git.squeep.com Git - awsible/blob - infrastructure/modules/management-stack/management.tf

   1 resource "aws_security_group" "management-elb" {
   2         count = "${var.management_elb > 0 ? 1 : 0}"
   3         vpc_id = "${var.vpc_id}"
   4         name = "${var.management_service_name}-elb"
   5         description = "${var.management_service_name} internal ELB"
   6 }
   7 resource "aws_security_group_rule" "management-elb-out-all" {
   8         count = "${var.management_elb > 0 ? 1 : 0}"
   9         security_group_id = "${aws_security_group.management-elb.id}"
  10         type = "egress"
  11         from_port = 0
  12         to_port = 0
  13         protocol = "all"
  14         cidr_blocks = [ "0.0.0.0/0" ]
  15 }
  16 resource "aws_security_group_rule" "management-elb-in-ssh" {
  17         count = "${var.management_elb > 0 ? 1 : 0}"
  18         security_group_id = "${aws_security_group.management-elb.id}"
  19         type = "ingress"
  20         from_port = 22
  21         to_port = 22
  22         protocol = "tcp"
  23         cidr_blocks = [ "0.0.0.0/0" ]
  24 }
  25
  26 resource "aws_security_group" "management" {
  27         vpc_id = "${var.vpc_id}"
  28         name = "${var.management_service_name}"
  29         description = "${var.management_service_name} service"
  30 }
  31 resource "aws_security_group_rule" "management-out-all" {
  32         security_group_id = "${aws_security_group.management.id}"
  33         type = "egress"
  34         from_port = 0
  35         to_port = 0
  36         protocol = "all"
  37         cidr_blocks = [ "0.0.0.0/0" ]
  38 }
  39 resource "aws_security_group_rule" "management-in-self" {
  40         security_group_id = "${aws_security_group.management.id}"
  41         type = "ingress"
  42         from_port = 0
  43         to_port = 0
  44         protocol = "all"
  45         self = true
  46 }
  47 resource "aws_security_group_rule" "management-in-elb" {
  48         security_group_id = "${aws_security_group.management.id}"
  49         type = "ingress"
  50         from_port = 0
  51         to_port = 0
  52         protocol = "all"
  53         source_security_group_id = "${aws_security_group.management-elb.id}"
  54 }
  55
  56 resource "aws_elb" "management" {
  57         count = "${var.management_elb > 0 ? 1 : 0}"
  58         name = "${var.management_service_name}-int-elb"
  59         security_groups = ["${aws_security_group.management-elb.id}"]
  60         internal = true
  61         listener {
  62                 instance_port = 22
  63                 instance_protocol = "TCP"
  64                 lb_port = 22
  65                 lb_protocol = "TCP"
  66         }
  67         health_check {
  68                 healthy_threshold = 3
  69                 unhealthy_threshold = 2
  70                 target = "TCP:22"
  71                 interval = 30
  72                 timeout = 10
  73         }
  74         idle_timeout = 600
  75         subnets = ["${var.management_subnet_ids}"]
  76 }
  77
  78 data "aws_ami" "amazon_linux" {
  79         count = "${length(var.ami) > 0 ? 0 : 1}"
  80         most_recent = true
  81         owners = ["amazon"]
  82         filter {
  83                 name = "name"
  84                 values = ["amzn-ami-hvm-*-gp2"]
  85         }
  86         filter {
  87                 name = "root-device-type"
  88                 values = ["ebs"]
  89         }
  90 }
  91
  92 data "aws_region" "current" {
  93         current = true
  94 }
  95 data "template_file" "user_data" {
  96         template = "${file("${path.module}/user-data.tpl")}"
  97         vars {
  98                 region = "${data.aws_region.current.name}"
  99                 app_name = "${var.management_service_name}"
 100                 stack = ""
 101                 phase = "${var.phase}"
 102                 country = ""
 103                 cluster = "${var.management_service_name}-d0${var.phase}"
 104                 acct_name = "${var.acct_name}"
 105         }
 106 }
 107
 108 resource "aws_launch_configuration" "management" {
 109         name_prefix = "${var.management_service_name}"
 110         image_id = "${length(var.ami) > 0 ? var.ami : data.aws_ami.amazon_linux.image_id}"
 111         instance_type = "${var.instance_type}"
 112         iam_instance_profile = "${aws_iam_instance_profile.management.name}"
 113         key_name = "${var.key_name}"
 114         security_groups = ["${concat(var.security_group_ids, list(aws_security_group.management.id))}"]
 115         associate_public_ip_address = false
 116         user_data = "${data.template_file.user_data.rendered}"
 117         lifecycle {
 118                 create_before_destroy = true
 119         }
 120 }
 121
 122 resource "aws_autoscaling_group" "management" {
 123         name = "${var.management_service_name}"
 124         launch_configuration = "${aws_launch_configuration.management.name}"
 125         vpc_zone_identifier = ["${var.management_subnet_ids}"]
 126         min_size = 0
 127         max_size = "${length(var.management_subnet_ids)}"
 128         default_cooldown = 10
 129         health_check_type = "EC2"
 130         load_balancers = ["${var.management_elb > 0 ? aws_elb.management.name : ""}"]
 131         lifecycle {
 132                 create_before_destroy = true
 133         }
 134         tag {
 135                 propagate_at_launch = true
 136                 key = "module"
 137                 value = "${var.management_service_name}"
 138         }
 139         tag {
 140                 propagate_at_launch = true
 141                 key = "phase"
 142                 value = "${var.phase}"
 143         }
 144 }
 145
 146 resource "aws_autoscaling_notification" "management" {
 147         group_names = ["${aws_autoscaling_group.management.name}"]
 148         topic_arn = "${aws_sns_topic.management-events.arn}"
 149         notifications = [
 150                 "autoscaling:EC2_INSTANCE_LAUNCH",
 151                 "autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
 152                 "autoscaling:EC2_INSTANCE_TERMINATE",
 153                 "autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
 154         ]
 155 }
 156
 157 data "aws_subnet" "management" {
 158         count = "${length(var.management_subnet_ids)}"
 159         id = "${element(var.management_subnet_ids, count.index)}"
 160 }
 161
 162 resource "aws_ebs_volume" "management-data" {
 163         count = "${length(var.management_subnet_ids) * var.management_data_efs}"
 164         availability_zone = "${element(data.aws_subnet.management.*.availability_zone, count.index)}"
 165         size = "${var.management_data_volume_size}"
 166         type = "gp2"
 167         tags {
 168                 module = "${var.management_service_name}"
 169         }
 170 }
 171
 172 resource "aws_efs_file_system" "management-data" {
 173         count = "${var.management_data_efs}"
 174         creation_token = "${var.management_service_name}-data"
 175         tags {
 176                 Name = "${var.management_service_name}-data"
 177         }
 178 }
 179
 180 resource "aws_efs_mount_target" "management-data" {
 181         count = "${length(var.management_subnet_ids) * var.management_data_efs}"
 182         file_system_id = "${aws_efs_file_system.management-data.id}"
 183         subnet_id = "${element(var.management_subnet_ids, count.index)}"
 184         security_groups = ["${aws_security_group.management.id}"]
 185 }