chore(infrastructure): Update terraform infra definition

Vizzuality · Nov 25, 2024 · ba66e6d · ba66e6d
1 parent 460d76c
commit ba66e6d
Show file tree

Hide file tree

Showing 4 changed files with 154 additions and 49 deletions.
diff --git a/infrastructure/v2/main.tf b/infrastructure/v2/main.tf
@@ -113,45 +113,88 @@ module "dev" {
   }
 }
 
-# module "prod" {
-#   source                                        = "./modules/env"
-#   providers = {
-#     aws = aws.prod
-#   }
-
-#   domain                                        = "prod.amazonia360.dev-vizzuality.com"
-#   project                                       = var.project_name
-#   environment                                   = "production"
-#   aws_region                                    = var.prod.aws_region
-#   beanstalk_platform                            = "64bit Amazon Linux 2023 v4.4.1 running Docker"
-#   beanstalk_tier                                = "WebServer"
-#   ec2_instance_type                             = "t3.medium"
-#   elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name
-#   repo_name                                     = var.repo_name
-#   cname_prefix                                  = "amazonia360-prod-environment"
-#   github_owner = var.github_owner
-#   github_token = var.github_token
-#   github_additional_environment_variables = {
-#     TF_AWS_REGION   = var.prod.aws_region
-
-#     # API
-#     TF_API_TIFF_PATH                       = var.prod.api.tiff_path
-#     TF_API_GRID_TILES_PATH                 = var.prod.api.grid_tiles_path
-
-#     # Client
-#     TF_CLIENT_NEXT_PUBLIC_API_URL = var.prod.client.next_public_api_url
-#   }
-#   github_additional_environment_secrets = {
-#     # API
-#     TF_API_AUTH_TOKEN = var.prod.api.auth_token
-
-#     # Client
-#     TF_CLIENT_NEXT_PUBLIC_API_KEY = var.prod.client.next_public_api_key
-#     TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY = var.prod.client.next_public_arcgis_api_key
-#     TF_CLIENT_ARCGIS_CLIENT_ID = var.prod.client.arcgis_client_id
-#     TF_CLIENT_ARCGIS_CLIENT_SECRET = var.prod.client.arcgis_client_secret
-#     TF_CLIENT_BASIC_AUTH_USER = var.prod.client.basic_auth_user
-#     TF_CLIENT_BASIC_AUTH_PASSWORD = var.prod.client.basic_auth_password
-#     TF_CLIENT_SESSION_SECRET = var.prod.client.session_secret
-#   }
-# }
+module "staging" {
+  source                                        = "./modules/env"
+  providers = {
+    aws = aws.dev
+  }
+
+  domain                                        = "staging.amazonia360.dev-vizzuality.com"
+  project                                       = var.project_name
+  environment                                   = "staging"
+  aws_region                                    = var.staging.aws_region
+  beanstalk_platform                            = "64bit Amazon Linux 2023 v4.4.1 running Docker"
+  beanstalk_tier                                = "WebServer"
+  ec2_instance_type                             = "t3.medium"
+  elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name
+  repo_name                                     = var.repo_name
+  cname_prefix                                  = "amazonia360-staging-environment"
+  github_owner = var.github_owner
+  github_token = var.github_token
+  github_additional_environment_variables = {
+    TF_AWS_REGION   = var.staging.aws_region
+
+    # API
+    TF_API_TIFF_PATH                       = var.staging.api.tiff_path
+    TF_API_GRID_TILES_PATH                 = var.staging.api.grid_tiles_path
+
+    # Client
+    TF_CLIENT_NEXT_PUBLIC_API_URL = var.staging.client.next_public_api_url
+  }
+  github_additional_environment_secrets = {
+    # API
+    TF_API_AUTH_TOKEN = var.staging.api.auth_token
+
+    # Client
+    TF_CLIENT_NEXT_PUBLIC_API_KEY = var.staging.client.next_public_api_key
+    TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY = var.staging.client.next_public_arcgis_api_key
+    TF_CLIENT_ARCGIS_CLIENT_ID = var.staging.client.arcgis_client_id
+    TF_CLIENT_ARCGIS_CLIENT_SECRET = var.staging.client.arcgis_client_secret
+    TF_CLIENT_BASIC_AUTH_USER = var.staging.client.basic_auth_user
+    TF_CLIENT_BASIC_AUTH_PASSWORD = var.staging.client.basic_auth_password
+    TF_CLIENT_SESSION_SECRET = var.staging.client.session_secret
+  }
+}
+
+module "prod" {
+  source                                        = "./modules/env"
+  providers = {
+    aws = aws.prod
+  }
+
+  domain                                        = "amazonia360.dev-vizzuality.com"
+  project                                       = var.project_name
+  environment                                   = "production"
+  aws_region                                    = var.prod.aws_region
+  beanstalk_platform                            = "64bit Amazon Linux 2023 v4.4.1 running Docker"
+  beanstalk_tier                                = "WebServer"
+  ec2_instance_type                             = "t3.medium"
+  elasticbeanstalk_iam_service_linked_role_name = aws_iam_service_linked_role.elasticbeanstalk.name
+  repo_name                                     = var.repo_name
+  cname_prefix                                  = "amazonia360-prod-environment"
+  github_owner = var.github_owner
+  github_token = var.github_token
+  github_additional_environment_variables = {
+    TF_AWS_REGION   = var.prod.aws_region
+
+    # API
+    TF_API_TIFF_PATH                       = var.prod.api.tiff_path
+    TF_API_GRID_TILES_PATH                 = var.prod.api.grid_tiles_path
+
+    # Client
+    TF_CLIENT_NEXT_PUBLIC_API_URL = var.prod.client.next_public_api_url
+  }
+  github_additional_environment_secrets = {
+    # API
+    TF_API_AUTH_TOKEN = var.prod.api.auth_token
+
+    # Client
+    TF_CLIENT_NEXT_PUBLIC_API_KEY = var.prod.client.next_public_api_key
+    TF_CLIENT_NEXT_PUBLIC_ARCGIS_API_KEY = var.prod.client.next_public_arcgis_api_key
+    TF_CLIENT_ARCGIS_CLIENT_ID = var.prod.client.arcgis_client_id
+    TF_CLIENT_ARCGIS_CLIENT_SECRET = var.prod.client.arcgis_client_secret
+    TF_CLIENT_BASIC_AUTH_USER = var.prod.client.basic_auth_user
+    TF_CLIENT_BASIC_AUTH_PASSWORD = var.prod.client.basic_auth_password
+    TF_CLIENT_SESSION_SECRET = var.prod.client.session_secret
+  }
+}
diff --git a/infrastructure/v2/modules/beanstalk/main.tf b/infrastructure/v2/modules/beanstalk/main.tf
@@ -8,11 +8,6 @@ resource "aws_s3_bucket" "application_bucket" {
   )
 }
 
