From 149a5a199d0931d1c64cc1d1180989e09212830a Mon Sep 17 00:00:00 2001 From: Daniel Tomlinson Date: Thu, 30 Jul 2020 01:20:16 +0100 Subject: [PATCH] Updating single instance --- .ebextensions/04-environment.config | 28 ++++++++-------- .ebextensions/07-custom-vpc.config | 2 +- infrastructure/main.tf | 50 ++++++++++++++++++++--------- infrastructure/outputs.tf | 14 ++++---- 4 files changed, 58 insertions(+), 36 deletions(-) diff --git a/.ebextensions/04-environment.config b/.ebextensions/04-environment.config index 8485480..f8b7a8d 100644 --- a/.ebextensions/04-environment.config +++ b/.ebextensions/04-environment.config @@ -9,17 +9,17 @@ option_settings: # value: AKIA23D4RF6OZWGDKV7W # - option_name: STRAPI_S3_SECRET_KEY # value: "4sb/fxewDGjMYLocjclPCWDm7JTBCYuFBjQAbbBR" - # - option_name: STRAPI_S3_REGION - # value: "eu-west-1" - # - option_name: STRAPI_S3_BUCKET - # value: "elb-example-bucket-cf" - # - option_name: RDS_HOSTNAME - # value: prod-strapi-elb.chgwfe43ss59.eu-west-1.rds.amazonaws.com - # - option_name: RDS_PORT - # value: 5432 - # - option_name: RDS_NAME - # value: postgres - # - option_name: RDS_USERNAME - # value: mainuser - # - option_name: RDS_PASSWORD - # value: password + - option_name: STRAPI_S3_REGION + value: "eu-west-1" + - option_name: STRAPI_S3_BUCKET + value: "prod-strapi-eb-strapi-uploads" + - option_name: RDS_HOSTNAME + value: prod-strapi-eb.chgwfe43ss59.eu-west-1.rds.amazonaws.com + - option_name: RDS_PORT + value: 5432 + - option_name: RDS_NAME + value: postgres + - option_name: RDS_USERNAME + value: mainuser + - option_name: RDS_PASSWORD + value: password diff --git a/.ebextensions/07-custom-vpc.config b/.ebextensions/07-custom-vpc.config index b948e6a..c67e2b0 100644 --- a/.ebextensions/07-custom-vpc.config +++ b/.ebextensions/07-custom-vpc.config @@ -6,7 +6,7 @@ option_settings: # DBSubnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58" # ELBSubnets: "subnet-0b17872a2b9315fad,subnet-0342e8a0a77b30e23,subnet-0eacb84d238279a58" aws:autoscaling:launchconfiguration: - SecurityGroups: sg-07a97fc88ba143f26 + SecurityGroups: sg-087f33381c535528b # aws:elbv2:loadbalancer: # ManagedSecurityGroup: sg-0e6f91df2ed07050a # SecurityGroups: sg-0e6f91df2ed07050a diff --git a/infrastructure/main.tf b/infrastructure/main.tf index 9844fd7..00d59bb 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -8,7 +8,7 @@ provider "aws" { # tags locals { tags = { - "Project" = "strapi-elb" + "Project" = "strapi-eb" "Description" = "Terraform resources for strapi in Elastic Beanstalk" } } @@ -19,6 +19,7 @@ module "vpc" { source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.14.0" stage = var.stage name = var.name + tags = local.tags cidr_block = "172.16.0.0/16" enable_default_security_group_with_custom_rules = false @@ -28,6 +29,7 @@ module "subnets" { source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.23.0" stage = var.stage name = var.name + tags = local.tags availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] vpc_id = module.vpc.vpc_id @@ -41,6 +43,7 @@ resource "aws_security_group" "ec2_security_group" { name = "${var.stage}-${var.name}-ec2_sg" description = "Security group assigned to the Elastic Scaling group that is applied to the EC2 instances." vpc_id = module.vpc.vpc_id + tags = local.tags ingress { description = "HTTP" @@ -67,27 +70,44 @@ resource "aws_security_group" "ec2_security_group" { } } +resource "aws_security_group" "rds_security_group_public" { + name = "${var.stage}-${var.name}-rds_public_sg" + description = "Security group for the RDS instance that allows public access from the internet." + vpc_id = module.vpc.vpc_id + tags = local.tags + + ingress { + description = "Incoming Postgres" + from_port = 5432 + to_port = 5432 + protocol = "tcp" + cidr_blocks = ["82.6.205.148/32"] + } +} + # RDS instance module "rds_instance" { source = "git::https://github.com/cloudposse/terraform-aws-rds.git?ref=tags/0.20.0" stage = var.stage name = var.name + tags = local.tags - allocated_storage = 5 - database_name = "postgres" - database_user = "mainuser" - database_password = "password" - database_port = 5432 - db_parameter_group = "postgres12" - engine = "postgres" - engine_version = "12.3" - instance_class = "db.t2.micro" - security_group_ids = [aws_security_group.ec2_security_group.id] - subnet_ids = module.subnets.public_subnet_ids - vpc_id = module.vpc.vpc_id - publicly_accessible = true - tags = local.tags + allocated_storage = 5 + database_name = "postgres" + database_user = "mainuser" + database_password = "password" + database_port = 5432 + db_parameter_group = "postgres12" + engine = "postgres" + engine_version = "12.3" + instance_class = "db.t2.micro" + + security_group_ids = [aws_security_group.ec2_security_group.id] + associate_security_group_ids = [aws_security_group.rds_security_group_public.id] + subnet_ids = module.subnets.public_subnet_ids + vpc_id = module.vpc.vpc_id + publicly_accessible = true } # S3 bucket diff --git a/infrastructure/outputs.tf b/infrastructure/outputs.tf index 5825363..2f8f63e 100644 --- a/infrastructure/outputs.tf +++ b/infrastructure/outputs.tf @@ -1,17 +1,19 @@ # S3 output "s3_static_assets_id" { - value = resource.aws_s3_bucket.static_assets.id + value = aws_s3_bucket.static_assets.id description = "Name of the static assets S3 bucket." } -output "s3_static_assets_arn" { - value = resource.aws_s3_bucket.static_assets.arn - description = "ARN of the static assets S3 bucket." -} - # Security groups output "aws_security_group_ec2_security_group" { value = aws_security_group.ec2_security_group.id description = "Security group for the EC2 instances applied by the Elastic Scaler." } + +# RDS + +output "rds_instance_endpoint" { + value = module.rds_instance.instance_endpoint + description = "Endpoint of the RDS instance." +}