Skip to content
This repository has been archived by the owner on Apr 18, 2022. It is now read-only.

Commit

Permalink
Convert repo to work with Terraform 0.12 (#37)
Browse files Browse the repository at this point in the history 
* Switch tests to terraform 0.12

* Upgrade test/all.tf to 0.12 format

* Terraform 0.12upgrade for root module

* Terraform 0.12upgrade for vpc

* Terraform 0.12upgrade of wildcard cert

* Terraform 0.12upgrade of app_base

* Terraform 0.12upgrade of command console

* Terraform 0.12upgrade of database

* Terraform 0.12upgrade of encryptkey

* Terraform 0.12upgrade of fargate_cluster

* Terrform 0.12upgrade ingress

* Terrform 0.12upgrade lambda_cron

* Remove unused soapbox module

* Terraform 0.12upgrade of plain_instance

* Terraform 0.12upgrade of static_site

* Terraform 0.12upgrade of utilities

* Clean-up automated warnings and validation errors

* Add new recursive flag for fmt
  • Loading branch information
@robertfairhead
robertfairhead authored Jun 6, 2019
1 parent cd0e3a7 commit 3962e9d
Show file tree
Hide file tree
Showing 89 changed files with 1,323 additions and 1,150 deletions.
4 changes: 2 additions & 2 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ pipeline {
}
}
steps {
sh 'terraform fmt -check=true -diff=true'
sh 'terraform fmt -check=true -diff=true -recursive'
}
}

Expand All @@ -25,7 +25,7 @@ pipeline {
stage('Terraform validation') {
agent {
docker {
image 'hashicorp/terraform:0.11.13'
image 'hashicorp/terraform:0.12.1'
args '-w $WORKSPACE --entrypoint=""'
}
}
Expand Down
21 changes: 11 additions & 10 deletions app_base/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,33 +3,33 @@
#######

data "aws_vpc" "vpc" {
tags {
env = "${var.env}"
tags = {
env = var.env
}
}

data "aws_subnet" "application_subnet" {
count = 3
vpc_id = "${data.aws_vpc.vpc.id}"
vpc_id = data.aws_vpc.vpc.id

tags {
tags = {
name = "app-sub-${count.index}"
env = "${var.env}"
env = var.env
}
}

data "aws_subnet" "public_subnet" {
count = 3
vpc_id = "${data.aws_vpc.vpc.id}"
vpc_id = data.aws_vpc.vpc.id

tags {
tags = {
name = "public-sub-${count.index}"
env = "${var.env}"
env = var.env
}
}

data "aws_route53_zone" "external" {
name = "${var.domain_name}"
name = var.domain_name
private_zone = false
}

Expand All @@ -39,6 +39,7 @@ data "aws_route53_zone" "internal" {
}

data "aws_acm_certificate" "wildcard" {
domain = "${var.domain_name}"
domain = var.domain_name
most_recent = true
}

83 changes: 42 additions & 41 deletions app_base/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,21 @@
#######

resource "aws_route53_record" "external_cname" {
zone_id = "${data.aws_route53_zone.external.id}"
name = "${var.application_name}"
zone_id = data.aws_route53_zone.external.id
name = var.application_name
type = "CNAME"
ttl = 30

records = ["${aws_alb.application_alb.dns_name}"]
records = [aws_alb.application_alb.dns_name]
}

resource "aws_route53_record" "internal_cname" {
zone_id = "${data.aws_route53_zone.internal.id}"
name = "${var.application_name}"
zone_id = data.aws_route53_zone.internal.id
name = var.application_name
type = "CNAME"
ttl = 30

records = ["${aws_alb.application_alb.dns_name}"]
records = [aws_alb.application_alb.dns_name]
}

#######
Expand All @@ -28,15 +28,15 @@ resource "aws_alb" "application_alb" {
# max 6 characters for name prefix
name_prefix = "${format("%.5s", var.application_name)}-"
internal = false
security_groups = ["${aws_security_group.application_alb_sg.id}"]
subnets = ["${data.aws_subnet.public_subnet.*.id}"]
security_groups = [aws_security_group.application_alb_sg.id]
subnets = data.aws_subnet.public_subnet.*.id

ip_address_type = "ipv4"

tags {
env = "${var.env}"
tags = {
env = var.env
terraform = "true"
app = "${var.application_name}"
app = var.application_name
name = "alb-${var.application_name}"
}
}
Expand All @@ -45,64 +45,64 @@ resource "aws_alb" "application_alb" {
resource "aws_alb_target_group" "application_target_group" {
# max 6 characters for name prefix
name_prefix = "${format("%.5s", var.application_name)}-"
port = "${var.application_port}"
port = var.application_port
protocol = "HTTP"
vpc_id = "${data.aws_vpc.vpc.id}"
target_type = "ip" # Must use IP to support fargate
vpc_id = data.aws_vpc.vpc.id
target_type = "ip" # Must use IP to support fargate

health_check {
interval = 60
path = "${var.health_check_path}"
port = "${var.application_port}"
path = var.health_check_path
port = var.application_port
healthy_threshold = 2
unhealthy_threshold = 2
}

depends_on = ["aws_alb.application_alb"]
depends_on = [aws_alb.application_alb]

tags {
env = "${var.env}"
tags = {
env = var.env
terraform = "true"
app = "${var.application_name}"
app = var.application_name
name = "alb-tg-${var.application_name}:${var.application_port}"
}
}

resource "aws_alb_listener" "application_alb_https" {
load_balancer_arn = "${aws_alb.application_alb.arn}"
port = "${var.loadbalancer_port}"
load_balancer_arn = aws_alb.application_alb.arn
port = var.loadbalancer_port
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_arn = "${data.aws_acm_certificate.wildcard.arn}"
certificate_arn = data.aws_acm_certificate.wildcard.arn

default_action {
target_group_arn = "${aws_alb_target_group.application_target_group.arn}"
target_group_arn = aws_alb_target_group.application_target_group.arn
type = "forward"
}
}

