aws infra: add ec2, rds, vpc

author: clarkzjw <[email protected]> 2022-12-09 17:22:10 -0800
committer: clarkzjw <[email protected]> 2022-12-09 17:22:10 -0800
commit: cb5f8087f8c69c920f87fd5c219906f0796d6938 (patch)
tree: 8103290af0e2e14feb4fd1f1c5374fbdb1cdab75
parent: 0a8d79e00ebf51965b102b883e72d9e7987d50ae (diff)
download: jinwei.me-cb5f8087f8c69c920f87fd5c219906f0796d6938.tar.gz
11 files changed, 320 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4220221
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,32 @@
+.idea/
+aws-rc
+connect_mysql.sh
+# Local .terraform directories
+**/.terraform/*
+# .tfstate files
+*.tfstate
+*.tfstate.*
+# Crash log files
+crash.log
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
diff --git a/jinwei.me/infra/.terraform.lock.hcl b/jinwei.me/infra/.terraform.lock.hcl
new file mode 100644
index 0000000..92b4d9c
--- /dev/null
+++ b/jinwei.me/infra/.terraform.lock.hcl
@@ -0,0 +1,44 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.46.0"
+  constraints = "~> 4.46"
+  hashes = [
+    "h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=",
+    "zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2",
+    "zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3",
+    "zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6",
+    "zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44",
+    "zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e",
+    "zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62",
+    "zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab",
+    "zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24",
+    "zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888",
+    "zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408",
+    "zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3",
+    "zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466",
+    "zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2",
+  ]
+}
+provider "registry.terraform.io/hashicorp/random" {
+  version = "3.4.3"
+  hashes = [
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+  ]
+}
diff --git a/jinwei.me/infra/data.tf b/jinwei.me/infra/data.tf
new file mode 100644
index 0000000..2102273
--- /dev/null
+++ b/jinwei.me/infra/data.tf
@@ -0,0 +1,11 @@
+data "aws_ami" "debian" {
+  most_recent = true
+  owners      = ["136693071363"]
+  filter {
+    name   = "name"
+    values = ["debian-11-amd64-*"]
+  }
+}
+data "aws_availability_zones" "available" {}
diff --git a/jinwei.me/infra/keypair.tf b/jinwei.me/infra/keypair.tf
new file mode 100644
index 0000000..a73a0af
--- /dev/null
+++ b/jinwei.me/infra/keypair.tf
@@ -0,0 +1,4 @@
+resource "aws_key_pair" "framework" {
+  key_name   = "framework"
+  public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILS2i5/x9r+cv2j2/SUZ2x2fgQeGnJP1I7PUHC0UdWN6 framework"
+}
diff --git a/jinwei.me/infra/main.tf b/jinwei.me/infra/main.tf
new file mode 100644
index 0000000..235aba0
--- /dev/null
+++ b/jinwei.me/infra/main.tf
@@ -0,0 +1,44 @@
+locals {
+  name = var.name
+}
+data "aws_subnet" "ec2" {
+  filter {
+    name   = "availability-zone"
+    values = [aws_db_instance.jinwei-me.availability_zone]
+  }
+  filter {
+    name   = "subnet-id"
+    values = module.vpc.public_subnets
+  }
+}
+resource "aws_instance" "jinwei_me" {
+  ami           = data.aws_ami.debian.id
+  instance_type = var.ec2_instance_type
+  subnet_id = data.aws_subnet.ec2.id
+  key_name  = "framework"
+  vpc_security_group_ids = [aws_security_group.backend.id]
+  root_block_device {
+    volume_type = "gp3"
+    tags = {
+      Name = "${local.name}-root"
+    }
+  }
+  tags = {
+    Name = local.name
+  }
+  lifecycle {
+    ignore_changes = [ami]
+  }
+}
+resource "aws_eip" "main" {
+  instance = aws_instance.jinwei_me.id
+}
diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf
new file mode 100644
index 0000000..3537e02
--- /dev/null
+++ b/jinwei.me/infra/outputs.tf
@@ -0,0 +1,29 @@
+output "rds_hostname" {
+  description = "RDS instance hostname"
+  value       = aws_db_instance.jinwei-me.address
+}
+output "rds_port" {
+  description = "RDS instance port"
+  value       = aws_db_instance.jinwei-me.port
+}
+output "rds_username" {
+  description = "RDS instance username"
+  value       = aws_db_instance.jinwei-me.username
+}
+output "rds_password" {
+  description = "RDS instance password"
+  value       = random_password.mysql_password.result
+  sensitive   = true
+}
+output "instance" {
+  description = "The main EC2 instance."
+  value = {
+    arn        = aws_instance.jinwei_me.arn
+    public_ip  = aws_eip.main.public_ip
+    private_ip = aws_instance.jinwei_me.private_ip
+  }
+}
diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf
new file mode 100644
index 0000000..6565332
--- /dev/null
+++ b/jinwei.me/infra/rds.tf
@@ -0,0 +1,26 @@
+resource "aws_db_parameter_group" "jinwei-me" {
+  name   = var.name
+  family = var.rds_parameter_group
+}
+resource "aws_db_instance" "jinwei-me" {
+  identifier             = var.name
+  instance_class         = var.rds_instance_class
+  allocated_storage      = var.rds_storage
+  engine                 = var.rds_engine
+  engine_version         = var.rds_engine_version
+  username               = var.rds_username
+  password               = random_password.mysql_password.result
+  port                   = var.rds_port
+  db_subnet_group_name   = aws_db_subnet_group.jinwei-me.name
+  vpc_security_group_ids = [aws_security_group.rds.id]
+  parameter_group_name   = aws_db_parameter_group.jinwei-me.name
+  publicly_accessible    = true
+  skip_final_snapshot    = true
+}
+resource "random_password" "mysql_password" {
+  length  = 16
+  special = false
+}
diff --git a/jinwei.me/infra/sg.tf b/jinwei.me/infra/sg.tf
new file mode 100644
index 0000000..4d5ecaa
--- /dev/null
+++ b/jinwei.me/infra/sg.tf
@@ -0,0 +1,38 @@
+# EC 2
+resource "aws_security_group" "backend" {
+  name   = local.name
+  vpc_id = module.vpc.vpc_id
+}
+resource "aws_security_group_rule" "backend_ingress_ssh" {
+  security_group_id = aws_security_group.backend.id
+  type              = "ingress"
+  protocol          = "tcp"
+  from_port         = 22
+  to_port           = 22
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+resource "aws_security_group_rule" "backend_egress_all" {
+  security_group_id = aws_security_group.backend.id
+  type              = "egress"
+  protocol          = "all"
+  from_port         = 0
+  to_port           = 0
+  cidr_blocks       = ["0.0.0.0/0"]
+}
+# RDS
+resource "aws_security_group" "rds" {
+  name   = "${local.name}-db"
+  vpc_id = module.vpc.vpc_id
+}
+resource "aws_security_group_rule" "db_ingress_backend" {
+  security_group_id        = aws_security_group.rds.id
+  type                     = "ingress"
+  protocol                 = "tcp"
+  from_port                = var.rds_port
+  to_port                  = var.rds_port
+  source_security_group_id = aws_security_group.backend.id
+}
diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf
new file mode 100644
index 0000000..6745915
--- /dev/null
+++ b/jinwei.me/infra/variables.tf
@@ -0,0 +1,53 @@
+provider "aws" {
+  region = var.region
+}
+variable "name" {
+  description = "Name of the service. It will be used to name EC2, and RDS instances."
+  default     = "jinwei-me"
+}
+variable "region" {
+  default     = "us-west-2"
+  description = "AWS region"
+}
+# RDS
+variable "rds_instance_class" {
+  default = "db.t3.micro"
+}
+variable "rds_storage" {
+  default = 20
+}
+variable "rds_username" {
+  default = "jinweime"
+}
+variable "rds_engine" {
+  default = "mariadb"
+}
+variable "rds_engine_version" {
+  default = "10.6"
+}
+variable "rds_parameter_group" {
+  default = "mariadb10.6"
+}
+variable "rds_port" {
+  default = 33060
+}
+# EC 2
+variable "ec2_instance_type" {
+  default = "t2.micro"
+}
+#variable "ec2_key_name" {
+#  description = "Name of key pair to log into the EC2 instance. The key pair must already exist."
+#  type        = string
+#}
diff --git a/jinwei.me/infra/versions.tf b/jinwei.me/infra/versions.tf
new file mode 100644
index 0000000..2ff0472
--- /dev/null
+++ b/jinwei.me/infra/versions.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4.46"
+    }
+  }
+}
diff --git a/jinwei.me/infra/vpc.tf b/jinwei.me/infra/vpc.tf
new file mode 100644
index 0000000..834f0ec
--- /dev/null
+++ b/jinwei.me/infra/vpc.tf
@@ -0,0 +1,31 @@
+locals {
+  cidr_block    = "10.31.0.0/16"
+  subnets       = cidrsubnets(local.cidr_block, 4, 4, 4, 4, 4, 4)
+  subnet_groups = chunklist(local.subnets, 3)
+}
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = "3.18.1"
+  name                 = local.name
+  cidr                 = local.cidr_block
+  azs                  = data.aws_availability_zones.available.names
+  private_subnets      = local.subnet_groups[0]
+  public_subnets       = local.subnet_groups[1]
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+  enable_nat_gateway   = false
+  single_nat_gateway   = true
+}
+resource "aws_db_subnet_group" "jinwei-me" {
+  name       = var.name
+  subnet_ids = module.vpc.public_subnets
+  tags = {
+    Name = var.name
+  }
+}
author	clarkzjw <[email protected]>	2022-12-09 17:22:10 -0800
committer	clarkzjw <[email protected]>	2022-12-09 17:22:10 -0800
commit	cb5f8087f8c69c920f87fd5c219906f0796d6938 (patch)
tree	8103290af0e2e14feb4fd1f1c5374fbdb1cdab75
parent	0a8d79e00ebf51965b102b883e72d9e7987d50ae (diff)
download	jinwei.me-cb5f8087f8c69c920f87fd5c219906f0796d6938.tar.gz

diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4220221 --- /dev/null +++ b/.gitignore
@@ -0,0 +1,32 @@
	1	.idea/
	2	aws-rc
	3	connect_mysql.sh
	4	# Local .terraform directories
	5	*/.terraform/
	6
	7	# .tfstate files
	8	*.tfstate
	9	.tfstate.
	10
	11	# Crash log files
	12	crash.log
	13
	14	# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
	15	# .tfvars files are managed as part of configuration and so should be included in
	16	# version control.
	17	#
	18	# example.tfvars
	19
	20	# Ignore override files as they are usually used to override resources locally and so
	21	# are not checked in
	22	override.tf
	23	override.tf.json
	24	*_override.tf
	25	*_override.tf.json
	26
	27	# Include override files you do wish to add to version control using negated pattern
	28	#
	29	# !example_override.tf
	30
	31	# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
	32	# example: tfplan


diff --git a/jinwei.me/infra/.terraform.lock.hcl b/jinwei.me/infra/.terraform.lock.hcl new file mode 100644 index 0000000..92b4d9c --- /dev/null +++ b/jinwei.me/infra/.terraform.lock.hcl
@@ -0,0 +1,44 @@
	1	# This file is maintained automatically by "terraform init".
	2	# Manual edits may be lost in future updates.
	3
	4	provider "registry.terraform.io/hashicorp/aws" {
	5	version = "4.46.0"
	6	constraints = "~> 4.46"
	7	hashes = [
	8	"h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=",
	9	"zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2",
	10	"zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3",
	11	"zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6",
	12	"zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44",
	13	"zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f",
	14	"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
	15	"zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e",
	16	"zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62",
	17	"zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab",
	18	"zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24",
	19	"zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888",
	20	"zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408",
	21	"zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3",
	22	"zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466",
	23	"zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2",
	24	]
	25	}
	26
	27	provider "registry.terraform.io/hashicorp/random" {
	28	version = "3.4.3"
	29	hashes = [
	30	"h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
	31	"zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
	32	"zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
	33	"zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
	34	"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
	35	"zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
	36	"zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
	37	"zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
	38	"zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
	39	"zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
	40	"zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
	41	"zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
	42	"zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
	43	]
	44	}


diff --git a/jinwei.me/infra/data.tf b/jinwei.me/infra/data.tf new file mode 100644 index 0000000..2102273 --- /dev/null +++ b/jinwei.me/infra/data.tf
@@ -0,0 +1,11 @@
	1	data "aws_ami" "debian" {
	2	most_recent = true
	3	owners = ["136693071363"]
	4
	5	filter {
	6	name = "name"
	7	values = ["debian-11-amd64-*"]
	8	}
	9	}
	10
	11	data "aws_availability_zones" "available" {}


