echo-devnull/grafana.tf

## grafana.tf
// This terraform file will setup an autoscaling group for a grafan server

// Deciding which AMI to use
// aws ec2 describe-images --owners 099720109477 --filters Name=virtualization-type,Values=paravirtual
data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
  }

  filter {
    name   = "architecture"
    values = ["x86_64"]
  }

  owners = ["099720109477"] # Canonical
}

// AWS launch configguration, used by the Autoscaling group
resource "aws_launch_configuration" "grafana" {
  name_prefix                 = "grafana"
  image_id                    = "${data.aws_ami.ubuntu.id}"
  instance_type               = "t2.medium"
  security_groups             = ["${aws_security_group.grafana_server.id}"]
  key_name                    = "${aws_key_pair.ansible_bootstrap.id}"
  associate_public_ip_address = false

  lifecycle {
    create_before_destroy = true
  }
}

// Autoscaling group
resource "aws_autoscaling_group" "grafana" {
  name                      = "basegrafana"
  max_size                  = 1
  min_size                  = 1
  health_check_grace_period = 300
  health_check_type         = "EC2"
  desired_capacity          = 1
  force_delete              = true
  launch_configuration      = "${aws_launch_configuration.grafana.name}"
  vpc_zone_identifier       = ["${split(",", module.vpc.frontend_subnets)}"]

  tag {
    key                 = "env"
    value               = "base"
    propagate_at_launch = true
  }

  tag {
    key                 = "ansible"
    value               = "yes"
    propagate_at_launch = true
  }

  tag {
    key                 = "Name"
    value               = "basegrafana"
    propagate_at_launch = true
  }
}

// Firewall for this here Grafana stuff!
resource "aws_security_group" "grafana_server" {
  name        = "grafana_server"
  description = "Allow access to grafana_server hosts for each vpc or from anywhere"
  vpc_id      = "${module.vpc.vpc_id}"
}

resource "aws_security_group_rule" "ingress_http_grafana_server_from_openvpn" {
  type                     = "ingress"
  from_port                = 80
  to_port                  = 80
  protocol                 = "tcp"
  security_group_id        = "${aws_security_group.grafana_server.id}"
  source_security_group_id = "${aws_security_group.openvpn.id}"
}

resource "aws_security_group_rule" "ingress_ssh_grafana_server_from_openvpn" {
  type                     = "ingress"
  from_port                = 22
  to_port                  = 22
  protocol                 = "tcp"
  security_group_id        = "${aws_security_group.grafana_server.id}"
  source_security_group_id = "${aws_security_group.openvpn.id}"
}

resource "aws_security_group_rule" "ingress_ping_grafana_server_from_openvpn" {
  type                     = "ingress"
  from_port                = 8
  to_port                  = 0
  protocol                 = "icmp"
  security_group_id        = "${aws_security_group.grafana_server.id}"
  source_security_group_id = "${aws_security_group.openvpn.id}"
}

resource "aws_security_group_rule" "ingress_nfs_grafana_server" {
  type              = "ingress"
  from_port         = 2049
  to_port           = 2049
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.grafana_server.id}"
}

resource "aws_security_group_rule" "egress_all_grafana_server" {
  type              = "egress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = "${aws_security_group.grafana_server.id}"
}

// Storing of the state
resource "aws_efs_file_system" "grafana" {
  creation_token = "Storing Grafana state"

  tags {
    Name = "grafana-store"
  }
}

resource "aws_efs_mount_target" "grafana" {
  file_system_id  = "${aws_efs_file_system.grafana.id}"
  security_groups = ["${aws_security_group.grafana_server.id}"]
  subnet_id       = "${element(split(",", module.vpc.frontend_subnets), count.index)}"
  count           = 3
}

output "mounttarget" {
  value = ["${aws_efs_mount_target.grafana.*.dns_name}"]
}
	// This terraform file will setup an autoscaling group for a grafan server

