment
   }
 }
 
+# Internet Gateway
+resource "aws_internet_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-igw"
+    Environment = var.environment
+  }
+}
+
+# Data source for AZs
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
 # Public Subnets
 resource "aws_subnet" "public" {
-  count = 2
+  count                   = 2
+  vpc_id                  = aws_vpc.main.id
+  cidr_block              = "10.0.${count.index + 1}.0/24"
+  availability_zone       = data.aws_availability_zones.available.names[count.index]
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-public-${count.index + 1}"
+    Environment = var.environment
+  }
+}
+
+# Route Table for Public Subnets
+resource "aws_route_table" "public" {
   vpc_id = aws_vpc.main.id
-  cidr_block = "10.0.${count.index + 1}.0/24"
-  availability_zone = data.aws_availability_zones.available.names[count.index]
 
-  map_public_ip_on_launch = true
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.main.id
+  }
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-public-rt"
+    Environment = var.environment
+  }
+}
+
+# Association for Public Subnets
+resource "aws_route_table_association" "public" {
+  count          = 2
+  subnet_id      = aws_subnet.public[count.index].id
+  route_table_id = aws_route_table.public.id
+}
+
+# Elastic IP for NAT Gateway
+resource "aws_eip" "nat" {
+  count  = 1
+  domain = "vpc"
 
   tags = {
-    Name = "${var.app_name}-${var.environment}-public-${count.index + 1}"
+    Name        = "${var.app_name}-${var.environment}-nat-eip"
+    Environment = var.environment
+  }
+}
+
+# NAT Gateway (single NAT for cost savings, can change to 1 per AZ for production if needed)
+resource "aws_nat_gateway" "main" {
+  count         = 1
+  allocation_id = aws_eip.nat[0].id
+  subnet_id     = aws_subnet.public[0].id
+
+  depends_on = [aws_internet_gateway.main]
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-nat"
     Environment = var.environment
   }
 }
 
 # Private Subnets
 resource "aws_subnet" "private" {
-  count = 2
-  vpc_id = aws_vpc.main.id
-  cidr_block = "10.0.${count.index + 10}.0/24"
+  count             = 2
+  vpc_id            = aws_vpc.main.id
+  cidr_block        = "10.0.${count.index + 10}.0/24"
   availability_zone = data.aws_availability_zones.available.names[count.index]
 
   tags = {
-    Name = "${var.app_name}-${var.environment}-private-${count.index + 1}"
+    Name        = "${var.app_name}-${var.environment}-private-${count.index + 1}"
     Environment = var.environment
   }
 }
 
-# Internet Gateway
-resource "aws_internet_gateway" "main" {
+# Route Table for Private Subnets
+resource "aws_route_table" "private" {
   vpc_id = aws_vpc.main.id
 
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.main[0].id
+  }
+
   tags = {
-    Name = "${var.app_name}-${var.environment}-igw"
+    Name        = "${var.app_name}-${var.environment}-private-rt"
     Environment = var.environment
   }
 }
 
-# Data source for AZs
-data "aws_availability_zones" "available" {
-  state = "available"
+# Association for Private Subnets
+resource "aws_route_table_association" "private" {
+  count          = 2
+  subnet_id      = aws_subnet.private[count.index].id
+  route_table_id = aws_route_table.private.id
+}
+
+# Security Group for Load Balancer (ALB)
+resource "aws_security_group" "alb" {
+  name        = "${var.app_name}-${var.environment}-alb-sg"
+  description = "Security group for ALB"
+  vpc_id      = aws_vpc.main.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow HTTP from anywhere"
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow HTTPS from anywhere"
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-alb-sg"
+    Environment = var.environment
+  }
 }
 
-# Security Group for DB
+# Security Group for ECS Tasks
+resource "aws_security_group" "ecs_tasks" {
+  name        = "${var.app_name}-${var.environment}-ecs-tasks-sg"
+  description = "Security group for ECS tasks"
+  vpc_id      = aws_vpc.main.id
+
+  ingress {
+    from_port       = 0
+    to_port         = 0
+    protocol        = "-1"
+    security_groups = [aws_security_group.alb.id]
+    description     = "Allow all traffic from ALB"
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+    description = "Allow all outbound traffic"
+  }
+
+  tags = {
+    Name        = "${var.app_name}-${var.environment}-ecs-tasks-sg"
+    Environment = var.environment
+  }
+}
+
+# Security Group for Database (RDS)
 resource "aws_security_group" "db" {
-  name = "${var.app_name}-${var.environment}-db-sg"
+  name        = "${var.app_name}-${var.environment}-db-sg"
   description = "Security group for database"
-  vpc_id = aws_vpc.main.id
+  vpc_id      = aws_vpc.main.id
 
   ingress {
-    from_port = 5432
-    to_port = 5432
-    protocol = "tcp"
-    cidr_blocks = ["10.0.0.0/16"]
+    from_port       = 5432
+    to_port         = 5432
+    protocol        = "tcp"
+    security_groups = [aws_security_group.ecs_tasks.id]
+    description     = "Allow PostgreSQL access from ECS tasks"
   }
 
   egress {
-    from_port = 0
-    to_port = 0
-    protocol = "-1"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
   }
 
   tags = {
-    Name = "${var.app_name}-${var.environment}-db-sg"
+    Name        = "${var.app_name}-${var.environment}-db-sg"
     Environment = var.environment
   }
 }
@@ -104,4 +236,12 @@ output "private_subnet_ids" {
 
 output "db_security_group_id" {
   value = aws_security_group.db.id
-}
+}
+
+output "alb_security_group_id" {
+  value = aws_security_group.alb.id
+}
+
+output "ecs_tasks_security_group_id" {
+  value = aws_security_group.ecs_tasks.id
+}