diff options
| author | Paul Buetow <paul@buetow.org> | 2023-12-27 17:43:16 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2023-12-27 17:43:16 +0200 |
| commit | c77cd9e9ded58207223042275246d5b8bd290087 (patch) | |
| tree | 2c4b74d7f5ea68c9fbef2e46da69434f2c37f87e | |
| parent | 481a752f2a9a2e2ca220eaa00ce22faeb588d2c9 (diff) | |
initial fluxpostgresdb
| -rw-r--r-- | org-buetow-base/outputs.tf | 4 | ||||
| -rw-r--r-- | org-buetow-base/zones.tf | 4 | ||||
| -rw-r--r-- | org-buetow-bastion/user_data.tpl | 3 | ||||
| -rw-r--r-- | org-buetow-ecs/fluxpostgreservice.tf | 48 |
4 files changed, 30 insertions, 29 deletions
diff --git a/org-buetow-base/outputs.tf b/org-buetow-base/outputs.tf index 48d5d08..d182249 100644 --- a/org-buetow-base/outputs.tf +++ b/org-buetow-base/outputs.tf @@ -34,8 +34,8 @@ output "buetow_cloud_zone_id" { value = data.aws_route53_zone.buetow_cloud.zone_id } -output "buetow_private_zone_id" { - value = aws_route53_zone.buetow_private.zone_id +output "buetow_internal_zone_id" { + value = aws_route53_zone.buetow_internal.zone_id } output "buetow_cloud_certificate_arn" { diff --git a/org-buetow-base/zones.tf b/org-buetow-base/zones.tf index ce8f064..1f47ff2 100644 --- a/org-buetow-base/zones.tf +++ b/org-buetow-base/zones.tf @@ -3,8 +3,8 @@ data "aws_route53_zone" "buetow_cloud" { private_zone = false } -resource "aws_route53_zone" "buetow_private" { - name = "buetow.private" +resource "aws_route53_zone" "buetow_internal" { + name = "buetow.internal" vpc { vpc_id = aws_vpc.vpc.id diff --git a/org-buetow-bastion/user_data.tpl b/org-buetow-bastion/user_data.tpl index b78fef1..63c81ec 100644 --- a/org-buetow-bastion/user_data.tpl +++ b/org-buetow-bastion/user_data.tpl @@ -2,8 +2,9 @@ # Docker sudo yum update -y +sudo install postgresql15 -y # PostgreSQL client programs sudo amazon-linux-extras install docker -y -sudo service docker enable +sudo service docker enabl sudo service docker start sudo usermod -a -G docker ec2-user diff --git a/org-buetow-ecs/fluxpostgreservice.tf b/org-buetow-ecs/fluxpostgreservice.tf index 6aeb81f..b49bca9 100644 --- a/org-buetow-ecs/fluxpostgreservice.tf +++ b/org-buetow-ecs/fluxpostgreservice.tf @@ -33,25 +33,25 @@ resource "aws_lb_target_group" "fluxpostgres_tcp" { } resource "aws_route53_record" "a_record_fluxpostgres" { - zone_id = data.terraform_remote_state.base.outputs.buetow_cloud_zone_id - name = "fluxpostgres.buetow.cloud." # TODO, internal DNS? + zone_id = data.terraform_remote_state.base.outputs.buetow_internal_zone_id + name = "fluxpostgres.buetow.internal." type = "A" alias { - name = data.terraform_remote_state.elb.outputs.alb_dns_name - zone_id = data.terraform_remote_state.elb.outputs.alb_zone_id + name = aws_lb.fluxpostgres_nlb.dns_name + zone_id = aws_lb.fluxpostgres_nlb.zone_id evaluate_target_health = true } } resource "aws_route53_record" "aaaa_record_fluxpostgres" { - zone_id = data.terraform_remote_state.base.outputs.buetow_cloud_zone_id - name = "fluxpostgres.buetow.cloud." # TODO, internal DNS? + zone_id = data.terraform_remote_state.base.outputs.buetow_internal_zone_id + name = "fluxpostgres.buetow.internal." type = "AAAA" alias { - name = data.terraform_remote_state.elb.outputs.alb_dns_name - zone_id = data.terraform_remote_state.elb.outputs.alb_zone_id + name = aws_lb.fluxpostgres_nlb.dns_name + zone_id = aws_lb.fluxpostgres_nlb.zone_id evaluate_target_health = true } } @@ -95,18 +95,18 @@ resource "aws_ecs_task_definition" "fluxpostgres" { mountPoints = [ { sourceVolume = "fluxpostgres-efs-volume" - containerPath = "/var/lib/postgres/data" + containerPath = "/var/lib/postgresql/data" readOnly = false } ], - #"logConfiguration" : { - # "logDriver" : "awslogs", - # "options" : { - # "awslogs-group" : "/ecs/containers", - # "awslogs-region" : "eu-central-1", - # "awslogs-stream-prefix" : "fluxpostgres" - # } - #} + "logConfiguration" : { + "logDriver" : "awslogs", + "options" : { + "awslogs-group" : "/ecs/containers", + "awslogs-region" : "eu-central-1", + "awslogs-stream-prefix" : "fluxpostgres" + } + } }]) } @@ -134,13 +134,13 @@ resource "aws_security_group" "fluxpostgres" { } # TODO: Required? - egress { - from_port = 0 - to_port = 0 - protocol = "-1" # Allows all outbound traffic - cidr_blocks = ["0.0.0.0/0"] - ipv6_cidr_blocks = ["::/0"] - } + #egress { + # from_port = 0 + # to_port = 0 + # protocol = "-1" # Allows all outbound traffic + # cidr_blocks = ["0.0.0.0/0"] + # ipv6_cidr_blocks = ["::/0"] + #} tags = { Name = "allow-fluxpostgres" |