diff options
author | clarkzjw <[email protected]> | 2022-12-09 17:22:10 -0800 |
---|---|---|
committer | clarkzjw <[email protected]> | 2022-12-09 17:22:10 -0800 |
commit | cb5f8087f8c69c920f87fd5c219906f0796d6938 (patch) | |
tree | 8103290af0e2e14feb4fd1f1c5374fbdb1cdab75 | |
parent | 0a8d79e00ebf51965b102b883e72d9e7987d50ae (diff) | |
download | jinwei.me-cb5f8087f8c69c920f87fd5c219906f0796d6938.tar.gz |
aws infra: add ec2, rds, vpc
-rw-r--r-- | .gitignore | 32 | ||||
-rw-r--r-- | jinwei.me/infra/.terraform.lock.hcl | 44 | ||||
-rw-r--r-- | jinwei.me/infra/data.tf | 11 | ||||
-rw-r--r-- | jinwei.me/infra/keypair.tf | 4 | ||||
-rw-r--r-- | jinwei.me/infra/main.tf | 44 | ||||
-rw-r--r-- | jinwei.me/infra/outputs.tf | 29 | ||||
-rw-r--r-- | jinwei.me/infra/rds.tf | 26 | ||||
-rw-r--r-- | jinwei.me/infra/sg.tf | 38 | ||||
-rw-r--r-- | jinwei.me/infra/variables.tf | 53 | ||||
-rw-r--r-- | jinwei.me/infra/versions.tf | 8 | ||||
-rw-r--r-- | jinwei.me/infra/vpc.tf | 31 |
11 files changed, 320 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4220221 --- /dev/null +++ b/.gitignore | |||
@@ -0,0 +1,32 @@ | |||
1 | .idea/ | ||
2 | aws-rc | ||
3 | connect_mysql.sh | ||
4 | # Local .terraform directories | ||
5 | **/.terraform/* | ||
6 | |||
7 | # .tfstate files | ||
8 | *.tfstate | ||
9 | *.tfstate.* | ||
10 | |||
11 | # Crash log files | ||
12 | crash.log | ||
13 | |||
14 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most | ||
15 | # .tfvars files are managed as part of configuration and so should be included in | ||
16 | # version control. | ||
17 | # | ||
18 | # example.tfvars | ||
19 | |||
20 | # Ignore override files as they are usually used to override resources locally and so | ||
21 | # are not checked in | ||
22 | override.tf | ||
23 | override.tf.json | ||
24 | *_override.tf | ||
25 | *_override.tf.json | ||
26 | |||
27 | # Include override files you do wish to add to version control using negated pattern | ||
28 | # | ||
29 | # !example_override.tf | ||
30 | |||
31 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
32 | # example: *tfplan* | ||
diff --git a/jinwei.me/infra/.terraform.lock.hcl b/jinwei.me/infra/.terraform.lock.hcl new file mode 100644 index 0000000..92b4d9c --- /dev/null +++ b/jinwei.me/infra/.terraform.lock.hcl | |||
@@ -0,0 +1,44 @@ | |||
1 | # This file is maintained automatically by "terraform init". | ||
2 | # Manual edits may be lost in future updates. | ||
3 | |||
4 | provider "registry.terraform.io/hashicorp/aws" { | ||
5 | version = "4.46.0" | ||
6 | constraints = "~> 4.46" | ||
7 | hashes = [ | ||
8 | "h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=", | ||
9 | "zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2", | ||
10 | "zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3", | ||
11 | "zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6", | ||
12 | "zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44", | ||
13 | "zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f", | ||
14 | "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", | ||
15 | "zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e", | ||
16 | "zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62", | ||
17 | "zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab", | ||
18 | "zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24", | ||
