Adding the Route 53 samples

Volodymyr Tsap
Showing 15 changed files with 108 additions and 25 deletions
README.md
sample1/sample1.png
sample2/sample2.png
sample3/sample3.png
sample4/iam.tf
sample4/sample4.png
sample4/terraform.tfvars
sample5/elb.tf
sample5/elb/main.tf
sample5/elb/variables.tf
sample5/files/init.tpl
sample5/instance.tf
sample5/sample5.png
sample5/terraform.tfvars
sample5/variables.tf
--- a/README.md
View file @d0c6c90
+++ b/README.md
View file @d0c6c90
@@ -28,13 +28,13 @@ The presentation could be found [here](https://docs.google.com/presentation/d/1Z
 1.  Moving deployment script into temlplate provider
 2.  Using *length()* function to get size and create multiple resources
+3.  Add IAM profile for instance
 ### Sample5. Scaling our applications, adding scaling policies
-1.  Add IAM profile for instance
+1.  Creating launch configuration, autoscaling grops
-2.  Creating launch configuration, autoscaling grops
+2.  Building module
-3.  Building module
+3.  Dealing with LoadBalancers and Certificates
-4.  Dealing with LoadBalancers and http
 ### AppendixA.  Upgrading applications environment
 1.  Blue/Green deployment
--- a/sample1/sample1.png 0 → 100644
View file @d0c6c90
+++ b/sample1/sample1.png 0 → 100644
View file @d0c6c90
--- a/sample2/sample2.png 0 → 100644
View file @d0c6c90
+++ b/sample2/sample2.png 0 → 100644
View file @d0c6c90
--- a/sample3/sample3.png 0 → 100644
View file @d0c6c90
+++ b/sample3/sample3.png 0 → 100644
View file @d0c6c90
--- a/sample4/iam.tf 0 → 100644
View file @d0c6c90
+++ b/sample4/iam.tf 0 → 100644
View file @d0c6c90
+## Define a policy to RO
+resource "aws_iam_policy" "ec2-ro-policy" {
+    name        = "ec2-ro-policy"
+    path        = "/"
+    description = "Autocreated Policy to read tags from ec2 instance"
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "Stmt1506366968000",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags"
+            ],
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+EOF
+}
+## STS AssumeRole Data
+data "aws_iam_policy_document" "instance-assume-role-policy" {
+  statement {
+  actions = ["sts:AssumeRole"]
+      principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+                  }
+     }
+}
+## Add EC2 instance role
+resource "aws_iam_role" "ec2-instance-role" {
+     name               = "ec2-instance-role"
+     path               = "/"
+     assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
+      }
+## Attach policy to role
+resource "aws_iam_policy_attachment" "ec2-policy-attachemnt" {
+    name       = "ec2-policy-attachemnt"
+    roles      = ["${aws_iam_role.ec2-instance-role.name}"]
+    policy_arn = "${aws_iam_policy.ec2-ro-policy.arn}"
+  }
+## Create instance profile and attah the role
+resource "aws_iam_instance_profile" "ec2-instance-profile" {
+          name  = "ec2-instance-profile"
+          role = "${aws_iam_role.ec2-instance-role.name}"
+}
--- a/sample4/sample4.png 0 → 100644
View file @d0c6c90
+++ b/sample4/sample4.png 0 → 100644
View file @d0c6c90
--- a/sample4/terraform.tfvars
View file @d0c6c90
+++ b/sample4/terraform.tfvars
View file @d0c6c90
@@ -16,5 +16,5 @@ default_db_subnet_group_subnet_ids = {
     eu-west-1 = [ "subnet-f1e92d8a", "subnet-304b7f7a"  ]
 }
-#
+# Define instance suffix
-instance_suffix = ["a","b"] 
+instance_suffix = ["blue","green"] 
--- a/sample5/elb.tf
View file @d0c6c90
+++ b/sample5/elb.tf
View file @d0c6c90
@@ -8,12 +8,29 @@ module "m-elb-xpdays" {
  backend_port     = "3334"
  backend_protocol = "http"
-  #  ssl_certificate_id = "${data.aws_acm_certificate.wisehands.me.arn}"
+  ssl_certificate_id = "${data.aws_acm_certificate.star-shalb-com.arn}"
  health_check_target = "HTTP:3334/"
  #  elb_security_group = "${aws_security_group.elb-sg.id}"
 }
+# Get the certificate assigned
+data "aws_acm_certificate" "star-shalb-com" {
+    domain   = "*.aws.shalb.com"
+    statuses = ["ISSUED"]
+}
+# Attach the domain to ELB
+resource "aws_route53_record" "xpdays-aws-shalb-com" {
+  zone_id = "Z36XQDCMS0HHZM"
+  name    = "xpdays.aws.shalb.com"
+  type    = "CNAME"
+  ttl     = "300"
+  records = ["${module.m-elb-xpdays.elb_dns_name}"]
+}
 ## Add rule for access to ELB SG into default SG
 resource "aws_security_group_rule" "allow_3334_xpdays" {
  type                     = "ingress"
--- a/sample5/elb/main.tf
View file @d0c6c90
+++ b/sample5/elb/main.tf
View file @d0c6c90
@@ -4,13 +4,13 @@ resource "aws_elb" "elb" {
  internal        = "${var.elb_is_internal}"
  security_groups = ["${aws_security_group.elb-sg.id}"]
-  #  listener {
+    listener {
