Last active
October 19, 2017 07:44
-
-
Save zeridon/9cd3fa1c85cbc2d72c4914b58c7b03cf to your computer and use it in GitHub Desktop.
Terraform project structure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "customer_xxxx" { | |
customer_name = "xxxx" | |
source = "private-modules/customer_layer" | |
vpc_id = "${module.vpc-1.vpc_id}" | |
// add to every server | |
additional_security_group_ids = [ | |
"${module.sg_infra.sg-1}", | |
"${module.sg_infra.sg-2}", | |
"${module.sg_infra.sg-3}", | |
"${module.sg_infra.sg-4}", | |
"${module.sg_infra.sg-5}", | |
] | |
// custom rules per group | |
sec_1_id = "${module.sg_infra.sg-3}" | |
sec_2_id = "${module.sg_infra.sg-5}" | |
sec_3_id = "${module.sg_infra.sg-1}" | |
sec_4_id = "${module.sg_infra.sg-7}" | |
sec_5_id = "${module.sg_infra.sg-9}" | |
layers = [ | |
"${module.stacks.stack1_live1}", | |
"${module.stacks.stack1_test1}", | |
"${module.stacks.stack2_live1}", | |
"${module.stacks.stack2_test1}", | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// create sec group | |
resource "aws_security_group" "sg" { | |
name = "${var.customer_name}" | |
vpc_id = "${var.vpc_id}" | |
// allow outbound access to the world | |
// 10 security rules | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} | |
// layers | |
resource "aws_opsworks_custom_layer" "layers" { | |
name = "${var.customer_name}" | |
short_name = "${var.customer_name}" | |
auto_assign_public_ips = false | |
custom_security_group_ids = ["${concat( | |
list(aws_security_group.sg.id), | |
var.additional_security_group_ids | |
)}"] | |
auto_healing = false | |
system_packages = ["${list("lvm2", "xfsprogs")}"] | |
custom_setup_recipes = ["${list( | |
"srv::work1", | |
"srv::work2", | |
)}"] | |
custom_shutdown_recipes = ["${list("srv::cleanup")}"] | |
count = "${length(var.layers)}" | |
stack_id = "${element(var.layers, count.index)}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
region-terraform$ tree | |
. | |
├── customer-xxxxx.tf (x235) | |
├── gen-customer.sh | |
├── main.tf | |
├── private-modules | |
│ ├── aws-vpc | |
│ │ ├── main.tf | |
│ │ ├── outputs.tf | |
│ │ └── variables.tf | |
│ ├── customer_layer | |
│ │ ├── main.tf | |
│ │ └── vars.tf | |
│ ├── eip | |
│ │ ├── outputs-region-1.tf | |
│ │ ├── outputs-region-2.tf | |
│ │ ├── outputs-region-3.tf | |
│ │ ├── outputs-region-4.tf | |
│ │ ├── outputs-extras-1.tf | |
│ │ └── README.md | |
│ ├── eip-shortcuts | |
│ │ ├── main.tf | |
│ │ └── outputs.tf | |
│ ├── opsworks-stack | |
│ │ ├── custom-json-stack-xxxx.json (x36) | |
│ │ ├── custom-json-default.json | |
│ │ ├── main.tf | |
│ │ ├── outputs.tf | |
│ │ └── variables.tf | |
│ ├── opsworks-stacks-v2 | |
│ │ ├── outputs.tf | |
│ │ ├── stacks-1.tf | |
│ │ ├── stacks-2.tf | |
│ │ ├── stacks-3.tf | |
│ │ ├── stacks-4.tf | |
│ │ ├── stacks-5.tf | |
│ │ ├── stacks-6.tf | |
│ │ └── variables.tf | |
│ └── security-groups-infra | |
│ ├── main.tf | |
│ ├── outputs.tf | |
│ ├── README.md | |
│ └── variables.tf | |
├── state.tf | |
└── variables.tf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "eip" { | |
source = "../eip" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// shortcuts for easier working with eips (x13) | |
output "lbs-region-1" { | |
description = "All LB's in region-1" | |
value = [ | |
"${module.eip.eip-lb-1_region-1a}", | |
"${module.eip.eip-lb-1_region-1b}", | |
"${module.eip.eip-lb-2_region-1a}", | |
"${module.eip.eip-lb-2_region-1b}", | |
"${module.eip.eip-lbint-1_region-1a}", | |
