Last active
September 30, 2017 09:58
-
-
Save dhiemstra/49f081658846a3c27b91f25716d9b244 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
variable "aws_access_key" { default = "x" } | |
variable "aws_secret_key" { default = "x" } | |
# Should be given via command line | |
variable "branch" {} | |
variable "aws_region" { | |
default = "eu-central-1" | |
} | |
variable "r53_staging_zone_id" { | |
default = "Z7FDNXIWS41RG" | |
} | |
variable "rds_production_identifier" { | |
default = "salonized-production" | |
} | |
variable "rds_staging_instance_type" { | |
default = "db.t2.micro" | |
} | |
variable "rds_staging_param_group" { | |
default = "salonized-96" | |
} | |
variable "rancher_security_group_id" { | |
default = "sg-55da563c" | |
} | |
provider "aws" { | |
access_key = "${var.aws_access_key}" | |
secret_key = "${var.aws_secret_key}" | |
region = "${var.aws_region}" | |
} | |
data "aws_db_snapshot" "production" { | |
db_instance_identifier = "${var.rds_production_identifier}" | |
most_recent = true | |
} | |
# Create or fetch staging DB security group | |
resource "aws_security_group" "db_security_group" { | |
name = "staging db" | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
ingress { | |
from_port = 5432 | |
to_port = 5432 | |
protocol = "tcp" | |
security_groups = ["${var.rancher_security_group_id}"] | |
} | |
# ICMP | |
ingress { | |
from_port = -1 | |
to_port = -1 | |
protocol = "icmp" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} | |
# Create RDS instance | |
resource "aws_db_instance" "db" { | |
instance_class = "${var.rds_staging_instance_type}" | |
snapshot_identifier = "${data.aws_db_snapshot.production.id}" | |
parameter_group_name = "${var.rds_staging_param_group}" | |
vpc_security_group_ids = ["${aws_security_group.db_security_group.id}"] | |
multi_az = false | |
publicly_accessible = true | |
skip_final_snapshot = true | |
backup_retention_period = 0 | |
identifier = "${var.branch}" | |
password = "x" | |
# username = "salonized" | |
} | |
# Add CNAME that points to rds server | |
resource "aws_route53_record" "db" { | |
zone_id = "${var.r53_staging_zone_id}" | |
name = "db.${var.branch}" | |
type = "CNAME" | |
ttl = "60" | |
records = ["${aws_db_instance.db.address}"] | |
depends_on = ["aws_db_instance.db"] | |
} | |
# Add CNAME records for all staging endpoints | |
resource "aws_route53_record" "app" { | |
zone_id = "${var.r53_staging_zone_id}" | |
name = "*.${var.branch}" | |
type = "CNAME" | |
ttl = "60" | |
records = ["load-balancer.system.dns.salonized.ninja."] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: 1 | |
# - Add terraform scripts and rancher stack config to subfolders in the repo: | |
# - ./terraform/staging/rds.tf | |
# - ./terraform/staging/route53.tf | |
# - ./rancher/staging/docker-compose.yml | |
# - ./rancher/staging/rnacher-compose.yml | |
steps: | |
database: | |
terraform: staging/rds | |
subdomains: | |
terraform: staging/route53 | |
update_stack: | |
rancher: staging |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment