Merge branch 'infra' into 'master'

Add initial terraform scripts for automating infra. for Informatica Secure Agent

See merge request interop/iics_secure_agent!2

.gitignore

 .env
 volumes/
+credentials.tf
+*.svg
+*_credentials.tf
+sandbox
+.DS_Store
+.vscode
+*.tfstate
+*.tfstate.backup
+.terraform
+*.tfvars
+.idea/
+*.backup

README.md

@@ -61,3 +61,17 @@ Minimum Hardware Specs
 ## Known Issues
 
 * Doesn't seem to be able to run in host network mode because it won't be able to talk to internal ports.  It would probably work if you expose those ports.
+
+## Terraform
+* Infrastructure is available as code in terraform. 
+* Before disposing and create a new instance of Informatica Secure Agent, existing live connections to various targets(for e.g. databases) 
+should be reviewed and terminated. Due to this reason this is not part of CI/CD pipeline and can be executed as per necessity.
+* Various configurations can be overridden using  `-var=`, see [variables.tf](./terraform/variables.tf) for available parameters.
+```
+$ cd terraform
+$ terraform init
+$ terraform validate
+$ terraform plan -out agent.tfplan
+$ terraform apply "agent.tfplan"
+```
+* See Terraform doc on [variables](https://www.terraform.io/docs/configuration/variables.html) to see how to pass command line arguments.
\ No newline at end of file

terraform/ecs.tf

+data "template_file" "container" {
+  template = file("./templates/container.tpl")
+  vars     = {
+    container_name = var.container_name
+    image_name     = var.image_name
+    fargate_cpu    = var.fargate_cpu
+    fargate_memory = var.fargate_memory
+    app_port1      = var.container_app_port[0]
+    app_port2      = var.container_app_port[1]
+    app_port3      = var.container_app_port[2]
+    network_mode   = var.container_network_mode
+  }
+}
+
+data "aws_iam_role" "ecs-task-execution" {
+  name = "ecsTaskExecutionRole"
+}
+
+resource "aws_ecs_task_definition" "task" {
+  family                   = var.ecs_task_name
+  execution_role_arn       = data.aws_iam_role.ecs-task-execution.arn
+  network_mode             = var.container_network_mode
+  requires_compatibilities = [
+    "FARGATE"]
+  cpu                      = var.fargate_cpu
+  memory                   = var.fargate_memory
+  container_definitions    = data.template_file.container.rendered
+}
+
+resource "aws_ecs_service" "service" {
+  name            = var.ecs_service_name
+  cluster         = aws_ecs_cluster.cluster.id
+  task_definition = aws_ecs_task_definition.task.arn
+  desired_count   = 1
+  launch_type     = "FARGATE"
+
+  network_configuration {
+    security_groups  = [
+      data.aws_security_group.sec-group.id]
+    subnets          = data.aws_subnet_ids.subnets.ids
+    assign_public_ip = false
+  }
+}
+
+resource "aws_ecs_cluster" "cluster" {
+  name = var.ecs_cluster_name
+  tags = var.ecs_cluster_tags
+}
\ No newline at end of file

terraform/network.tf

+data "aws_vpc" "vpc" {
+  tags = var.vpc_tags
+}
+
+data "aws_subnet_ids" "subnets" {
+  vpc_id = data.aws_vpc.vpc.id
+  filter {
+    name   = "tag:Name"
+    values = [
+      var.private_subnets_filter["Name"]]
+  }
+}
+
+data "aws_security_group" "sec-group" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags   = var.security_group
+}
\ No newline at end of file

terraform/provider.tf

+provider "aws" {
+  access_key          = var.aws_access_key
+  secret_key          = var.aws_secret_key
+  region              = var.aws_region
+  allowed_account_ids = [
+    var.aws_account_id]
+}
\ No newline at end of file

terraform/security.tf

+data "aws_security_group" "secgroup" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags   = var.security_group
+}
\ No newline at end of file

terraform/templates/container.tpl

+[
+  {
+    "name": "${container_name}",
+    "image": "${image_name}",
+    "cpu": ${fargate_cpu},
+    "memory": ${fargate_memory},
+    "networkMode": "${network_mode}",
+    "portMappings": [
+      {
+        "containerPort": ${app_port1},
+        "hostPort": ${app_port1}
+      },
+      {
+        "containerPort": ${app_port2},
+        "hostPort": ${app_port2}
+      },
+      {
+        "containerPort": ${app_port3},
+        "hostPort": ${app_port3}
+      }
+    ]
+  }
+]
\ No newline at end of file

terraform/variables.tf

+variable "aws_access_key" {}
+variable "aws_secret_key" {}
+variable "aws_account_id" {
+  default = "265723766240"
+}
+variable "aws_region" {
+  default = "us-east-1"
+  # test tier
+}
+
+variable "vpc_tags" {
+  type    = map(string)
+  default = {
+    Name = "test-tier"
+    tier = "test"
+  }
+}
+
+# needs at least two subnets
+variable "private_subnets_filter" {
+  type    = map(string)
+  default = {
+    Name = "test-private-*"
+  }
+}
+
+variable "security_group" {
+  type    = map(string)
+  default = {
+    tier = "test"
+    Name = "internal"
+  }
+}
+
+variable "image_name" {
+  default = "265723766240.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent"
+}
+
+variable "container_name" {
+  default = "iics-secure-agent-test"
+}
+variable "container_network_mode" {
+  default = "awsvpc"
+}
+variable "container_app_port" {
+  type    = list(string)
+  default = [
+    7080,
+    7443,
+    5432]
+}
+
+# note that as per our licesning model each
+# container would be an extran instance
+variable "container_count" {
+  default = 1
+}
+
+# https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html
+# see Secure Agent resource requirements for these numbers.
+variable "fargate_cpu" {
+	# 1 vCPU = 1024 CPU units
+	default = "4096"
+}
+variable "fargate_memory" {
+	# in MiB
+	default = "8192"
+}
+
+# ecs
+variable "ecs_cluster_name" {
+  default = "iics-agent-cluster"
+}
+
+variable "ecs_cluster_tags" {
+  type    = map(string)
+  default = {
+    Name = "iics-agent-cluster"
+    tier = "test"
+  }
+}
+
+variable "ecs_task_name" {
+  default = "iics-agent-task"
+}
+
+variable "ecs_service_name" {
+  default = "iics-agent-service"
+}
\ No newline at end of file