19 | "zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888", | ||
20 | "zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408", | ||
21 | "zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3", | ||
22 | "zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466", | ||
23 | "zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2", | ||
24 | ] | ||
25 | } | ||
26 | |||
27 | provider "registry.terraform.io/hashicorp/random" { | ||
28 | version = "3.4.3" | ||
29 | hashes = [ | ||
30 | "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", | ||
31 | "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", | ||
32 | "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", | ||
33 | "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", | ||
34 | "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", | ||
35 | "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", | ||
36 | "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", | ||
37 | "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", | ||
38 | "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", | ||
39 | "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", | ||
40 | "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", | ||
41 | "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", | ||
42 | "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", | ||
43 | ] | ||
44 | } | ||
diff --git a/jinwei.me/infra/data.tf b/jinwei.me/infra/data.tf new file mode 100644 index 0000000..2102273 --- /dev/null +++ b/jinwei.me/infra/data.tf | |||
@@ -0,0 +1,11 @@ | |||
1 | data "aws_ami" "debian" { | ||
2 | most_recent = true | ||
3 | owners = ["136693071363"] | ||
4 | |||
5 | filter { | ||
6 | name = "name" | ||
7 | values = ["debian-11-amd64-*"] | ||
8 | } | ||
9 | } | ||
10 | |||
11 | data "aws_availability_zones" "available" {} | ||
diff --git a/jinwei.me/infra/keypair.tf b/jinwei.me/infra/keypair.tf new file mode 100644 index 0000000..a73a0af --- /dev/null +++ b/jinwei.me/infra/keypair.tf | |||
@@ -0,0 +1,4 @@ | |||
1 | resource "aws_key_pair" "framework" { | ||
2 | key_name = "framework" | ||
3 | public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILS2i5/x9r+cv2j2/SUZ2x2fgQeGnJP1I7PUHC0UdWN6 framework" | ||
4 | } | ||
diff --git a/jinwei.me/infra/main.tf b/jinwei.me/infra/main.tf new file mode 100644 index 0000000..235aba0 --- /dev/null +++ b/jinwei.me/infra/main.tf | |||
@@ -0,0 +1,44 @@ | |||
1 | locals { | ||
2 | name = var.name | ||
3 | } | ||
4 | |||
5 | data "aws_subnet" "ec2" { | ||
6 | filter { | ||
7 | name = "availability-zone" | ||
8 | values = [aws_db_instance.jinwei-me.availability_zone] | ||
9 | } | ||
10 | filter { | ||
11 | name = "subnet-id" | ||
12 | values = module.vpc.public_subnets | ||
13 | } | ||
14 | } | ||
15 | |||
16 | resource "aws_instance" "jinwei_me" { | ||
17 | ami = data.aws_ami.debian.id | ||
18 | instance_type = var.ec2_instance_type | ||
19 | |||
20 | subnet_id = data.aws_subnet.ec2.id | ||
21 | key_name = "framework" | ||
22 | |||
23 | vpc_security_group_ids = [aws_security_group.backend.id] | ||
24 | |||
25 | root_block_device { | ||
26 | volume_type = "gp3" | ||
27 | tags = { | ||
28 | Name = "${local.name}-root" | ||
29 | } | ||
30 | } | ||
31 | |||
32 | tags = { | ||
33 | Name = local.name | ||
34 | } | ||
35 | |||
36 | lifecycle { | ||
