From cb5f8087f8c69c920f87fd5c219906f0796d6938 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 9 Dec 2022 17:22:10 -0800 Subject: aws infra: add ec2, rds, vpc --- .gitignore | 32 ++++++++++++++++++++++ jinwei.me/infra/.terraform.lock.hcl | 44 ++++++++++++++++++++++++++++++ jinwei.me/infra/data.tf | 11 ++++++++ jinwei.me/infra/keypair.tf | 4 +++ jinwei.me/infra/main.tf | 44 ++++++++++++++++++++++++++++++ jinwei.me/infra/outputs.tf | 29 ++++++++++++++++++++ jinwei.me/infra/rds.tf | 26 ++++++++++++++++++ jinwei.me/infra/sg.tf | 38 ++++++++++++++++++++++++++ jinwei.me/infra/variables.tf | 53 +++++++++++++++++++++++++++++++++++++ jinwei.me/infra/versions.tf | 8 ++++++ jinwei.me/infra/vpc.tf | 31 ++++++++++++++++++++++ 11 files changed, 320 insertions(+) create mode 100644 .gitignore create mode 100644 jinwei.me/infra/.terraform.lock.hcl create mode 100644 jinwei.me/infra/data.tf create mode 100644 jinwei.me/infra/keypair.tf create mode 100644 jinwei.me/infra/main.tf create mode 100644 jinwei.me/infra/outputs.tf create mode 100644 jinwei.me/infra/rds.tf create mode 100644 jinwei.me/infra/sg.tf create mode 100644 jinwei.me/infra/variables.tf create mode 100644 jinwei.me/infra/versions.tf create mode 100644 jinwei.me/infra/vpc.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4220221 --- /dev/null +++ b/.gitignore @@ -0,0 +1,32 @@ +.idea/ +aws-rc +connect_mysql.sh +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* diff --git a/jinwei.me/infra/.terraform.lock.hcl b/jinwei.me/infra/.terraform.lock.hcl new file mode 100644 index 0000000..92b4d9c --- /dev/null +++ b/jinwei.me/infra/.terraform.lock.hcl @@ -0,0 +1,44 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.46.0" + constraints = "~> 4.46" + hashes = [ + "h1:EZB4OgvytV38JpWyye9zoMQ0bfT9yB9xSXM5NY3Lrws=", + "zh:1678e6a4bdb3d81a6713adc62ca0fdb8250c584e10c10d1daca72316e9db8df2", + "zh:329903acf86ef6072502736dff4c43c2b50f762a958f76aa924e2d74c7fca1e3", + "zh:33db8131fe0ec7e1d9f30bc9f65c2440e9c1f708d681b6062757a351f1df7ce6", + "zh:3a3b010bc393784c16f4b6cdce7f76db93d5efa323fce4920bfea9e9ba6abe44", + "zh:979e2713a5759a7483a065e149e3cb69db9225326fc0457fa3fc3a48aed0c63f", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9efcf0067e16ad53da7504178a05eb2118770b4ae00c193c10ecad4cbfce308e", + "zh:a10655bf1b6376ab7f3e55efadf54dc70f7bd07ca11369557c312095076f9d62", + "zh:b0394dd42cbd2a718a7dd7ae0283f04769aaf8b3d52664e141da59c0171a11ab", + "zh:b958e614c2cf6d9c05a6ad5e94dc5c04b97ebfb84415da068be5a081b5ebbe24", + "zh:ba5069e624210c63ad9e633a8eb0108b21f2322bc4967ba2b82d09168c466888", + "zh:d7dfa597a17186e7f4d741dd7111849f1c0dd6f7ebc983043d8262d2fb37b408", + "zh:e8a641ca2c99f96d64fa2725875e797273984981d3e54772a2823541c44e3cd3", + "zh:f89898b7067c4246293a8007f59f5cfcac7b8dd251d39886c7a53ba596251466", + "zh:fb1e1df1d5cc208e08a850f8e84423bce080f01f5e901791c79df369d3ed52f2", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.4.3" + hashes = [ + "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", + ] +} diff --git a/jinwei.me/infra/data.tf b/jinwei.me/infra/data.tf new file mode 100644 index 0000000..2102273 --- /dev/null +++ b/jinwei.me/infra/data.tf @@ -0,0 +1,11 @@ +data "aws_ami" "debian" { + most_recent = true + owners = ["136693071363"] + + filter { + name = "name" + values = ["debian-11-amd64-*"] + } +} + +data "aws_availability_zones" "available" {} diff --git a/jinwei.me/infra/keypair.tf b/jinwei.me/infra/keypair.tf new file mode 100644 index 0000000..a73a0af --- /dev/null +++ b/jinwei.me/infra/keypair.tf @@ -0,0 +1,4 @@ +resource "aws_key_pair" "framework" { + key_name = "framework" + public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILS2i5/x9r+cv2j2/SUZ2x2fgQeGnJP1I7PUHC0UdWN6 framework" +} diff --git a/jinwei.me/infra/main.tf b/jinwei.me/infra/main.tf new file mode 100644 index 0000000..235aba0 --- /dev/null +++ b/jinwei.me/infra/main.tf @@ -0,0 +1,44 @@ +locals { + name = var.name +} + +data "aws_subnet" "ec2" { + filter { + name = "availability-zone" + values = [aws_db_instance.jinwei-me.availability_zone] + } + filter { + name = "subnet-id" + values = module.vpc.public_subnets + } +} + +resource "aws_instance" "jinwei_me" { + ami = data.aws_ami.debian.id + instance_type = var.ec2_instance_type + + subnet_id = data.aws_subnet.ec2.id + key_name = "framework" + + vpc_security_group_ids = [aws_security_group.backend.id] + + root_block_device { + volume_type = "gp3" + tags = { + Name = "${local.name}-root" + } + } + + tags = { + Name = local.name + } + + lifecycle { + ignore_changes = [ami] + } +} + +resource "aws_eip" "main" { + instance = aws_instance.jinwei_me.id +} + diff --git a/jinwei.me/infra/outputs.tf b/jinwei.me/infra/outputs.tf new file mode 100644 index 0000000..3537e02 --- /dev/null +++ b/jinwei.me/infra/outputs.tf @@ -0,0 +1,29 @@ +output "rds_hostname" { + description = "RDS instance hostname" + value = aws_db_instance.jinwei-me.address +} + +output "rds_port" { + description = "RDS instance port" + value = aws_db_instance.jinwei-me.port +} + +output "rds_username" { + description = "RDS instance username" + value = aws_db_instance.jinwei-me.username +} + +output "rds_password" { + description = "RDS instance password" + value = random_password.mysql_password.result + sensitive = true +} + +output "instance" { + description = "The main EC2 instance." + value = { + arn = aws_instance.jinwei_me.arn + public_ip = aws_eip.main.public_ip + private_ip = aws_instance.jinwei_me.private_ip + } +} diff --git a/jinwei.me/infra/rds.tf b/jinwei.me/infra/rds.tf new file mode 100644 index 0000000..6565332 --- /dev/null +++ b/jinwei.me/infra/rds.tf @@ -0,0 +1,26 @@ + +resource "aws_db_parameter_group" "jinwei-me" { + name = var.name + family = var.rds_parameter_group +} + +resource "aws_db_instance" "jinwei-me" { + identifier = var.name + instance_class = var.rds_instance_class + allocated_storage = var.rds_storage + engine = var.rds_engine + engine_version = var.rds_engine_version + username = var.rds_username + password = random_password.mysql_password.result + port = var.rds_port + db_subnet_group_name = aws_db_subnet_group.jinwei-me.name + vpc_security_group_ids = [aws_security_group.rds.id] + parameter_group_name = aws_db_parameter_group.jinwei-me.name + publicly_accessible = true + skip_final_snapshot = true +} + +resource "random_password" "mysql_password" { + length = 16 + special = false +} diff --git a/jinwei.me/infra/sg.tf b/jinwei.me/infra/sg.tf new file mode 100644 index 0000000..4d5ecaa --- /dev/null +++ b/jinwei.me/infra/sg.tf @@ -0,0 +1,38 @@ +# EC 2 +resource "aws_security_group" "backend" { + name = local.name + vpc_id = module.vpc.vpc_id +} + +resource "aws_security_group_rule" "backend_ingress_ssh" { + security_group_id = aws_security_group.backend.id + type = "ingress" + protocol = "tcp" + from_port = 22 + to_port = 22 + cidr_blocks = ["0.0.0.0/0"] +} + +resource "aws_security_group_rule" "backend_egress_all" { + security_group_id = aws_security_group.backend.id + type = "egress" + protocol = "all" + from_port = 0 + to_port = 0 + cidr_blocks = ["0.0.0.0/0"] +} + +# RDS +resource "aws_security_group" "rds" { + name = "${local.name}-db" + vpc_id = module.vpc.vpc_id +} + +resource "aws_security_group_rule" "db_ingress_backend" { + security_group_id = aws_security_group.rds.id + type = "ingress" + protocol = "tcp" + from_port = var.rds_port + to_port = var.rds_port + source_security_group_id = aws_security_group.backend.id +} diff --git a/jinwei.me/infra/variables.tf b/jinwei.me/infra/variables.tf new file mode 100644 index 0000000..6745915 --- /dev/null +++ b/jinwei.me/infra/variables.tf @@ -0,0 +1,53 @@ +provider "aws" { + region = var.region +} + +variable "name" { + description = "Name of the service. It will be used to name EC2, and RDS instances." + default = "jinwei-me" +} + +variable "region" { + default = "us-west-2" + description = "AWS region" +} + + +# RDS +variable "rds_instance_class" { + default = "db.t3.micro" +} + +variable "rds_storage" { + default = 20 +} + +variable "rds_username" { + default = "jinweime" +} + +variable "rds_engine" { + default = "mariadb" +} + +variable "rds_engine_version" { + default = "10.6" +} + +variable "rds_parameter_group" { + default = "mariadb10.6" +} + +variable "rds_port" { + default = 33060 +} + +# EC 2 +variable "ec2_instance_type" { + default = "t2.micro" +} + +#variable "ec2_key_name" { +# description = "Name of key pair to log into the EC2 instance. The key pair must already exist." +# type = string +#} diff --git a/jinwei.me/infra/versions.tf b/jinwei.me/infra/versions.tf new file mode 100644 index 0000000..2ff0472 --- /dev/null +++ b/jinwei.me/infra/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.46" + } + } +} diff --git a/jinwei.me/infra/vpc.tf b/jinwei.me/infra/vpc.tf new file mode 100644 index 0000000..834f0ec --- /dev/null +++ b/jinwei.me/infra/vpc.tf @@ -0,0 +1,31 @@ +locals { + cidr_block = "10.31.0.0/16" + subnets = cidrsubnets(local.cidr_block, 4, 4, 4, 4, 4, 4) + subnet_groups = chunklist(local.subnets, 3) +} + +module "vpc" { + source = "terraform-aws-modules/vpc/aws" + version = "3.18.1" + + name = local.name + cidr = local.cidr_block + azs = data.aws_availability_zones.available.names + private_subnets = local.subnet_groups[0] + public_subnets = local.subnet_groups[1] + enable_dns_hostnames = true + enable_dns_support = true + enable_nat_gateway = false + single_nat_gateway = true +} + + + +resource "aws_db_subnet_group" "jinwei-me" { + name = var.name + subnet_ids = module.vpc.public_subnets + + tags = { + Name = var.name + } +} -- cgit v1.2.3