Clean up, added examples, removed full stack deployment on left by modules usage

README.md

@@ -5,80 +5,14 @@ Host default provisioning templates for Nuxeo
 
 This is a set of Terraform modules for configuring  infrastructure environments with AWS. 
 
-
-The Stack implements the current procedure at https://wiki.nuxeo.com/display/INFRA/Cloud+Provisioning
-
-
-* Create Subnets for the Stack
-    *    One Public with a /24 size. 
-    *    One private Subnet to run Nuxeo 
-    *    At least 2 Private Subnets for Databases
-* Create a NAT Gateway in one of the Public Subnets
-* Create a Route with the Internet Gateway as default route, associate it with the Public Subnet(s)
-* Create a Route with the NAT Gateway as default route, *_that should be associated to all Private Subnets when they are created_*
-* Create a Security Group for ELBs that accepts HTTP and HTTPS from anywhere
-* Create a Security Group for Bastion Hosts that accepts SSH from anywhere
-* Create a Bastion Host with bastion host SG associated to ti, install NTP and Userify on it
-
-
 ## Requirements
 
 Before we start, you'll first need:
 
-* an AWS account with API access
-* locally configured AWS credentials 
-* to create a keypair in AWS
+* AWS account with API access
+* locally configured AWS credentials on ~/.aws
 * Download and install [terraform|https://www.terraform.io/downloads.html]
 
+## Usage 
 
-## Quick Start
-
-To be able to use this stack create a terraform like:
-
-```
-module "nuxeo-env" {
-  source = "github.com/nuxeo/cloud-aws-stack"
-
-  stack_name = "acme"
-  vpc_id="vpc-8beb14ec"
-  public_subnets = ["10.0.10.0/24"]
-  private_subnets = ["10.0.11.0/24"]
-  private_db_subnets = ["10.0.100.0/24","10.0.101.0/24"]
-  public_key_path="/Users/<user>/.ssh/id_rsa.pub"
-}
-```
-
-To test and plan what you're about to do, run:
-
-```
-terraform get   # Get remote modules 
-terraform plan
-```
-
-You should get all that is going to be installed.
-
-If you want to see the resource dependency graph, install Graphviz and run:
-
-```
-terraform graph | dot -Tpng > graph.png
-```
-
-### Create Resources
-
-To create resources on AWS, run:
-
-````
-terraform apply
-````
-
-
-### Destroy Resources
-
-To delete all resources on AWS, run:
-
-````
-terraform destroy
-````
-
-NOTE: Persisten Data resources will be marked with a lifecycle policy to prevent being deleted.
-
+See more on [examples](examples/)

examples/alb/main.tf

@@ -0,0 +1,36 @@
+variable "region" {}
+variable "aws-profile" {}
+variable "stack_name" {}
+
+provider "aws" {
+  region  = "${var.region}"
+  profile = "${var.aws-profile}"
+}
+
+data "terraform_remote_state" "base" {
+    backend = "local"
+    config {
+        path = "../base/terraform.tfstate"
+    }
+}
+
+data "aws_availability_zones" "available" {}
+
+module "alb" {
+  source = "/Users/rnrbarbosa/repos/cloud-aws-stack/alb/"
+  
+  vpc_id = "${data.terraform_remote_state.base.vpc_id}"
+  stack_name = "${var.stack_name}"
+  alb_secgroups = ["${data.terraform_remote_state.base.inbound}"]
+  app_subnet_ids = ["10.0.11.0/24","10.0.12.0/24","10.0.13.0/24"]
+  azs = ["${data.aws_availability_zones.available.names[0]}","${data.aws_availability_zones.available.names[1]}","${data.aws_availability_zones.available.names[2]}"]
+
+}
+
+output "nuxeo_url_alb" {
+  value = "${module.alb.nuxeo_url_alb}"
+}
+
+output "nuxeo_url" {
+  value = "${module.alb.nuxeo_url}"
+}

examples/alb/terraform.tfvars

@@ -0,0 +1,3 @@
+region 		= ""  
+aws-profile	= ""
+stack_name	= ""