diff --git a/jinwei.me/infra/keypair.tf b/jinwei.me/infra/keypair.tf new file mode 100644 index 0000000..a73a0af --- /dev/null +++ b/jinwei.me/infra/keypair.tf
@@ -0,0 +1,4 @@
	1	resource "aws_key_pair" "framework" {
	2	key_name = "framework"
	3	public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILS2i5/x9r+cv2j2/SUZ2x2fgQeGnJP1I7PUHC0UdWN6 framework"
	4	}


diff --git a/jinwei.me/infra/main.tf b/jinwei.me/infra/main.tf new file mode 100644 index 0000000..235aba0 --- /dev/null +++ b/jinwei.me/infra/main.tf
@@ -0,0 +1,44 @@
	1	locals {
	2	name = var.name
	3	}
	4
	5	data "aws_subnet" "ec2" {
	6	filter {
	7	name = "availability-zone"
	8	values = [aws_db_instance.jinwei-me.availability_zone]
	9	}
	10	filter {
	11	name = "subnet-id"
	12	values = module.vpc.public_subnets
	13	}
	14	}
	15
	16	resource "aws_instance" "jinwei_me" {
	17	ami = data.aws_ami.debian.id
	18	instance_type = var.ec2_instance_type
	19
	20	subnet_id = data.aws_subnet.ec2.id
	21	key_name = "framework"
	22
	23	vpc_security_group_ids = [aws_security_group.backend.id]
	24
	25	root_block_device {
	26	volume_type = "gp3"
	27	tags = {
	28	Name = "${local.name}-root"
	29	}
	30	}
	31
	32	tags = {
	33	Name = local.name
	34	}
	35
	36	lifecycle {
	37	ignore_changes = [ami]
	38	}
	39	}
	40
	41	resource "aws_eip" "main" {
	42	instance = aws_instance.jinwei_me.id
	43	}
	44


diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf new file mode 100644 index 0000000..3537e02 --- /dev/null +++ b/jinwei.me/infra/outputs.tf
@@ -0,0 +1,29 @@
	1	output "rds_hostname" {
	2	description = "RDS instance hostname"
	3	value = aws_db_instance.jinwei-me.address
	4	}
	5
	6	output "rds_port" {
	7	description = "RDS instance port"
	8	value = aws_db_instance.jinwei-me.port
	9	}
	10
	11	output "rds_username" {
	12	description = "RDS instance username"
	13	value = aws_db_instance.jinwei-me.username
	14	}
	15
	16	output "rds_password" {
	17	description = "RDS instance password"
	18	value = random_password.mysql_password.result
	19	sensitive = true
	20	}
	21
	22	output "instance" {
	23	description = "The main EC2 instance."
	24	value = {
	25	arn = aws_instance.jinwei_me.arn
	26	public_ip = aws_eip.main.public_ip
	27	private_ip = aws_instance.jinwei_me.private_ip
	28	}
	29	}


diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf new file mode 100644 index 0000000..6565332 --- /dev/null +++ b/jinwei.me/infra/rds.tf
@@ -0,0 +1,26 @@
	1
	2	resource "aws_db_parameter_group" "jinwei-me" {
	3	name = var.name
	4	family = var.rds_parameter_group
	5	}
	6
	7	resource "aws_db_instance" "jinwei-me" {
	8	identifier = var.name
	9	instance_class = var.rds_instance_class
	10	allocated_storage = var.rds_storage
	11	engine = var.rds_engine
	12	engine_version = var.rds_engine_version
	13	username = var.rds_username
	14	password = random_password.mysql_password.result
	15	port = var.rds_port
	16	db_subnet_group_name = aws_db_subnet_group.jinwei-me.name
	17	vpc_security_group_ids = [aws_security_group.rds.id]
	18	parameter_group_name = aws_db_parameter_group.jinwei-me.name
	19	publicly_accessible = true
	20	skip_final_snapshot = true
	21	}
	22
	23	resource "random_password" "mysql_password" {
	24	length = 16
	25	special = false
	26	}