37 | ignore_changes = [ami] | ||
38 | } | ||
39 | } | ||
40 | |||
41 | resource "aws_eip" "main" { | ||
42 | instance = aws_instance.jinwei_me.id | ||
43 | } | ||
44 | |||
diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf new file mode 100644 index 0000000..3537e02 --- /dev/null +++ b/jinwei.me/infra/outputs.tf | |||
@@ -0,0 +1,29 @@ | |||
1 | output "rds_hostname" { | ||
2 | description = "RDS instance hostname" | ||
3 | value = aws_db_instance.jinwei-me.address | ||
4 | } | ||
5 | |||
6 | output "rds_port" { | ||
7 | description = "RDS instance port" | ||
8 | value = aws_db_instance.jinwei-me.port | ||
9 | } | ||
10 | |||
11 | output "rds_username" { | ||
12 | description = "RDS instance username" | ||
13 | value = aws_db_instance.jinwei-me.username | ||
14 | } | ||
15 | |||
16 | output "rds_password" { | ||
17 | description = "RDS instance password" | ||
18 | value = random_password.mysql_password.result | ||
19 | sensitive = true | ||
20 | } | ||
21 | |||
22 | output "instance" { | ||
23 | description = "The main EC2 instance." | ||
24 | value = { | ||
25 | arn = aws_instance.jinwei_me.arn | ||
26 | public_ip = aws_eip.main.public_ip | ||
27 | private_ip = aws_instance.jinwei_me.private_ip | ||
28 | } | ||
29 | } | ||
diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf new file mode 100644 index 0000000..6565332 --- /dev/null +++ b/jinwei.me/infra/rds.tf | |||
@@ -0,0 +1,26 @@ | |||
1 | |||
2 | resource "aws_db_parameter_group" "jinwei-me" { | ||
3 | name = var.name | ||
4 | family = var.rds_parameter_group | ||
5 | } | ||
6 | |||
7 | resource "aws_db_instance" "jinwei-me" { | ||
8 | identifier = var.name | ||
9 | instance_class = var.rds_instance_class | ||
10 | allocated_storage = var.rds_storage | ||
11 | engine = var.rds_engine | ||
12 | engine_version = var.rds_engine_version | ||
13 | username = var.rds_username | ||
14 | password = random_password.mysql_password.result | ||
15 | port = var.rds_port | ||
16 | db_subnet_group_name = aws_db_subnet_group.jinwei-me.name | ||
17 | vpc_security_group_ids = [aws_security_group.rds.id] | ||
18 | parameter_group_name = aws_db_parameter_group.jinwei-me.name | ||
19 | publicly_accessible = true | ||
20 | skip_final_snapshot = true | ||
21 | } | ||
22 | |||
23 | resource "random_password" "mysql_password" { | ||
24 | length = 16 | ||
25 | special = false | ||
26 | } | ||
diff --git a/jinwei.me/infra/sg.tf b/jinwei.me/infra/sg.tf new file mode 100644 index 0000000..4d5ecaa --- /dev/null +++ b/jinwei.me/infra/sg.tf | |||
@@ -0,0 +1,38 @@ | |||
1 | # EC 2 | ||
2 | resource "aws_security_group" "backend" { | ||
3 | name = local.name | ||
4 | vpc_id = module.vpc.vpc_id | ||
5 | } | ||
6 | |||
7 | resource "aws_security_group_rule" "backend_ingress_ssh" { | ||
8 | security_group_id = aws_security_group.backend.id | ||
9 | type = "ingress" | ||
10 | protocol = "tcp" | ||
11 | from_port = 22 | ||
12 | to_port = 22 | ||
13 | cidr_blocks = ["0.0.0.0/0"] | ||
14 | } | ||
15 | |||
16 | resource "aws_security_group_rule" "backend_egress_all" { | ||
17 | security_group_id = aws_security_group.backend.id | ||
18 | type = "egress" | ||
19 | protocol = "all" | ||
20 | from_port = 0 | ||
21 | to_port = 0 | ||
22 | cidr_blocks = ["0.0.0.0/0"] | ||
23 | } | ||
24 | |||
25 | # RDS | ||
26 | resource "aws_security_group" "rds" { | ||