-# resource "aws_s3_bucket_acl" "application_bucket_acl" {
-#   bucket = aws_s3_bucket.application_bucket.id
-#   acl    = "private"
-# }
-
 #
 # Site Server Security Groups
 # SSH access to and from the world
@@ -117,6 +112,11 @@ locals {
       name      = "RootVolumeSize"
       value     = "40"
     },
+    {
+      namespace = "aws:autoscaling:launchconfiguration"
+      name      = "DisableIMDSv1"
+      value     = true
+    },
     {
       namespace = "aws:autoscaling:launchconfiguration"
       name      = "SecurityGroups"
@@ -220,4 +220,4 @@ resource "aws_lb_listener_rule" "redirect_http_to_https" {
       values = ["/*"]
     }
   }
-}
+}
diff --git a/infrastructure/v2/variables.tf b/infrastructure/v2/variables.tf
@@ -49,6 +49,27 @@ variable "dev" {
   })
 }
 
+variable "staging" {
+  type = object({
+    aws_region = string
+    api = object({
+      auth_token      = string
+      tiff_path       = string
+      grid_tiles_path = string
+    })
+    client = object({
+      next_public_api_url      = string
+      next_public_api_key      = string
+      next_public_arcgis_api_key = string
+      arcgis_client_id         = string
+      arcgis_client_secret     = string
+      basic_auth_user          = string
+      basic_auth_password      = string
+      session_secret           = string
+    })
+  })
+}
+
 variable "prod" {
   type = object({
     aws_region = string

diff --git a/infrastructure/v2/vars/terraform.tfvars b/infrastructure/v2/vars/terraform.tfvars
@@ -5,7 +5,6 @@ repo_name="amazonia-360"
 github_owner="Vizzuality"
 github_token=""
 
-# DEV
 dev = {
     aws_region="eu-west-3"
 
@@ -15,6 +14,48 @@ dev = {
         grid_tiles_path="/opt/api/data/grid"
     }
 
+    client = {
+        next_public_api_url=""
+        next_public_api_key=""
+        next_public_arcgis_api_key=""
+        arcgis_client_id=""
+        arcgis_client_secret=""
+        basic_auth_user=""
+        basic_auth_password=""
+        session_secret=""
+    }
+}
+
+staging = {
+    aws_region="eu-west-3"
+
+    api = {
+        auth_token=""
+        tiff_path="/opt/api/data"
+        grid_tiles_path="/opt/api/data/grid"
+    }
+
+    client = {
+        next_public_api_url=""
+        next_public_api_key=""
+        next_public_arcgis_api_key=""
+        arcgis_client_id=""
+        arcgis_client_secret=""
+        basic_auth_user=""
+        basic_auth_password=""
+        session_secret=""
+    }
+}
+
+prod = {
+    aws_region="sa-east-1"
+
+    api = {
+        auth_token=""
+        tiff_path="/opt/api/data"
+        grid_tiles_path="/opt/api/data/grid"
+    }
+
     client = {
         next_public_api_url=""
         next_public_api_key=""