dhiemstra/aws.tf

## aws.tf
variable "aws_access_key" { default = "x" }
variable "aws_secret_key" { default = "x" }

# Should be given via command line
variable "branch" {}

variable "aws_region" {
  default = "eu-central-1"
}
variable "r53_staging_zone_id" {
  default = "Z7FDNXIWS41RG"
}
variable "rds_production_identifier" {
  default = "salonized-production"
}
variable "rds_staging_instance_type" {
  default = "db.t2.micro"
}
variable "rds_staging_param_group" {
  default = "salonized-96"
}
variable "rancher_security_group_id" {
  default = "sg-55da563c"
}

provider "aws" {
  access_key = "${var.aws_access_key}"
  secret_key = "${var.aws_secret_key}"
  region = "${var.aws_region}"
}

data "aws_db_snapshot" "production" {
  db_instance_identifier = "${var.rds_production_identifier}"
  most_recent = true
}

# Create or fetch staging DB security group
resource "aws_security_group" "db_security_group" {
  name = "staging db"

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port = 5432
    to_port = 5432
    protocol = "tcp"
    security_groups = ["${var.rancher_security_group_id}"]
  }

  # ICMP
  ingress {
    from_port = -1
    to_port = -1
    protocol = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# Create RDS instance
resource "aws_db_instance" "db" {
  instance_class          = "${var.rds_staging_instance_type}"
  snapshot_identifier     = "${data.aws_db_snapshot.production.id}"
  parameter_group_name    = "${var.rds_staging_param_group}"
  vpc_security_group_ids  = ["${aws_security_group.db_security_group.id}"]
  multi_az                = false
  publicly_accessible     = true
  skip_final_snapshot     = true
  backup_retention_period = 0
  identifier              = "${var.branch}"
  password                = "x"
  # username                = "salonized"
}

# Add CNAME that points to rds server
resource "aws_route53_record" "db" {
  zone_id    = "${var.r53_staging_zone_id}"
  name       = "db.${var.branch}"
  type       = "CNAME"
  ttl        = "60"
  records    = ["${aws_db_instance.db.address}"]
  depends_on = ["aws_db_instance.db"]
}

# Add CNAME records for all staging endpoints
resource "aws_route53_record" "app" {
  zone_id    = "${var.r53_staging_zone_id}"
  name       = "*.${var.branch}"
  type       = "CNAME"
  ttl        = "60"
  records    = ["load-balancer.system.dns.salonized.ninja."]
}

## deploy.yml
version: 1
# - Add terraform scripts and rancher stack config to subfolders in the repo:
#   - ./terraform/staging/rds.tf
#   - ./terraform/staging/route53.tf
#   - ./rancher/staging/docker-compose.yml
#   - ./rancher/staging/rnacher-compose.yml
steps:
  database:
    terraform: staging/rds
  subdomains:
    terraform: staging/route53
  update_stack:
    rancher: staging
	variable "aws_access_key" { default = "x" }
	variable "aws_secret_key" { default = "x" }

	# Should be given via command line
	variable "branch" {}

	variable "aws_region" {
	default = "eu-central-1"
	}
	variable "r53_staging_zone_id" {
	default = "Z7FDNXIWS41RG"
	}
	variable "rds_production_identifier" {
	default = "salonized-production"
	}
	variable "rds_staging_instance_type" {
	default = "db.t2.micro"
	}
	variable "rds_staging_param_group" {
	default = "salonized-96"
	}
	variable "rancher_security_group_id" {
	default = "sg-55da563c"
	}

	provider "aws" {
	access_key = "${var.aws_access_key}"
	secret_key = "${var.aws_secret_key}"
	region = "${var.aws_region}"
	}

	data "aws_db_snapshot" "production" {
	db_instance_identifier = "${var.rds_production_identifier}"
	most_recent = true
	}

	# Create or fetch staging DB security group
	resource "aws_security_group" "db_security_group" {
	name = "staging db"

	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}

	ingress {
	from_port = 5432
	to_port = 5432
	protocol = "tcp"
	security_groups = ["${var.rancher_security_group_id}"]
	}

	# ICMP
	ingress {
	from_port = -1
	to_port = -1
	protocol = "icmp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	egress {
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	# Create RDS instance
	resource "aws_db_instance" "db" {
	instance_class = "${var.rds_staging_instance_type}"
	snapshot_identifier = "${data.aws_db_snapshot.production.id}"
	parameter_group_name = "${var.rds_staging_param_group}"
	vpc_security_group_ids = ["${aws_security_group.db_security_group.id}"]
	multi_az = false
	publicly_accessible = true
	skip_final_snapshot = true
	backup_retention_period = 0
	identifier = "${var.branch}"
	password = "x"
	# username = "salonized"
	}

	# Add CNAME that points to rds server
	resource "aws_route53_record" "db" {
	zone_id = "${var.r53_staging_zone_id}"
	name = "db.${var.branch}"
	type = "CNAME"
	ttl = "60"
	records = ["${aws_db_instance.db.address}"]
	depends_on = ["aws_db_instance.db"]
	}

	# Add CNAME records for all staging endpoints
	resource "aws_route53_record" "app" {
	zone_id = "${var.r53_staging_zone_id}"
	name = "*.${var.branch}"
	type = "CNAME"
	ttl = "60"
	records = ["load-balancer.system.dns.salonized.ninja."]
	}
	version: 1
	# - Add terraform scripts and rancher stack config to subfolders in the repo:
	# - ./terraform/staging/rds.tf
	# - ./terraform/staging/route53.tf
	# - ./rancher/staging/docker-compose.yml
	# - ./rancher/staging/rnacher-compose.yml
	steps:
	database:
	terraform: staging/rds
	subdomains:
	terraform: staging/route53
	update_stack:
	rancher: staging