examples/rds/main.tf

@@ -0,0 +1,30 @@
+variable "region" {}
+variable "aws-profile" {}
+variable "stack_name" {}
+
+provider "aws" {
+  region  = "${var.region}"
+  profile = "${var.aws-profile}"
+}
+
+data "terraform_remote_state" "base" {
+    backend = "local"
+    config {
+        path = "${path.module}/../base/terraform.tfstate"
+    }
+}
+
+data "aws_availability_zones" "available" {}
+
+module "rds" {
+  source = "git::https://github.com/nuxeo/cloud-aws-stack.git//rds"
+
+  vpc_id = "${data.terraform_remote_state.base.vpc_id}"
+  region = "${var.region}"
+  stack_name = "${var.stack_name}"
+  database_name = "nuxeo-${var.stack_name}"
+  db_subnet_ids = ["10.0.111.0/24","10.0.112.0/24","10.0.113.0/24"]
+  security_group_ids = [""]
+  azs = ["${data.aws_availability_zones.available.names[0]}","${data.aws_availability_zones.available.names[1]}","${data.aws_availability_zones.available.names[2]}"]
+}
+

examples/rds/outputs.tf

@@ -0,0 +1,19 @@
+output "db_id" {
+  value = "${module.rds.id}"
+}
+
+output "database_security_group_id" {
+  value = "${module.rds.database_security_group_id}"
+}
+
+output "hostname" {
+  value = "${module.rds.hostname}"
+}
+
+output "db_port" {
+  value = "${module.rds.port}"
+}
+
+output "endpoint" {
+  value = "${module.rds.endpoint}"
+}

examples/rds/terraform.tfvars

@@ -0,0 +1,3 @@
+region 		= ""  
+aws-profile	= ""
+stack_name	= ""

examples/s3/main.tf

@@ -0,0 +1,25 @@
+variable "region" {}
+variable "aws-profile" {}
+variable "stack_name" {}
+
+provider "aws" {
+  region  = "${var.region}"
+  profile = "${var.aws-profile}"
+}
+
+module "s3" {
+  source = "/Users/rnrbarbosa/repos/cloud-aws-stack/s3"
+  stack_name = "${var.stack_name}"
+}
+
+output "s3_binstore_name" {
+	value = "${module.s3.s3_binstore_name}"
+}
+
+output "s3_bkstore_name" {
+	value = "${module.s3.s3_bkstore_name}"
+}
+
+output "s3_logstore_name" {
+	value = "${module.s3.s3_logstore_name}"
+}

examples/s3/terraform.tfvars

@@ -0,0 +1,3 @@
+region 		= ""  
+aws-profile	= ""
+stack_name	= ""

instance/main.tf

@@ -71,8 +71,7 @@ resource "aws_key_pair" "deployer" {
 # EC2 Instance
 #--------------------
 resource "aws_instance" "ec2" {
-    #ami = "${data.aws_ami.ubuntu.id}"
-    ami = "${var.ami}"
+    ami = "${data.aws_ami.ubuntu.id}"
     instance_type = "${var.instance_type}"
     key_name = "${aws_key_pair.deployer.id}"
     subnet_id   = "${var.subnet_id}"

