Home Explore Help
Register Sign In
roberto.barbosa
/
terraform
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

iam added to allow access from ec2

Roberto Barbosa 8 years ago
parent
3fa4edb98c
commit
8ea6353bb7
12 changed files with 71 additions and 13 deletions
Unified View Show Diff Stats
  1. 0 0
      examples/ha_instance/graph.png
  2. 1 1
      examples/ha_instance/main.tf
  3. 0 0
      examples/ha_instance/outputs.tf
  4. 0 0
      examples/ha_instance/provider.tf
  5. 0 0
      examples/ha_instance/terraform.tfvars
  6. 2 0
      ha_instance/asg.tf
  7. 65 0
      ha_instance/iam.tf
  8. 0 11
      s3/s3.tf
  9. 1 0
      vpc/eip.tf
  10. 1 0
      vpc/igw.tf
  11. 1 0
      vpc/nat.tf
  12. 0 1
      vpc/routes.tf

+ 0 - 0
examples/alb/graph.png → examples/ha_instance/graph.png
View File


+ 1 - 1
examples/alb/main.tf → examples/ha_instance/main.tf
View File 

@@ -9,7 +9,7 @@ module "app_subnets" {
 
 }
 
 }
 
 
 
 module "alb" {
 
 module "alb" {
 
-  source = "/Users/rnrbarbosa/repos/cloud-aws-stack/alb/"
 
+  source = "/Users/rnrbarbosa/repos/cloud-aws-stack/ha_instance/"
 
 
 
   vpc_id = "${data.terraform_remote_state.base.vpc_id}"
 
   vpc_id = "${data.terraform_remote_state.base.vpc_id}"
 
   stack_name = "${var.stack_name}"
 
   stack_name = "${var.stack_name}"

+ 0 - 0
examples/alb/outputs.tf → examples/ha_instance/outputs.tf
View File


+ 0 - 0
examples/alb/provider.tf → examples/ha_instance/provider.tf
View File


+ 0 - 0
examples/alb/terraform.tfvars → examples/ha_instance/terraform.tfvars
View File


+ 2 - 0
ha_instance/asg.tf
View File 

@@ -10,6 +10,8 @@ resource "aws_launch_configuration" "asg_launch_nuxeo" {
 
     security_groups             = ["${var.alb_secgroups}"]
 
     security_groups             = ["${var.alb_secgroups}"]
 
     enable_monitoring           = false
 
     enable_monitoring           = false
 
     ebs_optimized               = false
 
     ebs_optimized               = false
 
+    #iam_instance_profile = "${aws_iam_instance_profile.nuxeo_instance_profile.id}"
 
+
 
 
 
     user_data       		= "${file("userdata.sh")}"
 
     user_data       		= "${file("userdata.sh")}"

+ 65 - 0
ha_instance/iam.tf
View File 

@@ -0,0 +1,65 @@
 
+# Create an IAM role for the Web Servers.
 
+resource "aws_iam_role" "nuxeo_iam_role" {
 
+    name = "${var.stack_name}"
 
+    assume_role_policy = <<EOF
 
+{
 
+  "Version": "2012-10-17",
 
+  "Statement": [
 
+    {
 
+      "Action": "sts:AssumeRole",
 
+      "Principal": {
 
+        "Service": "ec2.amazonaws.com"
 
+      },
 
+      "Effect": "Allow",
 
+      "Sid": ""
 
+    }
 
+  ]
 
+}
 
+EOF
 
+}
 
+
 
+resource "aws_iam_instance_profile" "nuxeo_instance_profile" {
 
+    name = "${var.stack_name}"
 
+    roles = ["nuxeo_iam_role"]
 
+}
 
+
 
+resource "aws_iam_role_policy" "nuxeo_iam_role_policy" {
 
+  name = "${var.stack_name}"
 
+  role = "${aws_iam_role.nuxeo_iam_role.id}"
 
+  policy = <<EOF
 
+{
 
+  "Version": "2012-10-17",
 
+  "Statement": [
 
+    {
 
+      "Effect": "Allow",
 
+      "Action": ["s3:ListBucket"],
 
+      "Resource": ["arn:aws:s3:::bucket-name"]
 
+    },
 
+    {
 
+      "Effect": "Allow",
 
+      "Action": [
 
+        "s3:PutObject",
 
+        "s3:GetObject",
 
+        "s3:DeleteObject"
 
+      ],
 
+      "Resource": [
 
+          "arn:aws:s3:::nuxeo-${sha1("${var.stack_name}")}/*",
 
+          "arn:aws:s3:::nuxeo-backup-${sha1("${var.stack_name}")}/*"
 
+      ]
 
+    }
 
+  ]
 
+}
 
+EOF
 
+}
 
+
 
+resource "aws_s3_bucket" "apps_bucket" {
 
+    bucket = "bucket-name"
 
+    acl = "private"
 
+    versioning {
 
+            enabled = true
 
+    }
 
+    tags {
 
+        Name = "bucket-name"
 
+    }
 
+}
 
+

+ 0 - 11
s3/s3.tf
View File 

@@ -25,14 +25,3 @@ resource "aws_s3_bucket" "bucket_backup" {
 
   }
 
   }
 
 }
 
 }
 
 
 
-resource "aws_s3_bucket" "bucket_logs" {
 
-    bucket = "nuxeo-logs-${sha1("${var.stack_name}")}"
 
-    acl = "private"
 
-
 
-  tags {
 
-    Name              = "nuxeo-logs-${sha1("${var.stack_name}")}"
 
-    billing-category    = "customers"
 
-    billing-subcategory = "${var.stack_name}"
 
-    role                = "nuxeo.bucket.logs"
 
-  }
 
-}

+ 1 - 0
vpc/eip.tf
View File 

@@ -1,3 +1,4 @@
 
+# AWS EIP
 
 resource "aws_eip" "nateip" {
 
 resource "aws_eip" "nateip" {
 
   vpc   = true
 
   vpc   = true
 
 }
 
 }

+ 1 - 0
vpc/igw.tf
View File 

@@ -1,3 +1,4 @@
 
+# INTERNET GATEWAY
 
 resource "aws_internet_gateway" "igw" {
 
 resource "aws_internet_gateway" "igw" {
 
   vpc_id = "${aws_vpc.vpc.id}"
 
   vpc_id = "${aws_vpc.vpc.id}"

+ 1 - 0
vpc/nat.tf
View File 

@@ -1,3 +1,4 @@
 
+# NAT GATEWAY
 
 resource "aws_nat_gateway" "natgw" {
 
 resource "aws_nat_gateway" "natgw" {
 
   allocation_id = "${aws_eip.nateip.id}"
 
   allocation_id = "${aws_eip.nateip.id}"
 
   subnet_id     = "${aws_subnet.sn_public.id}"
 
   subnet_id     = "${aws_subnet.sn_public.id}"

+ 0 - 1
vpc/routes.tf
View File 

@@ -32,7 +32,6 @@ resource "aws_route_table" "rtb_private" {
 
   }
 
   }
 
 }
 
 }
 
 
 
-
 
 resource "aws_route_table_association" "rta_public" {
 
 resource "aws_route_table_association" "rta_public" {
 
   subnet_id      = "${aws_subnet.sn_public.id}"
 
   subnet_id      = "${aws_subnet.sn_public.id}"
 
   route_table_id = "${aws_route_table.rtb_public.id}"
 
   route_table_id = "${aws_route_table.rtb_public.id}"