diff --git a/jinwei.me/infra/sg.tf b/jinwei.me/infra/sg.tf new file mode 100644 index 0000000..4d5ecaa --- /dev/null +++ b/jinwei.me/infra/sg.tf
@@ -0,0 +1,38 @@
	1	# EC 2
	2	resource "aws_security_group" "backend" {
	3	name = local.name
	4	vpc_id = module.vpc.vpc_id
	5	}
	6
	7	resource "aws_security_group_rule" "backend_ingress_ssh" {
	8	security_group_id = aws_security_group.backend.id
	9	type = "ingress"
	10	protocol = "tcp"
	11	from_port = 22
	12	to_port = 22
	13	cidr_blocks = ["0.0.0.0/0"]
	14	}
	15
	16	resource "aws_security_group_rule" "backend_egress_all" {
	17	security_group_id = aws_security_group.backend.id
	18	type = "egress"
	19	protocol = "all"
	20	from_port = 0
	21	to_port = 0
	22	cidr_blocks = ["0.0.0.0/0"]
	23	}
	24
	25	# RDS
	26	resource "aws_security_group" "rds" {
	27	name = "${local.name}-db"
	28	vpc_id = module.vpc.vpc_id
	29	}
	30
	31	resource "aws_security_group_rule" "db_ingress_backend" {
	32	security_group_id = aws_security_group.rds.id
	33	type = "ingress"
	34	protocol = "tcp"
	35	from_port = var.rds_port
	36	to_port = var.rds_port
	37	source_security_group_id = aws_security_group.backend.id
	38	}


diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf new file mode 100644 index 0000000..6745915 --- /dev/null +++ b/jinwei.me/infra/variables.tf
@@ -0,0 +1,53 @@
	1	provider "aws" {
	2	region = var.region
	3	}
	4
	5	variable "name" {
	6	description = "Name of the service. It will be used to name EC2, and RDS instances."
	7	default = "jinwei-me"
	8	}
	9
	10	variable "region" {
	11	default = "us-west-2"
	12	description = "AWS region"
	13	}
	14
	15
	16	# RDS
	17	variable "rds_instance_class" {
	18	default = "db.t3.micro"
	19	}
	20
	21	variable "rds_storage" {
	22	default = 20
	23	}
	24
	25	variable "rds_username" {
	26	default = "jinweime"
	27	}
	28
	29	variable "rds_engine" {
	30	default = "mariadb"
	31	}
	32
	33	variable "rds_engine_version" {
	34	default = "10.6"
	35	}
	36
	37	variable "rds_parameter_group" {
	38	default = "mariadb10.6"
	39	}
	40
	41	variable "rds_port" {
	42	default = 33060
	43	}
	44
	45	# EC 2
	46	variable "ec2_instance_type" {
	47	default = "t2.micro"
	48	}
	49
	50	#variable "ec2_key_name" {
	51	# description = "Name of key pair to log into the EC2 instance. The key pair must already exist."
	52	# type = string
	53	#}


diff --git a/jinwei.me/infra/versions.tf b/jinwei.me/infra/versions.tf new file mode 100644 index 0000000..2ff0472 --- /dev/null +++ b/jinwei.me/infra/versions.tf
@@ -0,0 +1,8 @@
	1	terraform {
	2	required_providers {
	3	aws = {
	4	source = "hashicorp/aws"
	5	version = "~> 4.46"
	6	}
	7	}
	8	}


diff --git a/jinwei.me/infra/vpc.tf b/jinwei.me/infra/vpc.tf new file mode 100644 index 0000000..834f0ec --- /dev/null +++ b/jinwei.me/infra/vpc.tf
@@ -0,0 +1,31 @@
	1	locals {
	2	cidr_block = "10.31.0.0/16"
	3	subnets = cidrsubnets(local.cidr_block, 4, 4, 4, 4, 4, 4)
	4	subnet_groups = chunklist(local.subnets, 3)
	5	}
	6
	7	module "vpc" {
	8	source = "terraform-aws-modules/vpc/aws"
	9	version = "3.18.1"
	10
	11	name = local.name
	12	cidr = local.cidr_block
	13	azs = data.aws_availability_zones.available.names
	14	private_subnets = local.subnet_groups[0]
	15	public_subnets = local.subnet_groups[1]
	16	enable_dns_hostnames = true
	17	enable_dns_support = true
	18	enable_nat_gateway = false
	19	single_nat_gateway = true
	20	}
	21
	22
	23
	24	resource "aws_db_subnet_group" "jinwei-me" {
	25	name = var.name
	26	subnet_ids = module.vpc.public_subnets
	27
	28	tags = {
	29	Name = var.name
	30	}
	31	}