Eryk Zalejski ezalejski

## README.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                ezalejski
                / README.md
            
            
              Created
              December 1, 2021 22:19
                — forked from jamesmishra/README.md
            
              
                Using Terraform to run a docker-compose.yml file directly on an Amazon EC2
              
          
    Introduction

This is a Hashicorp Terraform module that provisions an AWS EC2 instance
for the purpose of running a given docker-compose.yml file.
Usage

# ===== OUR MAGIC DOCKER-COMPOSE.YML FILE HERE =====
# It is also possible to get Terraform to read an external `docker-compose.yml`
# file and load it into this variable.
# We'll be showing off a demo nginx page.

  
## endpoint_mount.yaml
  (...)
  spec:
      containers:
      - image: nginx
        (...)
        volumeMounts:
        - mountPath: /mnt/glusterfs
          name: glusterfs-vol
      volumes:
      - name: glusterfs-vol

## gluster_definition.tf
module "cluster" {
  source              = "github.com/erento/terraform-google-glusterfs?ref=2.0.0"
  server_prefix       = "glusterfs-server"
  data_disk_prefix    = "glusterfs-brick"
  subnet_mask         = "10.0.0.0/24"
  ip_offset           = var.ip_offset
  data_disk_size      = "500"
  network             = "your-exisiting-network"
  subnetwork          = "subnetwork-name-that-module-will-create-for-you"
  data_disk_snapshot  = "gluster-snapshot-name"

## gluster_module_variables.tf
variable "project" {
  description = "Google project name"
}

variable "region" {
  description = <<EOF
  Google region i.e. "europe-west1"
EOF

}

## presentation.tf
variable "consul_ports" { type = list(object({
internal = number, external = number, protocol = string
}))
               default = [ {
internal = 8300 external = 8300 protocol = "tcp"
} ... }

## group_membership.tf
resource "aws_iam_group_membership" "administrator_access_prod" {
  name = "administrator-access-prod"
  users = [
    aws_iam_user.first_user.name,
    aws_iam_user.second_user.name,
  ]
  group = aws_iam_group.administrator_access_prod.name
}

## groups.tf
#--- administrator_access_prod start---
resource "aws_iam_group" "administrator_access_prod" {
  name = "administrator-access-prod"
  path = "/users/"
}
resource "aws_iam_group_policy" "administrator_access_prod" {
  name  = "administrator-access-prod"
  group = aws_iam_group.administrator_access_prod.id
  policy = <<EOF
  {

## users.tf
resource "aws_iam_user" "first_user" {
  name = "first.user"
}
resource "aws_iam_user" "second_user" {
  name = "second.user"
}

## assumed_roles.tf
## re-using aws 'administrator_access' policy
data "aws_iam_policy" "administrator_access" {
  arn = "arn:aws:iam::aws:policy/AdministratorAccess"
}
## allowing master account to manage access via AssumeRole
data "aws_iam_policy_document" "master_account_assume_role_policy" {
  statement {
    actions = ["sts:AssumeRole"]
    principals {
      type        = "AWS"

## providers.tf
provider "aws" {
  region = var.aws_region
  #Use an assumed role from the target account.
  assume_role {
    role_arn = "arn:aws:iam::<PROD_ACCOUNT_ID>:role/administrator-access"
  }
}
	(...)
	spec:
	containers:
	- image: nginx
	(...)
	volumeMounts:
	- mountPath: /mnt/glusterfs
	name: glusterfs-vol
	volumes:
	- name: glusterfs-vol
	module "cluster" {
	source = "github.com/erento/terraform-google-glusterfs?ref=2.0.0"
	server_prefix = "glusterfs-server"
	data_disk_prefix = "glusterfs-brick"
	subnet_mask = "10.0.0.0/24"
	ip_offset = var.ip_offset
	data_disk_size = "500"
	network = "your-exisiting-network"
	subnetwork = "subnetwork-name-that-module-will-create-for-you"
	data_disk_snapshot = "gluster-snapshot-name"
	variable "project" {
	description = "Google project name"
	}

	variable "region" {
	description = <<EOF
	Google region i.e. "europe-west1"
	EOF

	}
	variable "consul_ports" { type = list(object({
	internal = number, external = number, protocol = string
	}))
	default = [ {
	internal = 8300 external = 8300 protocol = "tcp"
	} ... }
	resource "aws_iam_group_membership" "administrator_access_prod" {
	name = "administrator-access-prod"
	users = [
	aws_iam_user.first_user.name,
	aws_iam_user.second_user.name,
	]
	group = aws_iam_group.administrator_access_prod.name
	}
	#--- administrator_access_prod start---
	resource "aws_iam_group" "administrator_access_prod" {
	name = "administrator-access-prod"
	path = "/users/"
	}
	resource "aws_iam_group_policy" "administrator_access_prod" {
	name = "administrator-access-prod"
	group = aws_iam_group.administrator_access_prod.id
	policy = <<EOF
	{
	resource "aws_iam_user" "first_user" {
	name = "first.user"
	}
	resource "aws_iam_user" "second_user" {
	name = "second.user"
	}
	## re-using aws 'administrator_access' policy
	data "aws_iam_policy" "administrator_access" {
	arn = "arn:aws:iam::aws:policy/AdministratorAccess"
	}
	## allowing master account to manage access via AssumeRole
	data "aws_iam_policy_document" "master_account_assume_role_policy" {
	statement {
	actions = ["sts:AssumeRole"]
	principals {
	type = "AWS"
	provider "aws" {
	region = var.aws_region
	#Use an assumed role from the target account.
	assume_role {
	role_arn = "arn:aws:iam::<PROD_ACCOUNT_ID>:role/administrator-access"
	}
	}