27 | name = "${local.name}-db" | ||
28 | vpc_id = module.vpc.vpc_id | ||
29 | } | ||
30 | |||
31 | resource "aws_security_group_rule" "db_ingress_backend" { | ||
32 | security_group_id = aws_security_group.rds.id | ||
33 | type = "ingress" | ||
34 | protocol = "tcp" | ||
35 | from_port = var.rds_port | ||
36 | to_port = var.rds_port | ||
37 | source_security_group_id = aws_security_group.backend.id | ||
38 | } | ||
diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf new file mode 100644 index 0000000..6745915 --- /dev/null +++ b/jinwei.me/infra/variables.tf | |||
@@ -0,0 +1,53 @@ | |||
1 | provider "aws" { | ||
2 | region = var.region | ||
3 | } | ||
4 | |||
5 | variable "name" { | ||
6 | description = "Name of the service. It will be used to name EC2, and RDS instances." | ||
7 | default = "jinwei-me" | ||
8 | } | ||
9 | |||
10 | variable "region" { | ||
11 | default = "us-west-2" | ||
12 | description = "AWS region" | ||
13 | } | ||
14 | |||
15 | |||
16 | # RDS | ||
17 | variable "rds_instance_class" { | ||
18 | default = "db.t3.micro" | ||
19 | } | ||
20 | |||
21 | variable "rds_storage" { | ||
22 | default = 20 | ||
23 | } | ||
24 | |||
25 | variable "rds_username" { | ||
26 | default = "jinweime" | ||
27 | } | ||
28 | |||
29 | variable "rds_engine" { | ||
30 | default = "mariadb" | ||
31 | } | ||
32 | |||
33 | variable "rds_engine_version" { | ||
34 | default = "10.6" | ||
35 | } | ||
36 | |||
37 | variable "rds_parameter_group" { | ||
38 | default = "mariadb10.6" | ||
39 | } | ||
40 | |||
41 | variable "rds_port" { | ||
42 | default = 33060 | ||
43 | } | ||
44 | |||
45 | # EC 2 | ||
46 | variable "ec2_instance_type" { | ||
47 | default = "t2.micro" | ||
48 | } | ||
49 | |||
50 | #variable "ec2_key_name" { | ||
51 | # description = "Name of key pair to log into the EC2 instance. The key pair must already exist." | ||
52 | # type = string | ||
53 | #} | ||
diff --git a/jinwei.me/infra/versions.tf b/jinwei.me/infra/versions.tf new file mode 100644 index 0000000..2ff0472 --- /dev/null +++ b/jinwei.me/infra/versions.tf | |||
@@ -0,0 +1,8 @@ | |||
1 | terraform { | ||
2 | required_providers { | ||
3 | aws = { | ||
4 | source = "hashicorp/aws" | ||
5 | version = "~> 4.46" | ||
6 | } | ||
7 | } | ||
8 | } | ||
diff --git a/jinwei.me/infra/vpc.tf b/jinwei.me/infra/vpc.tf new file mode 100644 index 0000000..834f0ec --- /dev/null +++ b/jinwei.me/infra/vpc.tf | |||
@@ -0,0 +1,31 @@ | |||
1 | locals { | ||
2 | cidr_block = "10.31.0.0/16" | ||
3 | subnets = cidrsubnets(local.cidr_block, 4, 4, 4, 4, 4, 4) | ||
4 | subnet_groups = chunklist(local.subnets, 3) | ||
5 | } | ||
6 | |||
7 | module "vpc" { | ||
8 | source = "terraform-aws-modules/vpc/aws" | ||
9 | version = "3.18.1" | ||
10 | |||
11 | name = local.name | ||
12 | cidr = local.cidr_block | ||
13 | azs = data.aws_availability_zones.available.names | ||
14 | private_subnets = local.subnet_groups[0] | ||
15 | public_subnets = local.subnet_groups[1] | ||
16 | enable_dns_hostnames = true | ||
17 | enable_dns_support = true | ||
18 | enable_nat_gateway = false | ||
19 | single_nat_gateway = true | ||
20 | } | ||
21 | |||
22 | |||
23 | |||
24 | resource "aws_db_subnet_group" "jinwei-me" { | ||
25 | name = var.name | ||
26 | subnet_ids = module.vpc.public_subnets | ||
27 | |||
28 | tags = { | ||
29 | Name = var.name | ||
30 | } | ||
31 | } | ||