# Security Group: world -> alb
resource "aws_security_group" "application_alb_sg" {
name_prefix = "${var.application_name}-alb-"
vpc_id = "${data.aws_vpc.vpc.id}"
vpc_id = data.aws_vpc.vpc.id

tags {
env = "${var.env}"
tags = {
env = var.env
terraform = "true"
app = "${var.application_name}"
app = var.application_name
name = "world->alb-sg-${var.application_name}"
}
}

// Allow inbound only to our listening port
resource "aws_security_group_rule" "lb_ingress" {
type = "ingress"
from_port = "${var.loadbalancer_port}"
to_port = "${var.loadbalancer_port}"
from_port = var.loadbalancer_port
to_port = var.loadbalancer_port
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]

security_group_id = "${aws_security_group.application_alb_sg.id}"
security_group_id = aws_security_group.application_alb_sg.id
}

// Allow all outbound by default
Expand All @@ -113,7 +113,7 @@ resource "aws_security_group_rule" "lb_egress" {
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]

security_group_id = "${aws_security_group.application_alb_sg.id}"
security_group_id = aws_security_group.application_alb_sg.id
}

#######
Expand All @@ -122,23 +122,23 @@ resource "aws_security_group_rule" "lb_egress" {

resource "aws_security_group" "app_sg" {
name_prefix = "${var.application_name}-app-"
vpc_id = "${data.aws_vpc.vpc.id}"
vpc_id = data.aws_vpc.vpc.id

tags {
app = "${var.application_name}"
env = "${var.env}"
tags = {
app = var.application_name
env = var.env
}
}

// Allow inbound only to our application port
resource "aws_security_group_rule" "app_ingress" {
type = "ingress"
from_port = "${var.application_port}"
to_port = "${var.application_port}"
from_port = var.application_port
to_port = var.application_port
protocol = "tcp"
source_security_group_id = "${aws_security_group.application_alb_sg.id}"
source_security_group_id = aws_security_group.application_alb_sg.id

security_group_id = "${aws_security_group.app_sg.id}"
security_group_id = aws_security_group.app_sg.id
}

// Allow all outbound, e.g. third-pary API endpoints, by default
Expand All @@ -149,5 +149,6 @@ resource "aws_security_group_rule" "app_egress" {
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]

security_group_id = "${aws_security_group.app_sg.id}"
security_group_id = aws_security_group.app_sg.id
}

5 changes: 3 additions & 2 deletions app_base/outputs.tf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
output "app_sg_id" {
value = "${aws_security_group.app_sg.id}"
value = aws_security_group.app_sg.id
}

output "lb_tg_arn" {
value = "${aws_alb_target_group.application_target_group.arn}"
value = aws_alb_target_group.application_target_group.arn
}

1 change: 1 addition & 0 deletions app_base/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,4 @@ variable "loadbalancer_port" {
description = "port on which the load balancer will be listening. it will terminate TLS on this port."
default = "443"
}

4 changes: 4 additions & 0 deletions app_base/versions.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@

terraform {
required_version = ">= 0.12"
}
26 changes: 14 additions & 12 deletions command_console/data.tf
View file
Original file line number Diff line number Diff line change
@@ -1,36 +1,37 @@
data "aws_vpc" "vpc" {
tags {
env = "${var.env}"
tags = {
env = var.env
}
}

data "aws_caller_identity" "current" {}
data "aws_caller_identity" "current" {
}

data "aws_subnet" "application_subnet" {
count = 3
vpc_id = "${data.aws_vpc.vpc.id}"
vpc_id = data.aws_vpc.vpc.id

tags {
tags = {
name = "app-sub-${count.index}"
env = "${var.env}"
env = var.env
}
}

data "aws_security_group" "ssh_proxies" {
vpc_id = "${data.aws_vpc.vpc.id}"
vpc_id = data.aws_vpc.vpc.id

tags {
env = "${var.env}"
tags = {
env = var.env
app = "teleport"
Name = "teleport-proxies"
}
}

data "aws_security_group" "jumpbox" {
vpc_id = "${data.aws_vpc.vpc.id}"
vpc_id = data.aws_vpc.vpc.id

tags {
env = "${var.env}"
tags = {
env = var.env
app = "utilities"
Name = "jumpbox"
}
Expand All @@ -49,3 +50,4 @@ data "aws_ami" "base" {
values = ["adhoc_base*"]
}
}

Loading

0 comments on commit 3962e9d

Please sign in to comment.