main.tf

@@ -1,99 +0,0 @@
-/*
-* https://wiki.nuxeo.com/display/INFRA/Cloud+Provisioning
-*/
-
-///////////////////////////////////////////////////////////////////////
-// Load defaults
-///////////////////////////////////////////////////////////////////////
-/*module "defaults" {
-  source = "./defaults"
-  region = "${var.region}"
-  cidr   = "${var.cidr}"
-}*/
-
-///////////////////////////////////////////////////////////////////////
-// RESOURCES
-///////////////////////////////////////////////////////////////////////
-module "net" {
-  source = "./net/"
-
-  stack_name = "${var.stack_name}"
-  region = "${var.region}"
-  vpc_id = "${var.vpc_id}"
-
-  public_subnets = ["10.0.10.0/24"]
-  private_subnets = ["10.0.11.0/24"]
-  private_db_subnets = ["10.0.100.0/24","10.0.101.0/24"]
-}
-
-
-#-------------
-# DNS Entry for Cloud Customer
-#-------------
-resource "aws_route53_record" "dns" {
-  zone_id = "Z1EFT3O5K9NMCJ" // Zone ID for nuxeocloud.com
-  name = "${name}"
-  type = "CNAME"
-  ttl = "300"
-  weighted_routing_policy {
-   weight = 90
-  }
- set_identifier = "${var.stack_name}"
- records = ["${var.stack_name}.nuxeocloud.com"]
-}
-
-# -------------------------------------
-# S3 buckets:w for Nuxeo and for Backups
-# -------------------------------------
-module "s3" {
-  source = "./s3/"
-  stack_name = "${var.stack_name}"
-  cust_id = "${sha256("${var.stack_name}")}"
-}
-
-
-# -------------------------
-# RDS Postgres Database
-# -------------------------
-module "rds" {
-  source = "./rds/"
-  region = "${var.region}"
-  stack_name = "${var.stack_name}"
-  database_name = "nuxeo"
-  rds_allocated_storage = "${var.rds_allocated_storage}"
-  rds_engine_version = "${rds_engine_version}"
-  security_group_ids = ["${module.net.sg_internal_id}"]
-  subnet_ids = ["${element(module.net.db_private, 0)}", "${element(module.net.db_private, 1)}"]
-}
-
-
-#-------------------------
-# Elastic Cache Redis
-#-------------------------
-module "elasticcache" {
-	source = "./elasticcache"
-	stack_name = "${var.stack_name}-redis"
-	engine_version = "${engine_version}"
-	node_type = "$${var.node_type}"
-	security_group_ids = ["${module.net.sg_internal_id}"]
-	private_subnet_ids  = ["${module.net.db_private}"]
-}
-
-#-------------------------
-# EC2 Instances
-#-------------------------
-module "nuxeo" {
-  source = "./instance/"
-  # Variables for creating an instance
-  stack_name = "${var.stack_name}-nuxeo"
-  instance_name = "${var.stack_name}-nuxeo-instance"
-  os_release = "${os_release}"
-  instance_type = "${var.instance_type}"
-  public_key_path ="${var.public_key_path}"
-  secgroup = ["${module.net.sg_internal_id}"]
-  ami = "ami-111111"
-#  public_key_path="/path/to/my/pub_key"
-  subnet_id="${element(module.net.private_subnets, 0)}"
-}
-
-

net/main.tf

@@ -1,324 +0,0 @@
-///////////////////////////////////////////////////////////////////////
-// RESOURCES
-///////////////////////////////////////////////////////////////////////
-#-------------
-# DNS Entry for Cloud Customer
-#-------------
-#resource "aws_route53_record" "dns" {
-#   zone_id = "Z1EFT3O5K9NMCJ" // Zone ID for nuxeocloud.com
-#   name = "${name}"
-#   type = "CNAME"
-#   ttl = "300"
-#   weighted_routing_policy {
-#    weight = 90
-#   }
-#  set_identifier = "${var.stack_name}"
-#  records = ["${var.stack_name}.nuxeocloud.com"]
-#}
-
-#-------------
-# CREATE SUBNETS
-#-------------
-resource "aws_subnet" "public" {
-  vpc_id            = "${var.vpc_id}"
-  cidr_block        = "${var.public_subnets[count.index]}"
-  availability_zone = "${var.region}${var.azs[count.index]}"
-  count             = "${length(var.public_subnets)}"
-  tags {
-    Name 		= "${var.stack_name}-subnet-public-${var.region}${element(var.azs, count.index)}"
-    billing-category    = "customers"
-    billing-subcategory = "${var.stack_name}"
-    role                = "nuxeo.aws-subnet"
-  }
-  map_public_ip_on_launch = "true"
-}
-
- resource "aws_subnet" "private" {
-  vpc_id            = "${var.vpc_id}"
-  cidr_block        = "${var.private_subnets[count.index]}"
-  #availability_zone = "${var.region}${var.azs[count.index]}"
-  count             = "${length(var.private_subnets)}"
-  tags {
-    Name 		= "${var.stack_name}-subnet-private-${var.region}${element(var.azs, count.index)}"
-    billing-category    = "customers"
-    billing-subcategory = "${var.stack_name}"
-    role                = "nuxeo.aws-subnet"
-  }
-}
-
-resource "aws_subnet" "db_private" {
-  vpc_id            = "${var.vpc_id}"
-  cidr_block        = "${var.private_db_subnets[count.index]}"
-  availability_zone = "${var.region}${var.azs[count.index]}"
-  count             = "${length(var.private_db_subnets)}"
-  tags {
-    Name 		= "${var.stack_name}-db-subnet-private-${var.region}${element(var.azs, count.index)}"
-    billing-category    = "customers"
-    billing-subcategory = "${var.stack_name}"
-    role                = "nuxeo.aws-subnet"
-  }
-}
-
-#-------------
-# CREATE NAT GATEWAY
-#-------------
-# > Create EIP to associate to NAT GW
-resource "aws_eip" "nateip" {
-  vpc   = true
-  count = "${length(var.private_subnets) * lookup(map(var.enable_nat_gateway, 1), "true", 0)}"
-  tags {
-    Name                = "${var.vpc_id}-nat-eip"
-    billing-category    = "customers"
-    role                = "nuxeo.aws-nat_eip"
-  }
-}
-
-# > Create NAT GW
-resource "aws_nat_gateway" "natgw" {
-  allocation_id = "${element(aws_eip.nateip.*.id, count.index)}"
-  subnet_id     = "${element(aws_subnet.public.*.id, count.index)}"
-  count         = "${length(var.private_subnets) * lookup(map(var.enable_nat_gateway, 1), "true", 0)}"
-  tags {
-    Name                = "${var.stack_name}-natgw"
-    billing-category    = "customers"
-    billing-subcategory = "${var.stack_name}"
-    role                = "nuxeo.aws-natgw"
-  }
-  depends_on = ["aws_internet_gateway.igw"]
-}
-
-# > Create IGW
-resource "aws_internet_gateway" "igw" {
-  vpc_id = "${var.vpc_id}"
-}
-
-#-------------
-# CREATE ROUTES
-#-------------
-
-# > Route Tables
-
-# >> Route Table for Public Subnets
-resource "aws_route_table" "public" {
-  vpc_id           = "${var.vpc_id}"
-  propagating_vgws = ["${var.public_propagating_vgws}"]
-  tags {
-    Name 		= "${var.stack_name}-rt-public"
-    billing-category    = "customers"
-    billing-subcategory = "${var.stack_name}"
-    role                = "nuxeo.aws-rtb"
-  }
-}
-
-# >> Route Table for Private Subnets
-resource "aws_route_table" "private" {
-  vpc_id           = "${var.vpc_id}"
-  propagating_vgws = ["${var.private_propagating_vgws}"]
-  count            = "${length(var.private_subnets)}"
-  tags {
-    Name 		= "${var.stack_name}-rt-private-${element(var.azs, count.index)}"
-    billing-category    = "customers"
-    billing-subcategory = "${var.stack_name}"
-    role                = "nuxeo.aws-rtb"
-  }
-}
-
-# > Associations
-# >> for Private Subnets
-resource "aws_route_table_association" "private" {
-  count          = "${length(var.private_subnets)}"
-  subnet_id      = "${element(aws_subnet.private.*.id, count.index)}"
-  route_table_id = "${element(aws_route_table.private.*.id, count.index)}"
