initial commit of replacement infrastructure automation

[awsible] / infrastructure / modules / management-stack / management.tf

diff --git a/infrastructure/modules/management-stack/management.tf b/infrastructure/modules/management-stack/management.tf
new file mode 100644 (file)
index 0000000..6efa19c
--- /dev/null
+++ b/infrastructure/modules/management-stack/management.tf
@@ -0,0 +1,185 @@
+resource "aws_security_group" "management-elb" {
+       count = "${var.management_elb > 0 ? 1 : 0}"
+       vpc_id = "${var.vpc_id}"
+       name = "${var.management_service_name}-elb"
+       description = "${var.management_service_name} internal ELB"
+}
+resource "aws_security_group_rule" "management-elb-out-all" {
+       count = "${var.management_elb > 0 ? 1 : 0}"
+       security_group_id = "${aws_security_group.management-elb.id}"
+       type = "egress"
+       from_port = 0
+       to_port = 0
+       protocol = "all"
+       cidr_blocks = [ "0.0.0.0/0" ]
+}
+resource "aws_security_group_rule" "management-elb-in-ssh" {
+       count = "${var.management_elb > 0 ? 1 : 0}"
+       security_group_id = "${aws_security_group.management-elb.id}"
+       type = "ingress"
+       from_port = 22
+       to_port = 22
+       protocol = "tcp"
+       cidr_blocks = [ "0.0.0.0/0" ]
+}
+
+resource "aws_security_group" "management" {
+       vpc_id = "${var.vpc_id}"
+       name = "${var.management_service_name}"
+       description = "${var.management_service_name} service"
+}
+resource "aws_security_group_rule" "management-out-all" {
+       security_group_id = "${aws_security_group.management.id}"
+       type = "egress"
+       from_port = 0
+       to_port = 0
+       protocol = "all"
+       cidr_blocks = [ "0.0.0.0/0" ]
+}
+resource "aws_security_group_rule" "management-in-self" {
+       security_group_id = "${aws_security_group.management.id}"
+       type = "ingress"
+       from_port = 0
+       to_port = 0
+       protocol = "all"
+       self = true
+}
+resource "aws_security_group_rule" "management-in-elb" {
+       security_group_id = "${aws_security_group.management.id}"
+       type = "ingress"
+       from_port = 0
+       to_port = 0
+       protocol = "all"
+       source_security_group_id = "${aws_security_group.management-elb.id}"
+}
+
+resource "aws_elb" "management" {
+       count = "${var.management_elb > 0 ? 1 : 0}"
+       name = "${var.management_service_name}-int-elb"
+       security_groups = ["${aws_security_group.management-elb.id}"]
+       internal = true
+       listener {
+               instance_port = 22
+               instance_protocol = "TCP"
+               lb_port = 22
+               lb_protocol = "TCP"
+       }
+       health_check {
+               healthy_threshold = 3
+               unhealthy_threshold = 2
+               target = "TCP:22"
+               interval = 30
+               timeout = 10
+       }
+       idle_timeout = 600
+       subnets = ["${var.management_subnet_ids}"]
+}
+
+data "aws_ami" "amazon_linux" {
+       count = "${length(var.ami) > 0 ? 0 : 1}"
+       most_recent = true
+       owners = ["amazon"]
+       filter {
+               name = "name"
+               values = ["amzn-ami-hvm-*-gp2"]
+       }
+       filter {
+               name = "root-device-type"
+               values = ["ebs"]
+       }
+}
+
+data "aws_region" "current" {
+       current = true
+}
+data "template_file" "user_data" {
+       template = "${file("${path.module}/user-data.tpl")}"
+       vars {
+               region = "${data.aws_region.current.name}"
+               app_name = "${var.management_service_name}"
+               stack = ""
+               phase = "${var.phase}"
+               country = ""
+               cluster = "${var.management_service_name}-d0${var.phase}"
+               acct_name = "${var.acct_name}"
+       }
+}
+
+resource "aws_launch_configuration" "management" {
+       name_prefix = "${var.management_service_name}"
+       image_id = "${length(var.ami) > 0 ? var.ami : data.aws_ami.amazon_linux.image_id}"
+       instance_type = "${var.instance_type}"
+       iam_instance_profile = "${aws_iam_instance_profile.management.name}"
+       key_name = "${var.key_name}"
+       security_groups = ["${concat(var.security_group_ids, list(aws_security_group.management.id))}"]
+       associate_public_ip_address = false
+       user_data = "${data.template_file.user_data.rendered}"
+       lifecycle {
+               create_before_destroy = true
+       }
+}
+
+resource "aws_autoscaling_group" "management" {
+       name = "${var.management_service_name}"
+       launch_configuration = "${aws_launch_configuration.management.name}"
+       vpc_zone_identifier = ["${var.management_subnet_ids}"]
+       min_size = 0
+       max_size = "${length(var.management_subnet_ids)}"
+       default_cooldown = 10
+       health_check_type = "EC2"
+       load_balancers = ["${var.management_elb > 0 ? aws_elb.management.name : ""}"]
+       lifecycle {
+               create_before_destroy = true
+       }
+       tag {
+               propagate_at_launch = true
+               key = "module"
+               value = "${var.management_service_name}"
+       }
+       tag {
+               propagate_at_launch = true
+               key = "phase"
+               value = "${var.phase}"
+       }
+}
+
+resource "aws_autoscaling_notification" "management" {
+       group_names = ["${aws_autoscaling_group.management.name}"]
+       topic_arn = "${aws_sns_topic.management-events.arn}"
+       notifications = [
+               "autoscaling:EC2_INSTANCE_LAUNCH",
+               "autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
+               "autoscaling:EC2_INSTANCE_TERMINATE",
+               "autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
+       ]
+}
+
+data "aws_subnet" "management" {
+       count = "${length(var.management_subnet_ids)}"
+       id = "${element(var.management_subnet_ids, count.index)}"
+}
+
+resource "aws_ebs_volume" "management-data" {
+       count = "${length(var.management_subnet_ids) * var.management_data_efs}"
+       availability_zone = "${element(data.aws_subnet.management.*.availability_zone, count.index)}"
+       size = "${var.management_data_volume_size}"
+       type = "gp2"
+       tags {
+               module = "${var.management_service_name}"
+       }
+}
+
+resource "aws_efs_file_system" "management-data" {
+       count = "${var.management_data_efs}"
+       creation_token = "${var.management_service_name}-data"
+       tags {
+               Name = "${var.management_service_name}-data"
+       }
+}
+
+resource "aws_efs_mount_target" "management-data" {
+       count = "${length(var.management_subnet_ids) * var.management_data_efs}"
+       file_system_id = "${aws_efs_file_system.management-data.id}"
+       subnet_id = "${element(var.management_subnet_ids, count.index)}"
+       security_groups = ["${aws_security_group.management.id}"]
+}