"${module.eip.eip-lbint-1_region-1b}", | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// EIP's in region-1 | |
// 80 in total accross all regions | |
output "eip-lb-1_region-1a" { | |
value = "11.22.33.44" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "aws" { | |
region = "${var.aws_region}" | |
} | |
module "vpc" { | |
source = "private-modules/aws-vpc" | |
name = "${format("vpc-%s",var.aws_region)}" | |
cidr = "172.16.0.0/16" | |
azs = [ | |
"eu-west-1a", | |
"eu-west-1b", | |
] | |
si_public_subnets = [ | |
"172.16.0.0/24", | |
"172.16.1.0/24", | |
] | |
si_private_subnets = [ | |
"172.16.3.0/24", | |
"172.16.4.0/24", | |
] | |
service_private_subnets = [ | |
"172.16.8.0/21", | |
"172.16.16.0/21", | |
] | |
enable_nat_gateway = true | |
enable_dns_hostnames = true | |
enable_dns_support = true | |
} | |
module "sg_infra" { | |
source = "private-modules/security-groups-infra" | |
vpc_id = "${module.vpc.vpc_id}" | |
} | |
module "stacks" { | |
source = "private-modules/opsworks-stacks-v2" | |
vpc_id = "${module.vpc.vpc_id}" | |
stack_region = "${var.aws_region}" | |
subnet_id = "${element(module.vpc.service_private_subnets,1)}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_opsworks_stack" "mod" { | |
name = "${var.stack_name}" | |
region = "${var.stack_region}" | |
// roles/profiles | |
service_role_arn = "arn:aws:iam::xxxxx:role/aws-opsworks-service-role" | |
default_instance_profile_arn = "arn:aws:iam::xxxxx:instance-profile/aws-opsworks-ec2-role" | |
agent_version = "LATEST" | |
vpc_id = "${var.vpc_id}" | |
default_subnet_id = "${var.subnet_id}" | |
color = "${var.stack_color}" | |
configuration_manager_name = "Chef" | |
configuration_manager_version = "11.10" | |
default_os = "Ubuntu 14.04 LTS" | |
default_root_device_type = "ebs" | |
use_opsworks_security_groups = false | |
default_ssh_key_name = "sec-ssh-key-name" | |
use_custom_cookbooks = true | |
custom_cookbooks_source = { | |
type = "s3" | |
url = "https://s3-eu-west-1.amazonaws.com/bucket/stacks.tar.gz" | |
username = "xxx" | |
password = "xxx" | |
} | |
// if var use_custom_json is true load custom-json-<stack-name>.json else default one | |
custom_json = "${var.use_custom_json ? file(format("${path.module}/custom-json-%s.json", var.stack_name)) : file("${path.module}/custom-json-default.json")}" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "stack1_live1" { | |
source = "../opsworks-stack" | |
stack_name = "stack1_live1" | |
stack_region = "${var.stack_region}" | |
vpc_id = "${var.vpc_id}" | |
subnet_id = "${var.subnet_id}" | |
stack_color = "rgb(45, 114, 184)" | |
use_custom_json = true | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// get the eips | |
module "eip-shortcuts" { | |
source = "../eip-shortcuts" | |
} | |
// All baseline security groups | |
// no rules to avoid cyclic dependency | |
resource "aws_security_group" "sg-1" { | |
name = "group-1" | |
description = "group-1" | |
vpc_id = "${var.vpc_id}" | |
} | |
// group-1 rules (around 10) | |
resource "aws_security_group_rule" "sgr-1" { | |
security_group_id = "${aws_security_group.sg-1.id}" | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
type = "egress" | |
} | |
// another security group (15 of those) rules are inside group definition | |
resource "aws_security_group" "sg-2" { | |
name = "sg-2" | |
description = "sg2" | |
vpc_id = "${var.vpc_id}" | |
// rules (7) | |
egress { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment