Skip to content

Instantly share code, notes, and snippets.

@echo-devnull
Created April 8, 2017 08:48
Show Gist options
  • Save echo-devnull/e3208bab761b688bdb0d1ec3e80a77bb to your computer and use it in GitHub Desktop.
Save echo-devnull/e3208bab761b688bdb0d1ec3e80a77bb to your computer and use it in GitHub Desktop.
// This terraform file will setup an autoscaling group for a grafan server
// Deciding which AMI to use
// aws ec2 describe-images --owners 099720109477 --filters Name=virtualization-type,Values=paravirtual
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
}
filter {
name = "architecture"
values = ["x86_64"]
}
owners = ["099720109477"] # Canonical
}
// AWS launch configguration, used by the Autoscaling group
resource "aws_launch_configuration" "grafana" {
name_prefix = "grafana"
image_id = "${data.aws_ami.ubuntu.id}"
instance_type = "t2.medium"
security_groups = ["${aws_security_group.grafana_server.id}"]
key_name = "${aws_key_pair.ansible_bootstrap.id}"
associate_public_ip_address = false
lifecycle {
create_before_destroy = true
}
}
// Autoscaling group
resource "aws_autoscaling_group" "grafana" {
name = "basegrafana"
max_size = 1
min_size = 1
health_check_grace_period = 300
health_check_type = "EC2"
desired_capacity = 1
force_delete = true
launch_configuration = "${aws_launch_configuration.grafana.name}"
vpc_zone_identifier = ["${split(",", module.vpc.frontend_subnets)}"]
tag {
key = "env"
value = "base"
propagate_at_launch = true
}
tag {
key = "ansible"
value = "yes"
propagate_at_launch = true
}
tag {
key = "Name"
value = "basegrafana"
propagate_at_launch = true
}
}
// Firewall for this here Grafana stuff!
resource "aws_security_group" "grafana_server" {
name = "grafana_server"
description = "Allow access to grafana_server hosts for each vpc or from anywhere"
vpc_id = "${module.vpc.vpc_id}"
}
resource "aws_security_group_rule" "ingress_http_grafana_server_from_openvpn" {
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
security_group_id = "${aws_security_group.grafana_server.id}"
source_security_group_id = "${aws_security_group.openvpn.id}"
}
resource "aws_security_group_rule" "ingress_ssh_grafana_server_from_openvpn" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
security_group_id = "${aws_security_group.grafana_server.id}"
source_security_group_id = "${aws_security_group.openvpn.id}"
}
resource "aws_security_group_rule" "ingress_ping_grafana_server_from_openvpn" {
type = "ingress"
from_port = 8
to_port = 0
protocol = "icmp"
security_group_id = "${aws_security_group.grafana_server.id}"
source_security_group_id = "${aws_security_group.openvpn.id}"
}
resource "aws_security_group_rule" "ingress_nfs_grafana_server" {
type = "ingress"
from_port = 2049
to_port = 2049
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.grafana_server.id}"
}
resource "aws_security_group_rule" "egress_all_grafana_server" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = "${aws_security_group.grafana_server.id}"
}
// Storing of the state
resource "aws_efs_file_system" "grafana" {
creation_token = "Storing Grafana state"
tags {
Name = "grafana-store"
}
}
resource "aws_efs_mount_target" "grafana" {
file_system_id = "${aws_efs_file_system.grafana.id}"
security_groups = ["${aws_security_group.grafana_server.id}"]
subnet_id = "${element(split(",", module.vpc.frontend_subnets), count.index)}"
count = 3
}
output "mounttarget" {
value = ["${aws_efs_mount_target.grafana.*.dns_name}"]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment