diff options
| author | Paul Buetow <paul@buetow.org> | 2023-12-20 11:14:23 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2023-12-20 11:14:23 +0200 |
| commit | 594190ae05b6500f4f76201409748f4e455880c7 (patch) | |
| tree | 2506552ce7d80ad81e1701dc236f8dcd89bea065 | |
| parent | 520a02aa0cb03a812edd086407e7587f5f769437 (diff) | |
refactor
26 files changed, 180 insertions, 287 deletions
@@ -1,8 +1,15 @@ # Terraform +## TODO's + +* Nextcloud and Bastion: Auto re-create in different AZ on failure. +* Backup EFS, don't let `terraform destroy` erease all my data! +* Input variables, for configuring different service hosts. +* Maybe register `buetow.cloud` domain (or keep using `aws.buetow.org`) + ## Create base environment -First create VPC, subnets and EFS in `org-buetow-production` +First create VPC, subnets and EFS in `org-buetow-base` ## Use the helper to set up some EFS subdirs @@ -30,3 +37,7 @@ In `org-buetow-elb` ## Now set up Fargate/ECS In `org-buetow-ecs` + +## Nextcloud + +In `org-buetow-nextcloud` diff --git a/org-buetow-base/efs.tf b/org-buetow-base/efs.tf index 7f35d41..0e916ec 100644 --- a/org-buetow-base/efs.tf +++ b/org-buetow-base/efs.tf @@ -1,32 +1,28 @@ -resource "aws_efs_file_system" "my_self_hosted_services_efs" { - creation_token = "my-self-hosted-services-efs" +resource "aws_efs_file_system" "self_hosted_services_efs" { + creation_token = "self-hosted-services-efs" encrypted = true - - tags = { - Name = "${var.environment}-my-self-hosted-services-efs" - } } resource "aws_efs_mount_target" "efs_mt_a" { - file_system_id = aws_efs_file_system.my_self_hosted_services_efs.id - subnet_id = aws_subnet.my_public_subnet_a.id + file_system_id = aws_efs_file_system.self_hosted_services_efs.id + subnet_id = aws_subnet.public_subnet_a.id security_groups = [aws_security_group.efs_self_hosted_services_sg.id] } resource "aws_efs_mount_target" "efs_mt_b" { - file_system_id = aws_efs_file_system.my_self_hosted_services_efs.id - subnet_id = aws_subnet.my_public_subnet_b.id + file_system_id = aws_efs_file_system.self_hosted_services_efs.id + subnet_id = aws_subnet.public_subnet_b.id security_groups = [aws_security_group.efs_self_hosted_services_sg.id] } resource "aws_efs_mount_target" "efs_mt_c" { - file_system_id = aws_efs_file_system.my_self_hosted_services_efs.id - subnet_id = aws_subnet.my_public_subnet_c.id + file_system_id = aws_efs_file_system.self_hosted_services_efs.id + subnet_id = aws_subnet.public_subnet_c.id security_groups = [aws_security_group.efs_self_hosted_services_sg.id] } resource "aws_security_group" "efs_self_hosted_services_sg" { - vpc_id = aws_vpc.my_vpc.id # Replace with your VPC ID + vpc_id = aws_vpc.vpc.id # Replace with your VPC ID ingress { from_port = 2049 # NFS port @@ -41,9 +37,4 @@ resource "aws_security_group" "efs_self_hosted_services_sg" { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "efs-sg" - Name = "${var.environment}-efs-sg" - } } diff --git a/org-buetow-base/network.tf b/org-buetow-base/network.tf index f4414a3..d32f8ca 100644 --- a/org-buetow-base/network.tf +++ b/org-buetow-base/network.tf @@ -1,86 +1,62 @@ -resource "aws_vpc" "my_vpc" { +resource "aws_vpc" "vpc" { cidr_block = "10.0.0.0/16" # Specify your CIDR block enable_dns_support = true enable_dns_hostnames = true - - tags = { - Name = "${var.environment}-my-vpc" - } } -resource "aws_internet_gateway" "my_igw" { - vpc_id = aws_vpc.my_vpc.id - - tags = { - Name = "${var.environment}-my-igw" - } +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.vpc.id } -resource "aws_subnet" "my_public_subnet_a" { - vpc_id = aws_vpc.my_vpc.id +resource "aws_subnet" "public_subnet_a" { + vpc_id = aws_vpc.vpc.id cidr_block = "10.0.1.0/24" availability_zone = "eu-central-1a" map_public_ip_on_launch = true - - tags = { - Name = "${var.environment}-my-public-subnet-a" - } } -resource "aws_subnet" "my_public_subnet_b" { - vpc_id = aws_vpc.my_vpc.id +resource "aws_subnet" "public_subnet_b" { + vpc_id = aws_vpc.vpc.id cidr_block = "10.0.2.0/24" availability_zone = "eu-central-1b" map_public_ip_on_launch = true - - tags = { - Name = "${var.environment}-my-public-subnet-b" - } } -resource "aws_subnet" "my_public_subnet_c" { - vpc_id = aws_vpc.my_vpc.id +resource "aws_subnet" "public_subnet_c" { + vpc_id = aws_vpc.vpc.id cidr_block = "10.0.3.0/24" availability_zone = "eu-central-1c" map_public_ip_on_launch = true - - tags = { - Name = "${var.environment}-my-public-subnet-c" - } } -resource "aws_route_table" "my_route_table" { - vpc_id = aws_vpc.my_vpc.id +resource "aws_route_table" "route_table" { + vpc_id = aws_vpc.vpc.id route { cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.my_igw.id - } - - tags = { - Name = "${var.environment}-my-route-table" + gateway_id = aws_internet_gateway.igw.id } } resource "aws_route_table_association" "a" { - subnet_id = aws_subnet.my_public_subnet_a.id - route_table_id = aws_route_table.my_route_table.id + subnet_id = aws_subnet.public_subnet_a.id + route_table_id = aws_route_table.route_table.id } resource "aws_route_table_association" "b" { - subnet_id = aws_subnet.my_public_subnet_b.id - route_table_id = aws_route_table.my_route_table.id + subnet_id = aws_subnet.public_subnet_b.id + route_table_id = aws_route_table.route_table.id } resource "aws_route_table_association" "c" { - subnet_id = aws_subnet.my_public_subnet_c.id - route_table_id = aws_route_table.my_route_table.id + subnet_id = aws_subnet.public_subnet_c.id + route_table_id = aws_route_table.route_table.id } resource "aws_security_group" "allow_ssh" { name = "allow_ssh" description = "Allow SSH inbound traffic" - vpc_id = aws_vpc.my_vpc.id + vpc_id = aws_vpc.vpc.id ingress { from_port = 22 @@ -88,16 +64,12 @@ resource "aws_security_group" "allow_ssh" { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "${var.environment}-allow-ssh" - } } resource "aws_security_group" "allow_web" { name = "allow_http" description = "Allow HTTP inbound traffic" - vpc_id = aws_vpc.my_vpc.id + vpc_id = aws_vpc.vpc.id ingress { from_port = 80 @@ -119,16 +91,12 @@ resource "aws_security_group" "allow_web" { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "${var.environment}-allow_web" - } } resource "aws_security_group" "allow_outbound" { name = "allow_outbound" description = "Allow outbound traffic" - vpc_id = aws_vpc.my_vpc.id + vpc_id = aws_vpc.vpc.id egress { from_port = 0 @@ -136,8 +104,4 @@ resource "aws_security_group" "allow_outbound" { protocol = "-1" # -1 means all protocols cidr_blocks = ["0.0.0.0/0"] # Allows outbound traffic to all IP addresses } - - tags = { - Name = "${var.environment}-allow-outbound" - } } diff --git a/org-buetow-base/outputs.tf b/org-buetow-base/outputs.tf index e846cf3..ea0ed87 100644 --- a/org-buetow-base/outputs.tf +++ b/org-buetow-base/outputs.tf @@ -1,21 +1,21 @@ -output "my_self_hosted_services_efs_id" { - value = aws_efs_file_system.my_self_hosted_services_efs.id +output "self_hosted_services_efs_id" { + value = aws_efs_file_system.self_hosted_services_efs.id } -output "my_vpc_id" { - value = aws_vpc.my_vpc.id +output "vpc_id" { + value = aws_vpc.vpc.id } -output "my_public_subnet_a_id" { - value = aws_subnet.my_public_subnet_a.id +output "public_subnet_a_id" { + value = aws_subnet.public_subnet_a.id } -output "my_public_subnet_b_id" { - value = aws_subnet.my_public_subnet_b.id +output "public_subnet_b_id" { + value = aws_subnet.public_subnet_b.id } -output "my_public_subnet_c_id" { - value = aws_subnet.my_public_subnet_c.id +output "public_subnet_c_id" { + value = aws_subnet.public_subnet_c.id } output "allow_ssh_sg_id" { @@ -30,6 +30,10 @@ output "allow_outbound_sg_id" { value = aws_security_group.allow_outbound.id } +output "aws_buetow_org_zone_id" { + value = aws_route53_zone.aws_buetow_org.zone_id +} + output "aws_buetow_org_certificate_arn" { value = "arn:aws:acm:eu-central-1:634617747016:certificate/4ae442c0-3b56-4e17-9a3f-023faf39d244" } diff --git a/org-buetow-base/variables.tf b/org-buetow-base/variables.tf deleted file mode 100644 index 20fd78c..0000000 --- a/org-buetow-base/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "environment" { - description = "The production environment" - type = string - default = "production" -} diff --git a/org-buetow-base/zone.tf b/org-buetow-base/zone.tf index 18db3ab..49816df 100644 --- a/org-buetow-base/zone.tf +++ b/org-buetow-base/zone.tf @@ -1,3 +1,3 @@ -resource "aws_route53_zone" "my_zone" { +resource "aws_route53_zone" "aws_buetow_org" { name = "aws.buetow.org." } diff --git a/org-buetow-ecs/audiobookshelfservice.tf b/org-buetow-ecs/audiobookshelfservice.tf index dec7668..ca11ca6 100644 --- a/org-buetow-ecs/audiobookshelfservice.tf +++ b/org-buetow-ecs/audiobookshelfservice.tf @@ -1,5 +1,5 @@ -resource "aws_route53_record" "my_a_record_audiobookshelf" { - zone_id = data.aws_route53_zone.my_zone.zone_id +resource "aws_route53_record" "a_record_audiobookshelf" { + zone_id = data.terraform_remote_state.base.outputs.aws_buetow_org_zone_id name = "audiobookshelf.aws.buetow.org." type = "A" @@ -21,7 +21,7 @@ resource "aws_ecs_task_definition" "audiobookshelf_task" { volume { name = "audiobookshelf-config-efs-volume" efs_volume_configuration { - file_system_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id root_directory = "/ecs/audiobookshelf/config" } } @@ -29,7 +29,7 @@ resource "aws_ecs_task_definition" "audiobookshelf_task" { volume { name = "audiobookshelf-metadata-efs-volume" efs_volume_configuration { - file_system_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id root_directory = "/ecs/audiobookshelf/metadata" } } @@ -37,7 +37,7 @@ resource "aws_ecs_task_definition" "audiobookshelf_task" { volume { name = "audiobookshelf-audiobooks-efs-volume" efs_volume_configuration { - file_system_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id root_directory = "/ecs/audiobookshelf/audiobooks" } } @@ -45,7 +45,7 @@ resource "aws_ecs_task_definition" "audiobookshelf_task" { volume { name = "audiobookshelf-podcasts-efs-volume" efs_volume_configuration { - file_system_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id root_directory = "/ecs/audiobookshelf/podcasts" } } @@ -92,33 +92,33 @@ resource "aws_ecs_task_definition" "audiobookshelf_task" { resource "aws_ecs_service" "audiobookshelf_service" { name = "audiobookshelf" - cluster = aws_ecs_cluster.my_ecs_cluster.id + cluster = aws_ecs_cluster.ecs_cluster.id task_definition = aws_ecs_task_definition.audiobookshelf_task.arn launch_type = "FARGATE" desired_count = 1 load_balancer { - target_group_arn = aws_lb_target_group.my_audiobookshelf_tg.arn + target_group_arn = aws_lb_target_group.audiobookshelf_tg.arn container_name = "audiobookshelf" # Must match the name in your container definition container_port = 80 # The port your container is listening on } network_configuration { subnets = [ - data.terraform_remote_state.base.outputs.my_public_subnet_a_id, - data.terraform_remote_state.base.outputs.my_public_subnet_b_id, - data.terraform_remote_state.base.outputs.my_public_subnet_c_id, + data.terraform_remote_state.base.outputs.public_subnet_a_id, + data.terraform_remote_state.base.outputs.public_subnet_b_id, + data.terraform_remote_state.base.outputs.public_subnet_c_id, ] security_groups = [data.terraform_remote_state.base.outputs.allow_web_sg_id] assign_public_ip = true } } -resource "aws_lb_target_group" "my_audiobookshelf_tg" { - name = "my-audiobookshelf-tg" +resource "aws_lb_target_group" "audiobookshelf_tg" { + name = "audiobookshelf-tg" port = 80 protocol = "HTTP" - vpc_id = data.terraform_remote_state.base.outputs.my_vpc_id + vpc_id = data.terraform_remote_state.base.outputs.vpc_id target_type = "ip" health_check { @@ -133,13 +133,13 @@ resource "aws_lb_target_group" "my_audiobookshelf_tg" { } } -resource "aws_lb_listener_rule" "my_audiobookshelf_https_listener_rule" { +resource "aws_lb_listener_rule" "audiobookshelf_https_listener_rule" { listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn priority = 102 action { type = "forward" - target_group_arn = aws_lb_target_group.my_audiobookshelf_tg.arn + target_group_arn = aws_lb_target_group.audiobookshelf_tg.arn } condition { diff --git a/org-buetow-ecs/data.tf b/org-buetow-ecs/data.tf deleted file mode 100644 index 91583b3..0000000 --- a/org-buetow-ecs/data.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "aws_route53_zone" "my_zone" { - name = "aws.buetow.org." -} diff --git a/org-buetow-ecs/ecs.tf b/org-buetow-ecs/ecs.tf index b31a46b..d2d72be 100644 --- a/org-buetow-ecs/ecs.tf +++ b/org-buetow-ecs/ecs.tf @@ -1,5 +1,5 @@ -resource "aws_ecs_cluster" "my_ecs_cluster" { - name = "my-ecs-cluster" +resource "aws_ecs_cluster" "ecs_cluster" { + name = "ecs-cluster" } resource "aws_iam_role" "ecs_execution_role" { diff --git a/org-buetow-ecs/nginxservice.tf b/org-buetow-ecs/nginxservice.tf index f5fd40e..3508d7c 100644 --- a/org-buetow-ecs/nginxservice.tf +++ b/org-buetow-ecs/nginxservice.tf @@ -1,5 +1,5 @@ -resource "aws_route53_record" "my_a_record" { - zone_id = data.aws_route53_zone.my_zone.zone_id +resource "aws_route53_record" "a_record" { + zone_id = data.terraform_remote_state.base.outputs.aws_buetow_org_zone_id name = "nginx.aws.buetow.org." type = "A" @@ -38,33 +38,33 @@ resource "aws_ecs_task_definition" "nginx_task" { resource "aws_ecs_service" "nginx_service" { name = "nginx" - cluster = aws_ecs_cluster.my_ecs_cluster.id + cluster = aws_ecs_cluster.ecs_cluster.id task_definition = aws_ecs_task_definition.nginx_task.arn launch_type = "FARGATE" desired_count = 10 load_balancer { - target_group_arn = aws_lb_target_group.my_nginx_tg.arn + target_group_arn = aws_lb_target_group.nginx_tg.arn container_name = "nginx" # Must match the name in your container definition container_port = 80 # The port your container is listening on } network_configuration { subnets = [ - data.terraform_remote_state.base.outputs.my_public_subnet_a_id, - data.terraform_remote_state.base.outputs.my_public_subnet_b_id, - data.terraform_remote_state.base.outputs.my_public_subnet_c_id, + data.terraform_remote_state.base.outputs.public_subnet_a_id, + data.terraform_remote_state.base.outputs.public_subnet_b_id, + data.terraform_remote_state.base.outputs.public_subnet_c_id, ] security_groups = [data.terraform_remote_state.base.outputs.allow_web_sg_id] assign_public_ip = true } } -resource "aws_lb_target_group" "my_nginx_tg" { - name = "my-nginx-tg" +resource "aws_lb_target_group" "nginx_tg" { + name = "nginx-tg" port = 80 protocol = "HTTP" - vpc_id = data.terraform_remote_state.base.outputs.my_vpc_id + vpc_id = data.terraform_remote_state.base.outputs.vpc_id target_type = "ip" health_check { @@ -79,13 +79,13 @@ resource "aws_lb_target_group" "my_nginx_tg" { } } -resource "aws_lb_listener_rule" "my_nginx_https_listener_rule" { +resource "aws_lb_listener_rule" "nginx_https_listener_rule" { listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn priority = 100 action { type = "forward" - target_group_arn = aws_lb_target_group.my_nginx_tg.arn + target_group_arn = aws_lb_target_group.nginx_tg.arn } condition { diff --git a/org-buetow-ecs/vaultwardenservice.tf b/org-buetow-ecs/vaultwardenservice.tf index b8db54a..10f4f6e 100644 --- a/org-buetow-ecs/vaultwardenservice.tf +++ b/org-buetow-ecs/vaultwardenservice.tf @@ -1,5 +1,5 @@ -resource "aws_route53_record" "my_a_record_vaultwarden" { - zone_id = data.aws_route53_zone.my_zone.zone_id +resource "aws_route53_record" "a_record_vaultwarden" { + zone_id = data.terraform_remote_state.base.outputs.aws_buetow_org_zone_id name = "vaultwarden.aws.buetow.org." type = "A" @@ -21,7 +21,7 @@ resource "aws_ecs_task_definition" "vaultwarden_task" { volume { name = "vaultwarden-data-efs-volume" efs_volume_configuration { - file_system_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id root_directory = "/ecs/vaultwarden/data" } } @@ -53,33 +53,33 @@ resource "aws_ecs_task_definition" "vaultwarden_task" { resource "aws_ecs_service" "vaultwarden_service" { name = "vaultwarden" - cluster = aws_ecs_cluster.my_ecs_cluster.id + cluster = aws_ecs_cluster.ecs_cluster.id task_definition = aws_ecs_task_definition.vaultwarden_task.arn launch_type = "FARGATE" desired_count = 0 load_balancer { - target_group_arn = aws_lb_target_group.my_vaultwarden_tg.arn + target_group_arn = aws_lb_target_group.vaultwarden_tg.arn container_name = "vaultwarden" # Must match the name in your container definition container_port = 80 # The port your container is listening on } network_configuration { subnets = [ - data.terraform_remote_state.base.outputs.my_public_subnet_a_id, - data.terraform_remote_state.base.outputs.my_public_subnet_b_id, - data.terraform_remote_state.base.outputs.my_public_subnet_c_id, + data.terraform_remote_state.base.outputs.public_subnet_a_id, + data.terraform_remote_state.base.outputs.public_subnet_b_id, + data.terraform_remote_state.base.outputs.public_subnet_c_id, ] security_groups = [data.terraform_remote_state.base.outputs.allow_web_sg_id] assign_public_ip = true } } -resource "aws_lb_target_group" "my_vaultwarden_tg" { - name = "my-vaultwarden-tg" +resource "aws_lb_target_group" "vaultwarden_tg" { + name = "vaultwarden-tg" port = 80 protocol = "HTTP" - vpc_id = data.terraform_remote_state.base.outputs.my_vpc_id + vpc_id = data.terraform_remote_state.base.outputs.vpc_id target_type = "ip" health_check { @@ -94,13 +94,13 @@ resource "aws_lb_target_group" "my_vaultwarden_tg" { } } -resource "aws_lb_listener_rule" "my_vaultwarden_https_listener_rule" { +resource "aws_lb_listener_rule" "vaultwarden_https_listener_rule" { listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn priority = 103 action { type = "forward" - target_group_arn = aws_lb_target_group.my_vaultwarden_tg.arn + target_group_arn = aws_lb_target_group.vaultwarden_tg.arn } condition { diff --git a/org-buetow-ecs/wallabagservice.tf b/org-buetow-ecs/wallabagservice.tf index 9c0e1b8..ee273af 100644 --- a/org-buetow-ecs/wallabagservice.tf +++ b/org-buetow-ecs/wallabagservice.tf @@ -1,5 +1,5 @@ -resource "aws_route53_record" "my_a_record_wallabag" { - zone_id = data.aws_route53_zone.my_zone.zone_id +resource "aws_route53_record" "a_record_wallabag" { + zone_id = data.terraform_remote_state.base.outputs.aws_buetow_org_zone_id name = "wallabag.aws.buetow.org." type = "A" @@ -22,7 +22,7 @@ resource "aws_ecs_task_definition" "wallabag_task" { volume { name = "wallabag-db-efs-volume" efs_volume_configuration { - file_system_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id root_directory = "/ecs/wallabag/data/db" } } @@ -30,7 +30,7 @@ resource "aws_ecs_task_definition" "wallabag_task" { volume { name = "wallabag-assets-efs-volume" efs_volume_configuration { - file_system_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + file_system_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id root_directory = "/ecs/wallabag/data/assets" } } @@ -75,33 +75,33 @@ resource "aws_ecs_task_definition" "wallabag_task" { resource "aws_ecs_service" "wallabag_service" { name = "wallabag" - cluster = aws_ecs_cluster.my_ecs_cluster.id + cluster = aws_ecs_cluster.ecs_cluster.id task_definition = aws_ecs_task_definition.wallabag_task.arn launch_type = "FARGATE" desired_count = 0 load_balancer { - target_group_arn = aws_lb_target_group.my_wallabag_tg.arn + target_group_arn = aws_lb_target_group.wallabag_tg.arn container_name = "wallabag" # Must match the name in your container definition container_port = 80 # The port your container is listening on } network_configuration { subnets = [ - data.terraform_remote_state.base.outputs.my_public_subnet_a_id, - data.terraform_remote_state.base.outputs.my_public_subnet_b_id, - data.terraform_remote_state.base.outputs.my_public_subnet_c_id, + data.terraform_remote_state.base.outputs.public_subnet_a_id, + data.terraform_remote_state.base.outputs.public_subnet_b_id, + data.terraform_remote_state.base.outputs.public_subnet_c_id, ] security_groups = [data.terraform_remote_state.base.outputs.allow_web_sg_id] assign_public_ip = true } } -resource "aws_lb_target_group" "my_wallabag_tg" { - name = "my-wallabag-tg" +resource "aws_lb_target_group" "wallabag_tg" { + name = "wallabag-tg" port = 80 protocol = "HTTP" - vpc_id = data.terraform_remote_state.base.outputs.my_vpc_id + vpc_id = data.terraform_remote_state.base.outputs.vpc_id target_type = "ip" health_check { @@ -116,13 +116,13 @@ resource "aws_lb_target_group" "my_wallabag_tg" { } } -resource "aws_lb_listener_rule" "my_wallabag_https_listener_rule" { +resource "aws_lb_listener_rule" "wallabag_https_listener_rule" { listener_arn = data.terraform_remote_state.elb.outputs.alb_https_listener_arn priority = 101 action { type = "forward" - target_group_arn = aws_lb_target_group.my_wallabag_tg.arn + target_group_arn = aws_lb_target_group.wallabag_tg.arn } condition { diff --git a/org-buetow-elb/alb.tf b/org-buetow-elb/alb.tf index cf9d5a2..eb7616d 100644 --- a/org-buetow-elb/alb.tf +++ b/org-buetow-elb/alb.tf @@ -1,18 +1,18 @@ -resource "aws_lb" "my_alb" { - name = "my-alb" +resource "aws_lb" "alb" { + name = "alb" internal = false load_balancer_type = "application" security_groups = [aws_security_group.alb_sg.id] subnets = [ - data.terraform_remote_state.base.outputs.my_public_subnet_a_id, - data.terraform_remote_state.base.outputs.my_public_subnet_b_id, - data.terraform_remote_state.base.outputs.my_public_subnet_c_id, + data.terraform_remote_state.base.outputs.public_subnet_a_id, + data.terraform_remote_state.base.outputs.public_subnet_b_id, + data.terraform_remote_state.base.outputs.public_subnet_c_id, ] enable_deletion_protection = false } resource "aws_security_group" "alb_sg" { - vpc_id = data.terraform_remote_state.base.outputs.my_vpc_id + vpc_id = data.terraform_remote_state.base.outputs.vpc_id ingress { from_port = 80 @@ -36,8 +36,8 @@ resource "aws_security_group" "alb_sg" { } } -resource "aws_lb_listener" "my_http_listener" { - load_balancer_arn = aws_lb.my_alb.arn +resource "aws_lb_listener" "http_listener" { + load_balancer_arn = aws_lb.alb.arn port = "80" protocol = "HTTP" @@ -54,8 +54,8 @@ resource "aws_lb_listener" "my_http_listener" { } } -resource "aws_lb_listener" "my_https_listener" { - load_balancer_arn = aws_lb.my_alb.arn +resource "aws_lb_listener" "https_listener" { + load_balancer_arn = aws_lb.alb.arn port = "443" protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-2016-08" @@ -68,10 +68,10 @@ resource "aws_lb_listener" "my_https_listener" { } resource "aws_lb_target_group" "default_tg" { - name = "my-default-tg" + name = "default-tg" port = 80 protocol = "HTTP" - vpc_id = data.terraform_remote_state.base.outputs.my_vpc_id + vpc_id = data.terraform_remote_state.base.outputs.vpc_id target_type = "ip" } diff --git a/org-buetow-elb/data.tf b/org-buetow-elb/data.tf deleted file mode 100644 index 91583b3..0000000 --- a/org-buetow-elb/data.tf +++ /dev/null @@ -1,3 +0,0 @@ -data "aws_route53_zone" "my_zone" { - name = "aws.buetow.org." -} diff --git a/org-buetow-elb/outputs.tf b/org-buetow-elb/outputs.tf index 39925a2..a96409c 100644 --- a/org-buetow-elb/outputs.tf +++ b/org-buetow-elb/outputs.tf @@ -1,11 +1,11 @@ output "alb_dns_name" { - value = aws_lb.my_alb.dns_name + value = aws_lb.alb.dns_name } output "alb_zone_id" { - value = aws_lb.my_alb.zone_id + value = aws_lb.alb.zone_id } output "alb_https_listener_arn" { - value = aws_lb_listener.my_https_listener.arn + value = aws_lb_listener.https_listener.arn } diff --git a/org-buetow-helper/main.tf b/org-buetow-helper/main.tf index 65018b1..03320d7 100644 --- a/org-buetow-helper/main.tf +++ b/org-buetow-helper/main.tf @@ -18,7 +18,7 @@ data "template_file" "user_data" { vars = { region = data.aws_region.current.name - efs_id = data.terraform_remote_state.base_remote_state.outputs.my_self_hosted_services_efs_id + efs_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id } } @@ -37,36 +37,28 @@ data "aws_ami" "amazon_linux" { } resource "aws_key_pair" "id_rsa_pub" { - key_name = "${var.environment}-id-rsa-pub" + key_name = "bastion-id-rsa-pub" public_key = file("${path.module}/id_rsa.pub") } -resource "aws_instance" "bastion_instance" { +resource "aws_instance" "bastion" { ami = data.aws_ami.amazon_linux.id instance_type = "t2.micro" key_name = aws_key_pair.id_rsa_pub.key_name - subnet_id = data.terraform_remote_state.base_remote_state.outputs.my_public_subnet_a_id + subnet_id = data.terraform_remote_state.base.outputs.public_subnet_a_id vpc_security_group_ids = [ - data.terraform_remote_state.base_remote_state.outputs.allow_ssh_sg_id, - data.terraform_remote_state.base_remote_state.outputs.allow_web_sg_id, - data.terraform_remote_state.base_remote_state.outputs.allow_outbound_sg_id, + data.terraform_remote_state.base.outputs.allow_ssh_sg_id, + data.terraform_remote_state.base.outputs.allow_web_sg_id, + data.terraform_remote_state.base.outputs.allow_outbound_sg_id, ] user_data = data.template_file.user_data.rendered - - tags = { - Name = "${var.environment}-my-bastion-instance" - } -} - -data "aws_route53_zone" "zone" { - name = "aws.buetow.org." # Replace with your domain name } -resource "aws_route53_record" "record" { - zone_id = data.aws_route53_zone.zone.zone_id - name = "bastion.aws.buetow.org" # Replace with your desired subdomain or leave empty for root +resource "aws_route53_record" "bastion_aws_buetow_org" { + zone_id = data.terraform_remote_state.base.outputs.aws_buetow_org_zone_id + name = "bastion.aws.buetow.org" type = "A" ttl = "300" - records = [aws_instance.bastion_instance.public_ip] + records = [aws_instance.bastion.public_ip] } diff --git a/org-buetow-helper/remotestates.tf b/org-buetow-helper/remotestates.tf index 523dca5..b66c16f 100644 --- a/org-buetow-helper/remotestates.tf +++ b/org-buetow-helper/remotestates.tf @@ -1,4 +1,4 @@ -data "terraform_remote_state" "base_remote_state" { +data "terraform_remote_state" "base" { backend = "s3" config = { bucket = "org-buetow-tfstate" diff --git a/org-buetow-helper/variables.tf b/org-buetow-helper/variables.tf deleted file mode 100644 index 6819c29..0000000 --- a/org-buetow-helper/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "environment" { - description = "The production helper environment" - type = string - default = "production-helper" -} diff --git a/org-buetow-nextcloud/data.tf b/org-buetow-nextcloud/data.tf index 3a8f86c..17fb246 100644 --- a/org-buetow-nextcloud/data.tf +++ b/org-buetow-nextcloud/data.tf @@ -1,3 +1,3 @@ -data "aws_route53_zone" "my_zone" { +data "aws_route53_zone" "zone" { name = "aws.buetow.org." # Replace with your domain name } diff --git a/org-buetow-nextcloud/lb.tf b/org-buetow-nextcloud/lb.tf