From b07e4e1b18b1b9e5296c78d37f1c528e31274ae8 Mon Sep 17 00:00:00 2001
From: Daniel Tomlinson <dtomlinson@panaetius.co.uk>
Date: Wed, 29 Jul 2020 15:33:54 +0100
Subject: [PATCH] Creating single instance with db

eb create --single --database
---
 .ebextensions/04-environment.config  | 36 ++++++++--------
 documentation/steps.todo             | 31 +++++++++++++-
 infrastructure/main.tf               | 62 +++++++++++++++++++++-------
 infrastructure/outputs.tf            | 12 ++++++
 infrastructure/prod-eu-west-1.tfvars |  2 +-
 5 files changed, 109 insertions(+), 34 deletions(-)

diff --git a/.ebextensions/04-environment.config b/.ebextensions/04-environment.config
index 0d8cf9a..8485480 100644
--- a/.ebextensions/04-environment.config
+++ b/.ebextensions/04-environment.config
@@ -5,21 +5,21 @@ option_settings:
     value: true
   - option_name: STRAPI_LOG_LEVEL
     value: debug
-  - option_name: STRAPI_S3_ACCESS_KEY
-    value: AKIA23D4RF6OZWGDKV7W
-  - option_name: STRAPI_S3_SECRET_KEY
-    value: "4sb/fxewDGjMYLocjclPCWDm7JTBCYuFBjQAbbBR"
-  - option_name: STRAPI_S3_REGION
-    value: "eu-west-1"
-  - option_name: STRAPI_S3_BUCKET
-    value: "elb-example-bucket-cf"
-  - option_name: RDS_HOSTNAME
-    value: prod-strapi-elb.chgwfe43ss59.eu-west-1.rds.amazonaws.com
-  - option_name: RDS_PORT
-    value: 5432
-  - option_name: RDS_NAME
-    value: postgres
-  - option_name: RDS_USERNAME
-    value: mainuser
-  - option_name: RDS_PASSWORD
-    value: password
+  # - option_name: STRAPI_S3_ACCESS_KEY
+  #   value: AKIA23D4RF6OZWGDKV7W
+  # - option_name: STRAPI_S3_SECRET_KEY
+  #   value: "4sb/fxewDGjMYLocjclPCWDm7JTBCYuFBjQAbbBR"
+  # - option_name: STRAPI_S3_REGION
+  #   value: "eu-west-1"
+  # - option_name: STRAPI_S3_BUCKET
+  #   value: "elb-example-bucket-cf"
+  # - option_name: RDS_HOSTNAME
+  #   value: prod-strapi-elb.chgwfe43ss59.eu-west-1.rds.amazonaws.com
+  # - option_name: RDS_PORT
+  #   value: 5432
+  # - option_name: RDS_NAME
+  #   value: postgres
+  # - option_name: RDS_USERNAME
+  #   value: mainuser
+  # - option_name: RDS_PASSWORD
+  #   value: password
diff --git a/documentation/steps.todo b/documentation/steps.todo
index 632ce7a..26d524e 100644
--- a/documentation/steps.todo
+++ b/documentation/steps.todo
@@ -1,2 +1,31 @@
 Connecting external DB:
-    ☐ Create RDS using TF @important @today
+    ✔ Create RDS using TF @important @today @done (7/28/2020, 11:34:12 PM)
+
+RDS Config:
+    ☐ Try using `associate_security_group_ids` and creating a security group to allow all incoming traffic to the RDS instance.
+
+Deployments:
+    One:
+        ✔ Create S3 bucket for strapi s3. @done (7/29/2020, 2:07:55 PM)
+        ☐ Deploy TF with additional SG for DB.
+        ☐ Have TF produce outputs with everything needed.
+        ☐ Redeploy single instance with the EB config file with VPCs created.
+    Two:
+        ☐ Have SSL enabled for single instance.
+    Three:
+        ☐ Have SSL enabled for multiple instance.
+
+    Misc:
+        ☐ Have the EB instances on the private subnet.
+        ☐ Create a Gateway VPC endpoint: <https://docs.aws.amazon.com/vpc/latest/userguide/vpce-gateway.html>.
+
+Prod Steps:
+    ☐ Plan out the posts needed for the series.
+    This needs to be done at the same time as writing the site pages.
+    ☐ Create everything from scratch
+    Strapi:
+        ☐ Install from new.
+        ☐ Create TF files.
+        ☐ Initialise EB environment.
+        ☐ Deploy TF.
+        ☐ Deploy EB environment for single instance to start.
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
index 55d15c2..bdee806 100644
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@@ -13,10 +13,17 @@ locals {
   }
 }
 