-  #    instance_port = "${var.backend_port}"
+      instance_port = "${var.backend_port}"
-  #    instance_protocol = "${var.backend_protocol}"
+      instance_protocol = "${var.backend_protocol}"
-  #    lb_port = 443
+      lb_port = 443
-  #    lb_protocol = "https"
+      lb_protocol = "https"
-  # #   ssl_certificate_id = "${var.ssl_certificate_id}"
+      ssl_certificate_id = "${var.ssl_certificate_id}"
-  #  }
+    }
  listener {
    instance_port     = "${var.backend_port}"
--- a/sample5/elb/variables.tf
View file @d0c6c90
+++ b/sample5/elb/variables.tf
View file @d0c6c90
@@ -13,9 +13,9 @@ variable "elb_is_internal" {
 // See README.md for details on finding the
 // ARN of an SSL certificate in EC2
-#variable "ssl_certificate_id" {
+variable "ssl_certificate_id" {
-#  description = "The ARN of the SSL Certificate in EC2"
+  description = "The ARN of the SSL Certificate in EC2"
-#}
+}
 variable "subnet_az1" {
  description = "The subnet for AZ1"
--- a/sample5/files/init.tpl
View file @d0c6c90
+++ b/sample5/files/init.tpl
View file @d0c6c90
@@ -2,7 +2,7 @@
 hostname ${instancehostname} && hostname > /etc/hostname
 echo "127.0.0.1 localhost `hostname`" > /etc/hosts
 cd /home/ubuntu
-git clone https://bitbucket.org/bohdaq/wisehands.me.git
+git clone --branch ${versiontag}  https://bitbucket.org/bohdaq/wisehands.me.git
 cd /home/ubuntu/wisehands.me/ && play deps
 mkdir -p /home/ubuntu/wisehands.me/modules/guice-1.2
 cd /home/ubuntu/wisehands.me/modules/guice-1.2
--- a/sample5/instance.tf
View file @d0c6c90
+++ b/sample5/instance.tf
View file @d0c6c90
@@ -6,6 +6,7 @@ data "template_file" "init" {
  vars {
    dbendpoint="${aws_db_instance.db-instance.username}:${aws_db_instance.db-instance.password}@${aws_db_instance.db-instance.endpoint}\\/${aws_db_instance.db-instance.name}"
    instancehostname="xpdays-${var.instance_suffix[count.index]}-${count.index}"
+    versiontag="${var.xpdays_versiontag}"
  }
 }
@@ -23,19 +24,19 @@ resource "aws_launch_configuration" "launch-xpdays" {
 ## Add Autoscaling group
 resource "aws_autoscaling_group" "asg-xpdays" {
-#    lifecycle { create_before_destroy = true }
+    lifecycle { create_before_destroy = true }
-#    depends_on = ["aws_launch_configuration.launch-xpdays"]
+    name                      = "asg-${aws_launch_configuration.launch-xpdays.name}-${var.instance_suffix[count.index]}"
    desired_capacity          = "${lookup(var.instance_count_xpdays_desired, var.environment)}"
    max_size                  = "${lookup(var.instance_count_xpdays_max, var.environment)}"
    min_size                  = "${lookup(var.instance_count_xpdays_min, var.environment)}"
    health_check_grace_period = 300
    health_check_type         = "EC2"
    launch_configuration      = "${element(aws_launch_configuration.launch-xpdays.*.name, count.index)}"
-    name                      = "asg-xpdays-${var.instance_suffix[count.index]}"
    vpc_zone_identifier       =  ["${list(aws_subnet.default_subnet.id)}"]
    availability_zones        = ["${lookup(var.default_subnet_availability_zone, var.environment)}"]
    load_balancers            =  ["${module.m-elb-xpdays.elb_id}"]
-#    wait_for_elb_capacity     = "${element(var.instance_count_xpdays_desired[var.environment],count.index)}"
+    wait_for_elb_capacity     = "${lookup(var.instance_count_xpdays_min, var.environment)}"
    enabled_metrics = "${var.asg_enabled_metrics}"
    tag {
        key   = "Name"
--- a/sample5/sample5.png 0 → 100644
View file @d0c6c90
+++ b/sample5/sample5.png 0 → 100644
View file @d0c6c90
--- a/sample5/terraform.tfvars
View file @d0c6c90
+++ b/sample5/terraform.tfvars
View file @d0c6c90
+## Define the microservice version
+xpdays_versiontag = "0.0.2"
 ### AWS related
 region = {
@@ -44,7 +48,8 @@ asg_enabled_metrics = [ "GroupDesiredCapacity", "GroupPendingInstances", "GroupI
                        "GroupStandbyInstances", "GroupTotalInstances", "GroupMinSize" , "GroupTerminatingInstances" ]
 #
-instance_suffix = ["blue","green"]
+instance_suffix = ["blue"]
+#instance_suffix = ["blue","green"]
 instance_count_xpdays_desired = {
@@ -52,7 +57,7 @@ instance_count_xpdays_desired = {
 	        development = 1
 }
 instance_count_xpdays_min = {
-	        production = 0
+	        production = 1
 	        development = 1
 }
 instance_count_xpdays_max = {
--- a/sample5/variables.tf
View file @d0c6c90
+++ b/sample5/variables.tf
View file @d0c6c90
-# VPC related stuff
+## Application version stuff
+variable "xpdays_versiontag" {}
+## VPC related stuff
 variable "region" {
  type        = "map"