index 49ba6dd..73e0d8a 100644 --- a/org-buetow-nextcloud/lb.tf +++ b/org-buetow-nextcloud/lb.tf @@ -1,5 +1,5 @@ -resource "aws_route53_record" "my_a_record" { - zone_id = data.aws_route53_zone.my_zone.zone_id +resource "aws_route53_record" "a_record" { + zone_id = data.aws_route53_zone.zone.zone_id name = "nextcloud.aws.buetow.org." type = "A" @@ -14,7 +14,7 @@ resource "aws_lb_target_group" "nextcloud_tg" { name = "nextcloud-tg" port = 80 protocol = "HTTP" - vpc_id = data.terraform_remote_state.base.outputs.my_vpc_id + vpc_id = data.terraform_remote_state.base.outputs.vpc_id target_type = "ip" health_check { diff --git a/org-buetow-nextcloud/main.tf b/org-buetow-nextcloud/main.tf index f07ae15..7fff623 100644 --- a/org-buetow-nextcloud/main.tf +++ b/org-buetow-nextcloud/main.tf @@ -18,7 +18,7 @@ data "template_file" "user_data" { vars = { region = data.aws_region.current.name - efs_id = data.terraform_remote_state.base.outputs.my_self_hosted_services_efs_id + efs_id = data.terraform_remote_state.base.outputs.self_hosted_services_efs_id } } @@ -37,15 +37,15 @@ data "aws_ami" "amazon_linux" { } resource "aws_key_pair" "id_rsa_pub" { - key_name = "${var.environment}-id-rsa-pub" + key_name = "nextcloud-id-rsa-pub" public_key = file("${path.module}/id_rsa.pub") } -resource "aws_instance" "my_nextcloud_instance" { +resource "aws_instance" "nextcloud" { ami = data.aws_ami.amazon_linux.id instance_type = "t2.medium" key_name = aws_key_pair.id_rsa_pub.key_name - subnet_id = data.terraform_remote_state.base.outputs.my_public_subnet_a_id + subnet_id = data.terraform_remote_state.base.outputs.public_subnet_a_id vpc_security_group_ids = [ data.terraform_remote_state.base.outputs.allow_ssh_sg_id, @@ -53,16 +53,12 @@ resource "aws_instance" "my_nextcloud_instance" { data.terraform_remote_state.base.outputs.allow_outbound_sg_id, ] user_data = data.template_file.user_data.rendered - - tags = { - Name = "${var.environment}-my-nextcloud-instance" - } } -resource "aws_route53_record" "my_record" { - zone_id = data.aws_route53_zone.my_zone.zone_id +resource "aws_route53_record" "nextcloud_ec2_aws_buetow_org" { + zone_id = data.aws_route53_zone.zone.zone_id name = "nextcloud-ec2.aws.buetow.org" # Replace with your desired subdomain or leave empty for root type = "A" ttl = "300" - records = [aws_instance.my_nextcloud_instance.public_ip] + records = [aws_instance.nextcloud.public_ip] } diff --git a/org-buetow-nextcloud/variables.tf b/org-buetow-nextcloud/variables.tf deleted file mode 100644 index e46675c..0000000 --- a/org-buetow-nextcloud/variables.tf +++ /dev/null @@ -1,5 +0,0 @@ -variable "environment" { - description = "The production nextcloud environment" - type = string - default = "production" -} diff --git a/playground/ec2-instance-test/efs.tf b/playground/ec2-instance-test/efs.tf index 93466c1..1f0ae8f 100644 --- a/playground/ec2-instance-test/efs.tf +++ b/playground/ec2-instance-test/efs.tf @@ -1,20 +1,16 @@ -resource "aws_efs_file_system" "my_efs" { - creation_token = "my-efs" +resource "aws_efs_file_system" "efs" { + creation_token = "efs" encrypted = true - - tags = { - Name = "MyEFS" - } } resource "aws_efs_mount_target" "efs_mt" { - file_system_id = aws_efs_file_system.my_efs.id - subnet_id = aws_subnet.my_public_subnet.id # Replace with your subnet ID + file_system_id = aws_efs_file_system.efs.id + subnet_id = aws_subnet.public_subnet.id # Replace with your subnet ID security_groups = [aws_security_group.efs_sg.id] # Replace with your security group ID } resource "aws_security_group" "efs_sg" { - vpc_id = aws_vpc.my_vpc.id # Replace with your VPC ID + vpc_id = aws_vpc.vpc.id # Replace with your VPC ID ingress { from_port = 2049 # NFS port @@ -29,8 +25,4 @@ resource "aws_security_group" "efs_sg" { protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "efs-sg" - } } diff --git a/playground/ec2-instance-test/main.tf b/playground/ec2-instance-test/main.tf index 7c9d166..4bbc062 100644 --- a/playground/ec2-instance-test/main.tf +++ b/playground/ec2-instance-test/main.tf @@ -24,15 +24,15 @@ data "template_file" "user_data" { vars = { region = data.aws_region.current.name - efs_id = aws_efs_file_system.my_efs.id + efs_id = aws_efs_file_system.efs.id } } -resource "aws_instance" "my_instance" { +resource "aws_instance" "instance" { ami = data.aws_ami.amazon-linux-2.id instance_type = "t2.micro" key_name = aws_key_pair.id_rsa_pub.key_name - subnet_id = aws_subnet.my_public_subnet.id + subnet_id = aws_subnet.public_subnet.id vpc_security_group_ids = [ aws_security_group.allow_ssh.id, @@ -41,21 +41,17 @@ resource "aws_instance" "my_instance" { aws_security_group.allow_outbound.id ] user_data = data.template_file.user_data.rendered - depends_on = [aws_efs_file_system.my_efs] - - tags = { - Name = "${var.environment}-ec2-instance" - } + depends_on = [aws_efs_file_system.efs] } -data "aws_route53_zone" "my_zone" { +data "aws_route53_zone" "zone" { name = "aws.buetow.org." # Replace with your domain name } -resource "aws_route53_record" "my_record" { - zone_id = data.aws_route53_zone.my_zone.zone_id +resource "aws_route53_record" "record" { + zone_id = data.aws_route53_zone.zone.zone_id name = "${var.environment}-ec2-instance.aws.buetow.org" # Replace with your desired subdomain or leave empty for root type = "A" ttl = "300" - records = [aws_instance.my_instance.public_ip] + records = [aws_instance.instance.public_ip] } diff --git a/playground/ec2-instance-test/network.tf b/playground/ec2-instance-test/network.tf index 94cd9d9..2f9562e 100644 --- a/playground/ec2-instance-test/network.tf +++ b/playground/ec2-instance-test/network.tf @@ -1,54 +1,38 @@ -resource "aws_vpc" "my_vpc" { +resource "aws_vpc" "vpc" { cidr_block = "10.0.0.0/16" # Specify your CIDR block enable_dns_support = true enable_dns_hostnames = true - - tags = { - Name = "${var.environment}-my-vpc" - } } -resource "aws_internet_gateway" "my_igw" { - vpc_id = aws_vpc.my_vpc.id - - tags = { - Name = "${var.environment}-my-igw" - } +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.vpc.id } -resource "aws_subnet" "my_public_subnet" { - vpc_id = aws_vpc.my_vpc.id # Referencing the VPC +resource "aws_subnet" "public_subnet" { + vpc_id = aws_vpc.vpc.id # Referencing the VPC cidr_block = "10.0.1.0/24" # Specify your CIDR block for the subnet availability_zone = "eu-central-1a" # Change to your desired AZ map_public_ip_on_launch = true - - tags = { - Name = "${var.environment}-my-subnet" - } } -resource "aws_route_table" "my_route_table" { - vpc_id = aws_vpc.my_vpc.id +resource "aws_route_table" "route_table" { + vpc_id = aws_vpc.vpc.id route { cidr_block = "0.0.0.0/0" - gateway_id = aws_internet_gateway.my_igw.id - } - - tags = { - Name = "${var.environment}-my-route-table" + gateway_id = aws_internet_gateway.igw.id } } resource "aws_route_table_association" "a" { - subnet_id = aws_subnet.my_public_subnet.id - route_table_id = aws_route_table.my_route_table.id + subnet_id = aws_subnet.public_subnet.id + route_table_id = aws_route_table.route_table.id } resource "aws_security_group" "allow_ssh" { name = "allow_ssh" description = "Allow SSH inbound traffic" - vpc_id = aws_vpc.my_vpc.id + vpc_id = aws_vpc.vpc.id ingress { from_port = 22 @@ -56,16 +40,12 @@ resource "aws_security_group" "allow_ssh" { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "${var.environment}-allow-ssh" - } } resource "aws_security_group" "allow_http" { name = "allow_http" description = "Allow HTTP inbound traffic" - vpc_id = aws_vpc.my_vpc.id + vpc_id = aws_vpc.vpc.id ingress { from_port = 80 @@ -73,16 +53,12 @@ resource "aws_security_group" "allow_http" { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "${var.environment}-allow_http" - } } resource "aws_security_group" "allow_https" { name = "allow_https" description = "Allow HTTPS inbound traffic" - vpc_id = aws_vpc.my_vpc.id + vpc_id = aws_vpc.vpc.id ingress { from_port = 443 @@ -90,16 +66,12 @@ resource "aws_security_group" "allow_https" { protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } - - tags = { - Name = "${var.environment}-allow-https" - } } resource "aws_security_group" "allow_outbound" { name = "allow_outbound" description = "Allow outbound traffic" - vpc_id = aws_vpc.my_vpc.id + vpc_id = aws_vpc.vpc.id egress { from_port = 0 @@ -107,8 +79,4 @@ resource "aws_security_group" "allow_outbound" { protocol = "-1" # -1 means all protocols cidr_blocks = ["0.0.0.0/0"] # Allows outbound traffic to all IP addresses } - - tags = { - Name = "${var.environment}-allow-outnound" - } } diff --git a/playground/ec2-instance-test/outputs.tf b/playground/ec2-instance-test/outputs.tf index 9219aad..786fe9b 100644 --- a/playground/ec2-instance-test/outputs.tf +++ b/playground/ec2-instance-test/outputs.tf @@ -1,3 +1,3 @@ output "public_ip" { - value = aws_instance.my_instance.public_ip + value = aws_instance.instance.public_ip } |