Add initial terraform scripts for automating infra. for Informatica Secure Agent

e7f65c15 · Nuwan Rajika Kumarasiri · 798175c6 · e7f65c15 · e7f65c15 · e7f65c15
Commit e7f65c15 authored 5 years ago by Nuwan Rajika Kumarasiri
--- a/.gitignore
+++ b/.gitignore
+*.idea
 .env
 volumes/
--- a/terraform/ecs.tf
+++ b/terraform/ecs.tf
+data "template_file" "container" {
+  template = file("./templates/container.tpl")
+  vars = {
+    container_name = var.container_name
+    image_name = var.image_name
+    fargate_cpu = var.fargate_cpu
+    fargate_memory = var.fargate_memory
+    app_port1 = var.container_app_port[0]
+    app_port2 = var.container_app_port[1]
+    app_port3 = var.container_app_port[2]
+    network_mode = var.container_network_mode
+  }
+}
+
+data "aws_iam_role" "ecs-task-execution" {
+  name = "ecsTaskExecutionRole"
+}
+
+resource "aws_ecs_task_definition" "task" {
+  family = var.ecs_task_name
+  execution_role_arn = data.aws_iam_role.ecs-task-execution.arn
+  network_mode = var.container_network_mode
+  requires_compatibilities = ["FARGATE"]
+  cpu = var.fargate_cpu
+  memory = var.fargate_memory
+  container_definitions = data.template_file.container.rendered
+}
+
+resource "aws_ecs_service" "service" {
+  name = var.ecs_service_name
+  cluster = aws_ecs_cluster.cluster.id
+  task_definition = aws_ecs_task_definition.task.arn
+  desired_count = 1
+  launch_type = "FARGATE"
+
+  network_configuration {
+    assign_public_ip = false
+    subnets = [data.aws_subnet_ids.subnet-a.id,data.aws_subnet_ids.subnet-b.id]
+    security_groups = [data.aws_security_group.sec-group.id]
+  }
+}
+
+resource "aws_ecs_cluster" "cluster" {
+  name = var.ecs_cluster_name
+  tags = var.ecs_cluster_tags
+}
\ No newline at end of file
--- a/terraform/network.tf
+++ b/terraform/network.tf
+data "aws_vpc" "vpc" {
+  tags = var.vpc_tags
+}
+
+data "aws_subnet_ids" "subnet-a" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags = var.private_subnet_a_tags
+}
+
+data "aws_subnet_ids" "subnet-b" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags = var.private_subnet_b_tags
+}
+
+data "aws_security_group" "sec-group" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags = var.security_group
+}
\ No newline at end of file
--- a/terraform/provider.tf
+++ b/terraform/provider.tf
+provider "aws" {
+	access_key = var.aws_access_key
+	secret_key = var.aws_secret_key
+	region     = var.aws_region
+	allowed_account_ids = [var.aws_account_id]
+}
\ No newline at end of file
--- a/terraform/security.tf
+++ b/terraform/security.tf
+data "aws_security_group" "secgroup" {
+  vpc_id = data.aws_vpc.vpc.id
+  tags = var.security_group
+}
\ No newline at end of file
--- a/terraform/templates/container.tpl
+++ b/terraform/templates/container.tpl
+[
+  {
+    "name": "${container_name}",
+    "image": "${image_name}",
+    "cpu": ${fargate_cpu},
+    "memory": ${fargate_memory},
+    "networkMode": "${network_mode}",
+    "portMappings": [
+      {
+        "containerPort": ${app_port1},
+        "hostPort": ${app_port1}
+      },
+      {
+        "containerPort": ${app_port2},
+        "hostPort": ${app_port2}
+      },
+      {
+        "containerPort": ${app_port2},
+        "hostPort": ${app_port2}
+      }
+    ]
+  }
+]
\ No newline at end of file
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
+variable "aws_access_key" {}
+variable "aws_secret_key" {}
+variable "aws_account_id" {
+	default = "265723766240"
+}
+variable "aws_region" {
+	default = "us-east-1" # test tier
+}
+
+variable "vpc_tags" {
+	type = map(string)
+	default = {
+		Name = "test-tier"
+		tier = "test"
+	}
+}
+
+# needs at least two subnets
+variable "private_subnet_a_tags" {
+	type = map(string)
+	default = {
+		Name = "test-private-a"
+		tier = "test"
+		network = "private"
+	}
+}
+variable "private_subnet_b_tags" {
+	type = map(string)
+	default = {
+		Name = "test-private-b"
+		tier = "test"
+		network = "private"
+	}
+}
+
+variable "security_group" {
+	type = map(string)
+	default = {
+		tier = "test"
+		Name = "internal"
+	}
+}
+
+variable "image_name" {
+	default = "265723766240.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent"
+}
+
+variable "container_name" {
+	default = "iics-secure-agent-test"
+}
+variable "container_network_mode" {
+	default = "awsvpc"
+}
+variable "container_app_port" {
+	type = list(string)
+	default = [7080, 7443, 5432]
+}
+
+# note that as per our licesning model each
+# container would be an extran instance
+variable "container_count" {
+	default = 1
+}
+
+variable "fargate_cpu" {
+	default = "4096" # 1 vCPU = 1024 CPU units
+}
+variable "fargate_memory" {
+	default = "4095" # in MiB
+}
+
+# ecs
+variable "ecs_cluster_name" {
+	default = "iics-agent-cluster"
+}
+
+variable "ecs_cluster_tags" {
+	type = map(string)
+	default = {
+		Name = "iics-agent-cluster"
+		tier = "test"
+	}
+}
+
+variable "ecs_task_name" {
+	default = "iics-secure-agent-test"
+}
+
+variable "ecs_service_name" {
+	default = "iics-secure-agent-test"
+}
\ No newline at end of file