diff --git a/deploy/aws/main.tf b/deploy/aws/main.tf index 82c657015..e9b685360 100644 --- a/deploy/aws/main.tf +++ b/deploy/aws/main.tf @@ -24,7 +24,7 @@ data "aws_iam_policy_document" "CloudWatchLogsFullAccess-assume-role-policy" { } resource "aws_iam_role" "CloudWatchLogsFullAccess" { - name = "CloudWatchLogsFullAccess" + name = "CloudWatchLogsFullAccess" assume_role_policy = "${data.aws_iam_policy_document.CloudWatchLogsFullAccess-assume-role-policy.json}" } @@ -41,98 +41,95 @@ resource "aws_iam_instance_profile" "qed-profile" { module "qed" { source = "./modules/qed" - name = "qed" - count = 3 - instance_type = "t3.2xlarge" - iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" - volume_size = "20" + name = "qed" + count = 3 + instance_type = "t3.2xlarge" + iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" + volume_size = "20" vpc_security_group_ids = "${module.security_group.this_security_group_id}" - subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" - key_name = "${aws_key_pair.qed.key_name}" - key_path = "${var.keypath}" + subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" + key_name = "${aws_key_pair.qed.key_name}" + key_path = "${var.keypath}" } module "inmemory-storage" { source = "./modules/inmemory_storage" - name = "inmemory-storage" - instance_type = "t3.small" - iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" - volume_size = "20" + name = "inmemory-storage" + instance_type = "t3.small" + iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" + volume_size = "20" vpc_security_group_ids = "${module.security_group.this_security_group_id}" - subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" - key_name = "${aws_key_pair.qed.key_name}" - key_path = "${var.keypath}" + subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" + key_name = "${aws_key_pair.qed.key_name}" + key_path = "${var.keypath}" } module "agent-publisher" { source = "./modules/qed" - name = "agent-publisher" - instance_type = "t3.small" - iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" - volume_size = "20" + name = "agent-publisher" + instance_type = "t3.small" + iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" + volume_size = "20" vpc_security_group_ids = "${module.security_group.this_security_group_id}" - subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" - key_name = "${aws_key_pair.qed.key_name}" - key_path = "${var.keypath}" - role = "publisher" - + subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" + key_name = "${aws_key_pair.qed.key_name}" + key_path = "${var.keypath}" + role = "publisher" } module "agent-monitor" { source = "./modules/qed" - name = "agent-monitor" - count = 1 - instance_type = "t3.small" - iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" - volume_size = "20" + name = "agent-monitor" + count = 1 + instance_type = "t3.small" + iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" + volume_size = "20" vpc_security_group_ids = "${module.security_group.this_security_group_id}" - subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" - key_name = "${aws_key_pair.qed.key_name}" - key_path = "${var.keypath}" - role = "monitor" + subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" + key_name = "${aws_key_pair.qed.key_name}" + key_path = "${var.keypath}" + role = "monitor" } module "agent-auditor" { source = "./modules/qed" - name = "agent-auditor" - instance_type = "t3.small" - iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" - volume_size = "20" + name = "agent-auditor" + instance_type = "t3.small" + iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" + volume_size = "20" vpc_security_group_ids = "${module.security_group.this_security_group_id}" - subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" - key_name = "${aws_key_pair.qed.key_name}" - key_path = "${var.keypath}" - role = "auditor" - + subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" + key_name = "${aws_key_pair.qed.key_name}" + key_path = "${var.keypath}" + role = "auditor" } module "prometheus" { source = "./modules/prometheus" - instance_type = "t3.medium" - iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" - volume_size = "20" + instance_type = "t3.medium" + iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" + volume_size = "20" vpc_security_group_ids = "${module.prometheus_security_group.this_security_group_id}" - subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" - key_name = "${aws_key_pair.qed.key_name}" - key_path = "${var.keypath}" + subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" + key_name = "${aws_key_pair.qed.key_name}" + key_path = "${var.keypath}" } module "riot" { source = "./modules/riot" - instance_type = "t3.medium" - iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" - volume_size = "20" + instance_type = "t3.medium" + iam_instance_profile = "${aws_iam_instance_profile.qed-profile.name}" + volume_size = "20" vpc_security_group_ids = "${module.security_group.this_security_group_id}" - subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" - key_name = "${aws_key_pair.qed.key_name}" - key_path = "${var.keypath}" - endpoint = "${module.qed.private_ip[0]}" - num_requests = 10000000 - + subnet_id = "${element(data.aws_subnet_ids.all.ids, 0)}" + key_name = "${aws_key_pair.qed.key_name}" + key_path = "${var.keypath}" + endpoint = "${module.qed.private_ip[0]}" + num_requests = 10000000 } diff --git a/deploy/aws/modules/prometheus/outputs.tf b/deploy/aws/modules/prometheus/outputs.tf index 1ef921f33..d0f13ec63 100644 --- a/deploy/aws/modules/prometheus/outputs.tf +++ b/deploy/aws/modules/prometheus/outputs.tf @@ -1,6 +1,7 @@ output "private_ip" { value = "${aws_instance.prometheus.private_ip}" } + output "public_ip" { value = "${aws_instance.prometheus.public_ip}" } diff --git a/deploy/aws/modules/prometheus/variables.tf b/deploy/aws/modules/prometheus/variables.tf index 5a8d09cf9..95029a785 100644 --- a/deploy/aws/modules/prometheus/variables.tf +++ b/deploy/aws/modules/prometheus/variables.tf @@ -27,9 +27,11 @@ variable "subnet_id" {} variable "key_name" {} variable "key_path" {} + variable "role" { default = "prometheus" } + variable "path" { default = "/home/ec2-user/prometheus" } diff --git a/deploy/aws/modules/qed/outputs.tf b/deploy/aws/modules/qed/outputs.tf index 5d25ec9da..6c4b504b2 100644 --- a/deploy/aws/modules/qed/outputs.tf +++ b/deploy/aws/modules/qed/outputs.tf @@ -5,4 +5,3 @@ output "private_ip" { output "public_ip" { value = "${aws_instance.qed-server.*.public_ip}" } - diff --git a/deploy/aws/modules/qed/variables.tf b/deploy/aws/modules/qed/variables.tf index 7511e7044..efa684aa2 100644 --- a/deploy/aws/modules/qed/variables.tf +++ b/deploy/aws/modules/qed/variables.tf @@ -39,10 +39,9 @@ variable "path" { } variable "count" { - default = 1 + default = 1 } variable "command" { default = "start" } - diff --git a/deploy/aws/network.tf b/deploy/aws/network.tf index c888f3514..c523d9ddb 100644 --- a/deploy/aws/network.tf +++ b/deploy/aws/network.tf @@ -32,102 +32,105 @@ data "aws_subnet_ids" "all" { } module "security_group" { - source = "terraform-aws-modules/security-group/aws" + source = "terraform-aws-modules/security-group/aws" version = "2.11.0" name = "qed" description = "Security group for QED usage" vpc_id = "${data.aws_vpc.default.id}" - egress_rules = ["all-all"] + egress_rules = ["all-all"] ingress_cidr_blocks = ["${chomp(data.http.ip.body)}/32"] - ingress_rules = ["all-icmp", "ssh-tcp" ] + ingress_rules = ["all-icmp", "ssh-tcp"] + ingress_with_cidr_blocks = [ { - from_port = 8800 - to_port = 8800 - protocol = "tcp" - cidr_blocks = "${chomp(data.http.ip.body)}/32" + from_port = 8800 + to_port = 8800 + protocol = "tcp" + cidr_blocks = "${chomp(data.http.ip.body)}/32" }, { - from_port = 8888 - to_port = 8888 - protocol = "tcp" - cidr_blocks = "${chomp(data.http.ip.body)}/32" + from_port = 8888 + to_port = 8888 + protocol = "tcp" + cidr_blocks = "${chomp(data.http.ip.body)}/32" }, { - from_port = 8600 - to_port = 8600 - protocol = "tcp" - cidr_blocks = "${chomp(data.http.ip.body)}/32" + from_port = 8600 + to_port = 8600 + protocol = "tcp" + cidr_blocks = "${chomp(data.http.ip.body)}/32" }, { - from_port = 6060 - to_port = 6060 - protocol = "tcp" - cidr_blocks = "${chomp(data.http.ip.body)}/32" + from_port = 6060 + to_port = 6060 + protocol = "tcp" + cidr_blocks = "${chomp(data.http.ip.body)}/32" }, { - from_port = 9100 - to_port = 9100 - protocol = "tcp" - cidr_blocks = "${chomp(data.http.ip.body)}/32" - } + from_port = 9100 + to_port = 9100 + protocol = "tcp" + cidr_blocks = "${chomp(data.http.ip.body)}/32" + }, ] + computed_ingress_with_source_security_group_id = [ { - from_port = 0 - to_port = 65535 - protocol = "tcp" - source_security_group_id = "${module.security_group.this_security_group_id}" + from_port = 0 + to_port = 65535 + protocol = "tcp" + source_security_group_id = "${module.security_group.this_security_group_id}" }, { - from_port = 0 - to_port = 65535 - protocol = "tcp" - source_security_group_id = "${module.prometheus_security_group.this_security_group_id}" - } + from_port = 0 + to_port = 65535 + protocol = "tcp" + source_security_group_id = "${module.prometheus_security_group.this_security_group_id}" + }, ] number_of_computed_ingress_with_source_security_group_id = 2 - } module "prometheus_security_group" { - source = "terraform-aws-modules/security-group/aws" + source = "terraform-aws-modules/security-group/aws" version = "2.11.0" name = "prometheus" description = "Security group for Prometheus/Grafana usage" vpc_id = "${data.aws_vpc.default.id}" - egress_rules = ["all-all"] + egress_rules = ["all-all"] ingress_cidr_blocks = ["${chomp(data.http.ip.body)}/32"] - ingress_rules = ["all-icmp", "ssh-tcp" ] + ingress_rules = ["all-icmp", "ssh-tcp"] + ingress_with_cidr_blocks = [ { - from_port = 9090 # prometheus metrics - to_port = 9090 - protocol = "tcp" - cidr_blocks = "${chomp(data.http.ip.body)}/32" + from_port = 9090 # prometheus metrics + to_port = 9090 + protocol = "tcp" + cidr_blocks = "${chomp(data.http.ip.body)}/32" }, { - from_port = 3000 # graphana - to_port = 3000 - protocol = "tcp" - cidr_blocks = "${chomp(data.http.ip.body)}/32" + from_port = 3000 # graphana + to_port = 3000 + protocol = "tcp" + cidr_blocks = "${chomp(data.http.ip.body)}/32" }, ] + computed_ingress_with_source_security_group_id = [ { - from_port = 0 - to_port = 65535 - protocol = "tcp" - source_security_group_id = "${module.security_group.this_security_group_id}" - } + from_port = 0 + to_port = 65535 + protocol = "tcp" + source_security_group_id = "${module.security_group.this_security_group_id}" + }, ] - number_of_computed_ingress_with_source_security_group_id = 1 + number_of_computed_ingress_with_source_security_group_id = 1 } diff --git a/deploy/aws/outputs.tf b/deploy/aws/outputs.tf index 39a734e78..6dd707283 100644 --- a/deploy/aws/outputs.tf +++ b/deploy/aws/outputs.tf @@ -1,4 +1,3 @@ - output "qed" { value = "${module.qed.public_ip}" } @@ -6,6 +5,7 @@ output "qed" { output "prometheus" { value = "${module.prometheus.public_ip}" } + output "riot" { value = "${module.riot.public_ip}" } @@ -25,5 +25,3 @@ output "agent-monitor" { output "agent-auditor" { value = "${module.agent-auditor.public_ip}" } - - diff --git a/deploy/aws/pre-build/bucket.tf b/deploy/aws/pre-build/bucket.tf index d1bf2cda8..22c499eb3 100644 --- a/deploy/aws/pre-build/bucket.tf +++ b/deploy/aws/pre-build/bucket.tf @@ -4,7 +4,7 @@ terraform { provider "aws" { version = ">= 1.56.0, < 2.0" - region = "eu-west-1" + region = "eu-west-1" profile = "${var.aws_profile}" } @@ -12,18 +12,19 @@ resource "aws_kms_key" "bucket-key" { description = "This key is used to encrypt bucket objects" deletion_window_in_days = 10 } + resource "aws_s3_bucket" "terraform-qed-cluster" { - bucket = "terraform-qed-cluster" - - versioning { - enabled = true - } - - lifecycle { - prevent_destroy = true - } - - server_side_encryption_configuration { + bucket = "terraform-qed-cluster" + + versioning { + enabled = true + } + + lifecycle { + prevent_destroy = true + } + + server_side_encryption_configuration { rule { apply_server_side_encryption_by_default { kms_master_key_id = "${aws_kms_key.bucket-key.arn}" @@ -31,7 +32,8 @@ resource "aws_s3_bucket" "terraform-qed-cluster" { } } } - tags { - Name = "S3 Remote Terraform State Store" - } + + tags { + Name = "S3 Remote Terraform State Store" + } } diff --git a/deploy/aws/variables.tf b/deploy/aws/variables.tf index 0b0edf114..d6b0d6050 100644 --- a/deploy/aws/variables.tf +++ b/deploy/aws/variables.tf @@ -4,4 +4,4 @@ variable "aws_profile" { variable "keypath" { default = "~/.ssh/id_rsa_free" -} \ No newline at end of file +}