-}
-
-# >> for Public Subnets
-resource "aws_route_table_association" "public" {
-  count          = "${length(var.public_subnets)}"
-  subnet_id      = "${element(aws_subnet.public.*.id, count.index)}"
-  route_table_id = "${aws_route_table.public.id}"
-}
-
-# > Routes
-# >> Route for IGW
-resource "aws_route" "public_internet_gateway" {
-  route_table_id         = "${aws_route_table.public.id}"
-  destination_cidr_block = "0.0.0.0/0"
-  gateway_id             = "${aws_internet_gateway.igw.id}"
-}
-
-# Route for NAT GW
-resource "aws_route" "private_nat_gateway" {
-  route_table_id         = "${element(aws_route_table.private.*.id, count.index)}"
-  destination_cidr_block = "0.0.0.0/0"
-  nat_gateway_id         = "${element(aws_nat_gateway.natgw.*.id, count.index)}"
-  count                  = "${length(var.private_subnets) * lookup(map(var.enable_nat_gateway, 1), "true", 0)}"
-}
-
-
-#-------------------
-# Security Groups
-#-------------------
-resource "aws_security_group" "sg_external_elb" {
-  name        = "${format("%s-sg-external-elb", var.stack_name)}"
-  vpc_id      = "${var.vpc_id}"
-  description = "Allows external ELB traffic"
-
-  ingress {
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  ingress {
-    from_port   = 443
-    to_port     = 443
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = -1
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
-  tags {
-    Name                = "${format("%s external elb", var.stack_name)}"
-    billing-category    = "customers"
-    billing-subcategory = "${var.stack_name}"
-    role                = "nuxeo.aws-sg.external"
-  }
-}
-
-resource "aws_security_group" "sg_internal" {
-  name        = "${format("%s-sg-internal-elb", var.stack_name)}"
-  vpc_id      = "${var.vpc_id}"
-  description = "Allows external ELB traffic"
-
-  ingress {
-    from_port   = 80
-    to_port     = 80
-    protocol    = "tcp"
-    security_groups = ["${aws_security_group.sg_external_elb.id}"]
-  }
-
-  ingress {
-    from_port   = 8080
-    to_port     = 8080
-    protocol    = "tcp"
-    security_groups = ["${aws_security_group.sg_external_elb.id}"]
-  }
-
-  ingress {
-    from_port   = 22
-    to_port     = 22
-    protocol    = "tcp"
-    # TOFIX to replace by bastion host
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = -1
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
-  tags {
-    Name        	= "${format("%s internal elb", var.stack_name)}"
-    billing-category	= "customers"
-    billing-subcategory = "${var.stack_name}"
-    role		= "nuxeo.aws-sg.internal"
-  }
-}
-
-resource "aws_security_group" "external_ssh" {
-  name        = "${format("%s-sg-external-ssh", var.stack_name)}"
-  description = "Allows ssh from the world"
-  vpc_id      = "${var.vpc_id}"
-
-  ingress {
-    from_port   = 22
-    to_port     = 22
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
-    tags {
-      Name        = "${format("%s external ssh", var.stack_name)}"
-      billing-category = "customers"
-      billing-subcategory = "${var.stack_name}"
-      role= "nuxeo.aws-sg-ssh"
-    }
-  tags {
-  }
-}
-
-#-------------------
-# ELB
-#-------------------
-resource "aws_elb" "elb" {
-  name = "elb-${var.stack_name}"
-
-  internal                  = true
-  cross_zone_load_balancing = true
-  subnets                   = ["${aws_subnet.public.id}"]
-  security_groups 	    = ["${aws_security_group.sg_external_elb.id}"]
-
-  idle_timeout                = 30
-  connection_draining         = true
-  connection_draining_timeout = 15
-
-  listener {
-    lb_port           = 80
-    lb_protocol       = "http"
-    instance_port     = 80
-    instance_protocol = "http"
-  }
-
-#  listener {
-#    lb_port           = 443
-#    lb_protocol       = "https"
-#    instance_port     = 80
-#    instance_protocol = "http"
-#    #ssl_certificate_id = "${var.ssl_certificate_id}"
-#  }
-
-  health_check {
-    healthy_threshold   = 2
-    unhealthy_threshold = 2
-    timeout             = 5
-    target              = "TCP:8080"
-    interval            = 30
-  }
-
-#  access_logs {
-#    bucket = "${var.log_bucket}"
-#  }
-   tags {
-     Name        = "elb-${var.stack_name}"
-     billing-category = "customers"
-     billing-subcategory = "${var.stack_name}"
-     role= "nuxeo.elb"
-   }
-  tags {
-  }
-}