+# Name
+
+module "name" {
+  source = "git::"
+
+}
+
 # Network
 
 module "vpc" {
-  source = "git::https://github.com/cloudposse/terraform-aws-vpc?ref=tags/0.14.0"
+  source = "git::https://github.com/cloudposse/terraform-aws-vpc.git?ref=tags/0.14.0"
   stage  = var.stage
   name   = var.name
 
@@ -25,7 +32,7 @@ module "vpc" {
 }
 
 module "subnets" {
-  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets?ref=tags/0.23.0"
+  source = "git::https://github.com/cloudposse/terraform-aws-dynamic-subnets.git?ref=tags/0.23.0"
   stage  = var.stage
   name   = var.name
 
@@ -37,6 +44,28 @@ module "subnets" {
   nat_instance_enabled = false
 }
 
+resource "aws_security_group" "ec2_security_group" {
+  name        = "${var.stage}-${var.name}-ec2_sg"
+  description = "Security group assigned to the Elastic Scaling group that is applied to the EC2 instances."
+  vpc_id      = module.vpc.vpc_id
+
+  ingress {
+    description = "HTTP"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [module.vpc.vpc_cidr_block]
+  }
+
+  ingress {
+    description = "HTTPS"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [module.vpc.vpc_cidr_block]
+  }
+}
+
 # RDS instance
 
 module "rds_instance" {
@@ -44,21 +73,26 @@ module "rds_instance" {
   stage  = var.stage
   name   = var.name
 
-  allocated_storage   = 5
-  database_name       = "postgres"
-  database_user       = "mainuser"
-  database_password   = "password"
-  database_port       = 5432
-  db_parameter_group  = "postgres12"
-  engine              = "postgres"
-  engine_version      = "12.3"
-  instance_class      = "db.t2.micro"
+  allocated_storage  = 5
+  database_name      = "postgres"
+  database_user      = "mainuser"
+  database_password  = "password"
+  database_port      = 5432
+  db_parameter_group = "postgres12"
+  engine             = "postgres"
+  engine_version     = "12.3"
+  instance_class     = "db.t2.micro"
+  # security_group_ids	=
   subnet_ids          = module.subnets.public_subnet_ids
   vpc_id              = module.vpc.vpc_id
   publicly_accessible = true
   tags                = local.tags
 }
 
-# Set maintenance window
-# subnet_ids and vpc_id required
-# need a security group for the DB with ingress rule allowing inbound from the autoscaler/EB security group (does a single instance have an SC?) - use 0.0.0.0 for initial creation then change the TF stack with the EB security group once it's created.
+# S3 bucket
+
+resource "aws_s3_bucket" "static_assets" {
+  bucket = "${var.stage}-${var.name}-strapi_uploads"
+  acl    = "private"
+  tags   = local.tags
+}
diff --git a/infrastructure/outputs.tf b/infrastructure/outputs.tf
index e69de29..b9d4017 100644
--- a/infrastructure/outputs.tf
+++ b/infrastructure/outputs.tf
@@ -0,0 +1,12 @@
+
+
+# S3
+output "s3_static_assets" {
+  value       = "resource.aws_s3_bucket.static_assets.id"
+  description = "Name of the static assets S3 bucket."
+}
+
+output "s3_static_assets" {
+  value       = "resource.aws_s3_bucket.static_assets.arn"
+  description = "ARN of the static assets S3 bucket."
+}
diff --git a/infrastructure/prod-eu-west-1.tfvars b/infrastructure/prod-eu-west-1.tfvars
index 5d72c46..90764fa 100644
--- a/infrastructure/prod-eu-west-1.tfvars
+++ b/infrastructure/prod-eu-west-1.tfvars
@@ -1,5 +1,5 @@
 # module
-name    = "strapi-elb"
+name    = "strapi-eb"
 region  = "eu-west-1"
 stage   = "prod"
 profile = "admin"