	// Deciding which AMI to use
	// aws ec2 describe-images --owners 099720109477 --filters Name=virtualization-type,Values=paravirtual
	data "aws_ami" "ubuntu" {
	most_recent = true

	filter {
	name = "name"
	values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
	}

	filter {
	name = "architecture"
	values = ["x86_64"]
	}

	owners = ["099720109477"] # Canonical
	}

	// AWS launch configguration, used by the Autoscaling group
	resource "aws_launch_configuration" "grafana" {
	name_prefix = "grafana"
	image_id = "${data.aws_ami.ubuntu.id}"
	instance_type = "t2.medium"
	security_groups = ["${aws_security_group.grafana_server.id}"]
	key_name = "${aws_key_pair.ansible_bootstrap.id}"
	associate_public_ip_address = false

	lifecycle {
	create_before_destroy = true
	}
	}

	// Autoscaling group
	resource "aws_autoscaling_group" "grafana" {
	name = "basegrafana"
	max_size = 1
	min_size = 1
	health_check_grace_period = 300
	health_check_type = "EC2"
	desired_capacity = 1
	force_delete = true
	launch_configuration = "${aws_launch_configuration.grafana.name}"
	vpc_zone_identifier = ["${split(",", module.vpc.frontend_subnets)}"]

	tag {
	key = "env"
	value = "base"
	propagate_at_launch = true
	}

	tag {
	key = "ansible"
	value = "yes"
	propagate_at_launch = true
	}

	tag {
	key = "Name"
	value = "basegrafana"
	propagate_at_launch = true
	}
	}

	// Firewall for this here Grafana stuff!
	resource "aws_security_group" "grafana_server" {
	name = "grafana_server"
	description = "Allow access to grafana_server hosts for each vpc or from anywhere"
	vpc_id = "${module.vpc.vpc_id}"
	}

	resource "aws_security_group_rule" "ingress_http_grafana_server_from_openvpn" {
	type = "ingress"
	from_port = 80
	to_port = 80
	protocol = "tcp"
	security_group_id = "${aws_security_group.grafana_server.id}"
	source_security_group_id = "${aws_security_group.openvpn.id}"
	}

	resource "aws_security_group_rule" "ingress_ssh_grafana_server_from_openvpn" {
	type = "ingress"
	from_port = 22
	to_port = 22
	protocol = "tcp"
	security_group_id = "${aws_security_group.grafana_server.id}"
	source_security_group_id = "${aws_security_group.openvpn.id}"
	}

	resource "aws_security_group_rule" "ingress_ping_grafana_server_from_openvpn" {
	type = "ingress"
	from_port = 8
	to_port = 0
	protocol = "icmp"
	security_group_id = "${aws_security_group.grafana_server.id}"
	source_security_group_id = "${aws_security_group.openvpn.id}"
	}

	resource "aws_security_group_rule" "ingress_nfs_grafana_server" {
	type = "ingress"
	from_port = 2049
	to_port = 2049
	protocol = "tcp"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = "${aws_security_group.grafana_server.id}"
	}

	resource "aws_security_group_rule" "egress_all_grafana_server" {
	type = "egress"
	from_port = 0
	to_port = 0
	protocol = "-1"
	cidr_blocks = ["0.0.0.0/0"]
	security_group_id = "${aws_security_group.grafana_server.id}"
	}

	// Storing of the state
	resource "aws_efs_file_system" "grafana" {
	creation_token = "Storing Grafana state"

	tags {
	Name = "grafana-store"
	}
	}

	resource "aws_efs_mount_target" "grafana" {
	file_system_id = "${aws_efs_file_system.grafana.id}"
	security_groups = ["${aws_security_group.grafana_server.id}"]
	subnet_id = "${element(split(",", module.vpc.frontend_subnets), count.index)}"
	count = 3
	}

	output "mounttarget" {
	value = ["${aws_efs_mount_target.grafana.*.dns_name}"]
	}