projects / awsible / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ignore amazon-linux ami release-candidate versions
[awsible] / infrastructure / modules / management-stack / management.tf
1 resource "aws_security_group" "management-elb" {
2 count = "${var.management_elb > 0 ? 1 : 0}"
3 vpc_id = "${var.vpc_id}"
4 name = "${var.management_service_name}-elb"
5 description = "${var.management_service_name} internal ELB"
6 }
7 resource "aws_security_group_rule" "management-elb-out-all" {
8 count = "${var.management_elb > 0 ? 1 : 0}"
9 security_group_id = "${aws_security_group.management-elb.id}"
10 type = "egress"
11 from_port = 0
12 to_port = 0
13 protocol = "all"
14 cidr_blocks = [ "0.0.0.0/0" ]
15 }
16 resource "aws_security_group_rule" "management-elb-in-ssh" {
17 count = "${var.management_elb > 0 ? 1 : 0}"
18 security_group_id = "${aws_security_group.management-elb.id}"
19 type = "ingress"
20 from_port = 22
21 to_port = 22
22 protocol = "tcp"
23 cidr_blocks = [ "0.0.0.0/0" ]
24 }
25
26 resource "aws_security_group" "management" {
27 vpc_id = "${var.vpc_id}"
28 name = "${var.management_service_name}"
29 description = "${var.management_service_name} service"
30 }
31 resource "aws_security_group_rule" "management-out-all" {
32 security_group_id = "${aws_security_group.management.id}"
33 type = "egress"
34 from_port = 0
35 to_port = 0
36 protocol = "all"
37 cidr_blocks = [ "0.0.0.0/0" ]
38 }
39 resource "aws_security_group_rule" "management-in-self" {
40 security_group_id = "${aws_security_group.management.id}"
41 type = "ingress"
42 from_port = 0
43 to_port = 0
44 protocol = "all"
45 self = true
46 }
47 resource "aws_security_group_rule" "management-in-elb" {
48 security_group_id = "${aws_security_group.management.id}"
49 type = "ingress"
50 from_port = 0
51 to_port = 0
52 protocol = "all"
53 source_security_group_id = "${aws_security_group.management-elb.id}"
54 }
55
56 resource "aws_elb" "management" {
57 count = "${var.management_elb > 0 ? 1 : 0}"
58 name = "${var.management_service_name}-int-elb"
59 security_groups = ["${aws_security_group.management-elb.id}"]
60 internal = true
61 listener {
62 instance_port = 22
63 instance_protocol = "TCP"
64 lb_port = 22
65 lb_protocol = "TCP"
66 }
67 health_check {
68 healthy_threshold = 3
69 unhealthy_threshold = 2
70 target = "TCP:22"
71 interval = 30
72 timeout = 10
73 }
74 idle_timeout = 600
75 subnets = ["${var.management_subnet_ids}"]
76 }
77
78 data "aws_ami" "amazon_linux" {
79 count = "${length(var.ami) > 0 ? 0 : 1}"
80 most_recent = true
81 owners = ["amazon"]
82 filter {
83 name = "name"
84 values = ["amzn-ami-hvm-*-gp2"]
85 }
86 filter {
87 name = "root-device-type"
88 values = ["ebs"]
89 }
90 # hack filter to ignore .rc- release candidate amis
91 name_regex = "amzn-ami-hvm-[^r]*-gp2"
92 }
93
94 data "aws_region" "current" {
95 current = true
96 }
97 data "template_file" "user_data" {
98 template = "${file("${path.module}/user-data.tpl")}"
99 vars {
100 region = "${data.aws_region.current.name}"
101 app_name = "${var.management_service_name}"
102 stack = ""
103 phase = "${var.phase}"
104 country = ""
105 cluster = "${var.management_service_name}-d0${var.phase}"
106 acct_name = "${var.acct_name}"
107 }
108 }
109
110 resource "aws_launch_configuration" "management" {
111 name_prefix = "${var.management_service_name}"
112 image_id = "${length(var.ami) > 0 ? var.ami : data.aws_ami.amazon_linux.image_id}"
113 instance_type = "${var.instance_type}"
114 iam_instance_profile = "${aws_iam_instance_profile.management.name}"
115 key_name = "${var.key_name}"
116 security_groups = ["${concat(var.security_group_ids, list(aws_security_group.management.id))}"]
117 associate_public_ip_address = false
118 user_data = "${data.template_file.user_data.rendered}"
119 lifecycle {
120 create_before_destroy = true
121 }
122 }
123
124 resource "aws_autoscaling_group" "management" {
125 name = "${var.management_service_name}"
126 launch_configuration = "${aws_launch_configuration.management.name}"
127 vpc_zone_identifier = ["${var.management_subnet_ids}"]
128 min_size = 0
129 max_size = "${length(var.management_subnet_ids)}"
130 default_cooldown = 10
131 health_check_type = "EC2"
132 load_balancers = ["${var.management_elb > 0 ? aws_elb.management.name : ""}"]
133 lifecycle {
134 create_before_destroy = true
135 }
136 tag {
137 propagate_at_launch = true
138 key = "module"
139 value = "${var.management_service_name}"
140 }
141 tag {
142 propagate_at_launch = true
143 key = "phase"
144 value = "${var.phase}"
145 }
146 }
147
148 resource "aws_autoscaling_notification" "management" {
149 group_names = ["${aws_autoscaling_group.management.name}"]
150 topic_arn = "${aws_sns_topic.management-events.arn}"
151 notifications = [
152 "autoscaling:EC2_INSTANCE_LAUNCH",
153 "autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
154 "autoscaling:EC2_INSTANCE_TERMINATE",
155 "autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
156 ]
157 }
158
159 data "aws_subnet" "management" {
160 count = "${length(var.management_subnet_ids)}"
161 id = "${element(var.management_subnet_ids, count.index)}"
162 }
163
164 resource "aws_ebs_volume" "management-data" {
165 count = "${length(var.management_subnet_ids) * var.management_data_efs}"
166 availability_zone = "${element(data.aws_subnet.management.*.availability_zone, count.index)}"
167 size = "${var.management_data_volume_size}"
168 type = "gp2"
169 tags {
170 module = "${var.management_service_name}"
171 }
172 }
173
174 resource "aws_efs_file_system" "management-data" {
175 count = "${var.management_data_efs}"
176 creation_token = "${var.management_service_name}-data"
177 tags {
178 Name = "${var.management_service_name}-data"
179 }
180 }
181
182 resource "aws_efs_mount_target" "management-data" {
183 count = "${length(var.management_subnet_ids) * var.management_data_efs}"
184 file_system_id = "${aws_efs_file_system.management-data.id}"
185 subnet_id = "${element(var.management_subnet_ids, count.index)}"
186 security_groups = ["${aws_security_group.management.id}"]
187 }
AWSible - Autonomous Ansible in AWS