/* * https://wiki.nuxeo.com/display/INFRA/Cloud+Provisioning * 1) Create Subnets for the Stack * - On Public with a /24 size. * - One private Subnet to run Nuxeo * - at least 2 Private Subnets for Databases * 2) Create a NAT Gateway in one of the Public Subnets * 3) Create a Route with the Internet Gateway as default route, associate it with the Public Subnet(s) * 4) Create a Route with the NAT Gateway as default route, *that should be associated to all Private Subnets when they are created* * 5) Create a Security Group for ELBs that accepts HTTP and HTTPS from anywhere * 6) Create a Security Group for Bastion Hosts that accepts SSH from anywhere * * 7) Create a Bastion Host with bastion host SG associated to ti, install NTP and Userify on it */ /////////////////////////////////////////////////////////////////////// // RESOURCES /////////////////////////////////////////////////////////////////////// resource "random_id" "customer" { byte_length = 8 } module "net" { source = "./net/" stack_name = "${var.stack_name}" region = "${var.aws_region}" vpc_id = "${var.vpc_id}" public_subnets = ["10.0.10.0/24"] private_subnets = ["10.0.11.0/24"] private_db_subnets = ["10.0.100.0/24","10.0.101.0/24"] } #------------- #DNS Entry for Cloud Customer #------------- resource "aws_route53_record" "dns" { zone_id = "Z1EFT3O5K9NMCJ" // Zone ID for nuxeocloud.com name = "${name}" type = "CNAME" ttl = "300" weighted_routing_policy { weight = 90 } set_identifier = "${var.stack_name}" records = ["${var.stack_name}.nuxeocloud.com"] } # ------------------------------------- # S3 buckets:w for Nuxeo and for Backups # ------------------------------------- module "s3" { source = "./s3/" stack_name = "${var.stack_name}" #cust_id = "${random_id.customer.b64}" cust_id = "${uuid()}" } # ------------------------- # RDS Postgres Database # ------------------------- module "rds" { source = "./rds/" region = "${var.aws_region}" stack_name = "${var.stack_name}" database_name = "nuxeo" rds_allocated_storage = "10" rds_engine_version = "9.4.7" security_group_ids = ["${module.net.sg_internal_id}"] #subnet_ids = ["${aws_subnet.db_private.0.id}", "${aws_subnet.db_private.1.id}"] #db_private_subnets = ["${element(module.net.db_private, 0)}", "${element(module.net.db_private, 1)}"] subnet_ids = ["${element(module.net.db_private, 0)}", "${element(module.net.db_private, 1)}"] } #------------------------- # Elastic Cache Redis #------------------------- module "elasticcache" { source = "./elasticcache" stack_name = "${var.stack_name}-redis" engine_version = "3.2.4" node_type = "cache.t2.micro" security_group_ids = ["${module.net.sg_internal_id}"] private_subnet_ids = ["${module.net.db_private}"] } #------------------------- # EC2 Instances #------------------------- module "nuxeo" { source = "./instance/" # Variables for creating an instance stack_name = "${var.stack_name}-nuxeo" instance_name = "${var.stack_name}-nuxeo-instance" os_release = "xenial" instance_type = "t2.micro" public_key_path ="${var.public_key_path}" # public_key_path="/path/to/my/pub_key" subnet_id="${element(module.net.private_subnets, 0)}" } module "bastion" { source = "bastion/" vpc_id = "${var.vpc_id}" allowed_network="10.0.0.0/16" subnet_public="${module.net.public_subnets}" }