net/outputs.tf

@@ -1,37 +0,0 @@
-output "private_subnets" {
-  value = ["${aws_subnet.private.*.id}"]
-}
-
-output "public_subnets" {
-  value = ["${aws_subnet.public.*.id}"]
-}
-
-output "db_private" {
-  value = ["${aws_subnet.db_private.*.id}"]
-}
-
-
-output "public_route_table_ids" {
-  value = ["${aws_route_table.public.*.id}"]
-}
-
-output "private_route_table_ids" {
-  value = ["${aws_route_table.private.*.id}"]
-}
-
-output "nat_eips" {
-  value = ["${aws_eip.nateip.*.id}"]
-}
-
-output "elb_security_group_id" {
-  value = ["${aws_security_group.sg_external_elb.id}"]
-}
-
-output "sg_internal_id" {
-  value = ["${aws_security_group.sg_internal.id}"]
-}
-
-output "external_ssh_id" {
-  value = ["${aws_security_group.external_ssh.id}"]
-}
-

net/variables.tf

@@ -1,50 +0,0 @@
-
-variable "vpc_id" {
-}
-
-variable "stack_name" {
-}
-
-variable "region" {
-}
-
-variable "public_subnets" {
-  description = "A list of public subnets inside the VPC."
-  default     = []
-}
-
-variable "private_subnets" {
-  description = "A list of private subnets inside the VPC."
-  default     = []
-}
-
-variable "private_db_subnets" {
-  description = "A list of private subnets inside the VPC for the RDS Postgres"
-  default     = []
-}
-
-variable "azs" {
-  description = "A list of Availability zones in the region"
-  default     = ["a","b","c"]
-}
-
-variable "enable_nat_gateway" {
-  description = "should be true if you want to provision NAT Gateways for each of your private networks"
-  default     = false
-}
-variable "private_propagating_vgws" {
-  description = "A list of VGWs the private route table should propagate."
-  default     = []
-}
-
-variable "public_propagating_vgws" {
-  description = "A list of VGWs the public route table should propagate."
-  default     = []
-}
-
-variable "ssl_certificate_id" {
-  description = "SSL Certificate ID on AWS for nuxeocloud.com"
-  default = "ASCAI627UM4G2NSLWDTMM"
-}
-
-data "aws_availability_zones" "available" {}

rds/main.tf

@@ -31,6 +31,9 @@ resource "aws_subnet" "db_private_3" {
   }
 }
 
+/***************************************************
+* SECURITY GROUP
+****************************************************/
 resource "aws_security_group" "db" {
   name        = "main_rds_sg"
   description = "Allow all inbound traffic"

variables.tf

@@ -1,65 +0,0 @@
-#-------------------
-# VARIABLES
-#-------------------
-
-// Variables for providers used in this module
-/*variable "aws_access_key" {}
-variable "aws_secret_key" {}*/
-
-// Deployer SSH Pub SSH keys
-variable "public_key_path" {}
-
-
-variable "stack_name" {
-}
-
-variable "region" {
-}
-
-variable "vpc_id" {}
-
-variable "public_subnets" {
-	type    = "list"
-}
-variable "private_subnets" {
-	type    = "list"
-}
-
-variable "private_db_subnets" {
-	type    = "list"
-}
-
-/* RDS Options */
-
-variable "rds_allocated_storage" {
-  type    = "string"
-  default = "10"
-}
-
-variable "rds_engine_version" {
-  type    = "string"
-  default = "9.4.7"
-}
-
-/* REDIS/elasticcache option */
-
-variable "engine_version" {
-  type    = "string"
-  default = "3.2.4"
-}
-
-variable "node_type" {
-  type    = "string"
-  default = "cache.t2.micro"
-}
-
-/* Instance Options */
- variable "os_release" {
-   type    = "string"
-   default = "xenial"
- }
-
- variable "instance_type" {
-   type    = "string"
-   default = "t2.micro"
- }