X-Git-Url: http://git.squeep.com/?p=awsible;a=blobdiff_plain;f=infrastructure%2Fmodules%2Fmanagement-stack%2Fmanagement.tf;fp=infrastructure%2Fmodules%2Fmanagement-stack%2Fmanagement.tf;h=6efa19c13cf9cfa52a6e308a254d14d2d3281d9d;hp=0000000000000000000000000000000000000000;hb=8576668075ca95e44481d9c9ed29d7e6af024bdc;hpb=933c48ff1e134168de3aaa2d20e4d43c13d04928

diff --git a/infrastructure/modules/management-stack/management.tf b/infrastructure/modules/management-stack/management.tf
new file mode 100644
index 0000000..6efa19c
--- /dev/null
+++ b/infrastructure/modules/management-stack/management.tf
@@ -0,0 +1,185 @@
+resource "aws_security_group" "management-elb" {
+	count = "${var.management_elb > 0 ? 1 : 0}"
+	vpc_id = "${var.vpc_id}"
+	name = "${var.management_service_name}-elb"
+	description = "${var.management_service_name} internal ELB"
+}
+resource "aws_security_group_rule" "management-elb-out-all" {
+	count = "${var.management_elb > 0 ? 1 : 0}"
+	security_group_id = "${aws_security_group.management-elb.id}"
+	type = "egress"
+	from_port = 0
+	to_port = 0
+	protocol = "all"
+	cidr_blocks = [ "0.0.0.0/0" ]
+}
+resource "aws_security_group_rule" "management-elb-in-ssh" {
+	count = "${var.management_elb > 0 ? 1 : 0}"
+	security_group_id = "${aws_security_group.management-elb.id}"
+	type = "ingress"
+	from_port = 22
+	to_port = 22
+	protocol = "tcp"
+	cidr_blocks = [ "0.0.0.0/0" ]
+}
+
+resource "aws_security_group" "management" {
+	vpc_id = "${var.vpc_id}"
+	name = "${var.management_service_name}"
+	description = "${var.management_service_name} service"
+}
+resource "aws_security_group_rule" "management-out-all" {
+	security_group_id = "${aws_security_group.management.id}"
+	type = "egress"
+	from_port = 0
+	to_port = 0
+	protocol = "all"
+	cidr_blocks = [ "0.0.0.0/0" ]
+}
+resource "aws_security_group_rule" "management-in-self" {
+	security_group_id = "${aws_security_group.management.id}"
+	type = "ingress"
+	from_port = 0
+	to_port = 0
+	protocol = "all"
+	self = true
+}
+resource "aws_security_group_rule" "management-in-elb" {
+	security_group_id = "${aws_security_group.management.id}"
+	type = "ingress"
+	from_port = 0
+	to_port = 0
+	protocol = "all"
+	source_security_group_id = "${aws_security_group.management-elb.id}"
+}
+
+resource "aws_elb" "management" {
+	count = "${var.management_elb > 0 ? 1 : 0}"
+	name = "${var.management_service_name}-int-elb"
+	security_groups = ["${aws_security_group.management-elb.id}"]
+	internal = true
+	listener {
+		instance_port = 22
+		instance_protocol = "TCP"
+		lb_port = 22
+		lb_protocol = "TCP"
+	}
+	health_check {
+		healthy_threshold = 3
+		unhealthy_threshold = 2
+		target = "TCP:22"
+		interval = 30
+		timeout = 10
+	}
+	idle_timeout = 600
+	subnets = ["${var.management_subnet_ids}"]
+}
+
+data "aws_ami" "amazon_linux" {
+	count = "${length(var.ami) > 0 ? 0 : 1}"
+	most_recent = true
+	owners = ["amazon"]
+	filter {
+		name = "name"
+		values = ["amzn-ami-hvm-*-gp2"]
+	}
+	filter {
+		name = "root-device-type"
+		values = ["ebs"]
+	}
+}
+
+data "aws_region" "current" {
+	current = true
+}
+data "template_file" "user_data" {
+	template = "${file("${path.module}/user-data.tpl")}"
+	vars {
+		region = "${data.aws_region.current.name}"
+		app_name = "${var.management_service_name}"
+		stack = ""
+		phase = "${var.phase}"
+		country = ""
+		cluster = "${var.management_service_name}-d0${var.phase}"
+		acct_name = "${var.acct_name}"
+	}
+}
+
+resource "aws_launch_configuration" "management" {
+	name_prefix = "${var.management_service_name}"
+	image_id = "${length(var.ami) > 0 ? var.ami : data.aws_ami.amazon_linux.image_id}"
+	instance_type = "${var.instance_type}"
+	iam_instance_profile = "${aws_iam_instance_profile.management.name}"
+	key_name = "${var.key_name}"
+	security_groups = ["${concat(var.security_group_ids, list(aws_security_group.management.id))}"]
+	associate_public_ip_address = false
+	user_data = "${data.template_file.user_data.rendered}"
+	lifecycle {
+		create_before_destroy = true
+	}
+}
+
+resource "aws_autoscaling_group" "management" {
+	name = "${var.management_service_name}"
+	launch_configuration = "${aws_launch_configuration.management.name}"
+	vpc_zone_identifier = ["${var.management_subnet_ids}"]
+	min_size = 0
+	max_size = "${length(var.management_subnet_ids)}"
+	default_cooldown = 10
+	health_check_type = "EC2"
+	load_balancers = ["${var.management_elb > 0 ? aws_elb.management.name : ""}"]
+	lifecycle {
+		create_before_destroy = true
+	}
+	tag {
+		propagate_at_launch = true
+		key = "module"
+		value = "${var.management_service_name}"
+	}
+	tag {
+		propagate_at_launch = true
+		key = "phase"
+		value = "${var.phase}"
+	}
+}
+
+resource "aws_autoscaling_notification" "management" {
+	group_names = ["${aws_autoscaling_group.management.name}"]
+	topic_arn = "${aws_sns_topic.management-events.arn}"
+	notifications = [
+		"autoscaling:EC2_INSTANCE_LAUNCH",
+		"autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
+		"autoscaling:EC2_INSTANCE_TERMINATE",
+		"autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
+	]
+}
+
+data "aws_subnet" "management" {
+	count = "${length(var.management_subnet_ids)}"
+	id = "${element(var.management_subnet_ids, count.index)}"
+}
+
+resource "aws_ebs_volume" "management-data" {
+	count = "${length(var.management_subnet_ids) * var.management_data_efs}"
+	availability_zone = "${element(data.aws_subnet.management.*.availability_zone, count.index)}"
+	size = "${var.management_data_volume_size}"
+	type = "gp2"
+	tags {
+		module = "${var.management_service_name}"
+	}
+}
+
+resource "aws_efs_file_system" "management-data" {
+	count = "${var.management_data_efs}"
+	creation_token = "${var.management_service_name}-data"
+	tags {
+		Name = "${var.management_service_name}-data"
+	}
+}
+
+resource "aws_efs_mount_target" "management-data" {
+	count = "${length(var.management_subnet_ids) * var.management_data_efs}"
+	file_system_id = "${aws_efs_file_system.management-data.id}"
+	subnet_id = "${element(var.management_subnet_ids, count.index)}"
+	security_groups = ["${aws_security_group.management.id}"]
+}