Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

New example: Confluence #304

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

New example: Confluence #304

wants to merge 1 commit into from

Conversation

Magicloud
Copy link
Contributor

@Magicloud Magicloud commented Mar 1, 2020
edited
Loading

The example runs Confluence Docker image in a single node ASG, with a RDS, and two ALBs (internal and external). The ALBs have domain names set, and TLS cert (from ACM).

Deps:

name: Pull request template
about: Make a PR to terraform-aws-foundation

Please include the following in your PR:

Please also note that these are not hard requirements, but merely serve to define
what maintainers are looking for in PR's. Including these will more likely lead
to your PR being reviewed and accepted.

  • Update the changelog
  • Make sure that modules and files are documented. This can be done inside the module and files.
  • Make sure that new modules directories contain a basic README.md file.
  • Make sure that the module is added to tests/main.tf
  • Make sure that the linting passes on CI.
  • Make sure that there is an up to date example for your code:
    - For new modules this would entail example code for how to use the module or some explanation in the module readme.
    - For new examples please provide a README explaining how to run the example. It's also ideal to provide a basic makefile to use the example as well.
  • Make sure that there is a manual CI trigger that can test the deployment.

@Magicloud Magicloud requested a review from ketzacoatl March 1, 2020 00:05
@Magicloud Magicloud closed this Mar 1, 2020
@Magicloud Magicloud reopened this Mar 1, 2020
@Magicloud Magicloud changed the title Enable attach ELB to single node ASG. New example: Confluence Mar 1, 2020
@Magicloud Magicloud force-pushed the confluence branch 5 times, most recently from f0378d7 to 0b468b2 Compare March 1, 2020 02:41
@ketzacoatl
Copy link
Contributor

Example:
image

@Magicloud Magicloud force-pushed the confluence branch 3 times, most recently from e35629b to 25f16a7 Compare March 3, 2020 15:25
@Magicloud
Copy link
Contributor Author

Plan

  # data.template_file.docker_compose will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "docker_compose"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = <<~EOT
            version: "3.7"
            services:
              confluence:
                image: atlassian/confluence-server
                ports:
                  - "${http_port}:8090"
                volumes:
                  - /data/confluence:/var/atlassian/application-data/confluence
                environment:
                  - ATL_JDBC_URL=jdbc:postgresql://${db_host}:5432/${db_db}
                  - ATL_JDBC_USER=${db_user}
                  - ATL_JDBC_PASSWORD='${db_pass}'
                  - ATL_DB_TYPE=postgresql
        EOT
      + vars     = {
          + "db_db"     = "confluence"
          + "db_host"   = (known after apply)
          + "db_pass"   = "Fpco!234"
          + "db_user"   = "confluence"
          + "http_port" = "80"
        }
    }

  # aws_acm_certificate.cert will be created
  + resource "aws_acm_certificate" "cert" {
      + arn                       = (known after apply)
      + domain_name               = (known after apply)
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + subject_alternative_names = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.validation will be created
  + resource "aws_acm_certificate_validation" "validation" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)
    }

  # aws_autoscaling_attachment.asg_ext_alb will be created
  + resource "aws_autoscaling_attachment" "asg_ext_alb" {
      + alb_target_group_arn   = (known after apply)
      + autoscaling_group_name = (known after apply)
      + id                     = (known after apply)
    }

  # aws_autoscaling_attachment.asg_int_alb will be created
  + resource "aws_autoscaling_attachment" "asg_int_alb" {
      + alb_target_group_arn   = (known after apply)
      + autoscaling_group_name = (known after apply)
      + id                     = (known after apply)
    }

  # aws_route53_record.cert_validation_ext will be created
  + resource "aws_route53_record" "cert_validation_ext" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z962O7HXEQOHW"
    }

  # aws_route53_record.cert_validation_int will be created
  + resource "aws_route53_record" "cert_validation_int" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z962O7HXEQOHW"
    }

  # aws_route53_record.ext will be created
  + resource "aws_route53_record" "ext" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "c-e.dev-sandbox.fpcomplete.com"
      + type            = "A"
      + zone_id         = "Z962O7HXEQOHW"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.int will be created
  + resource "aws_route53_record" "int" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "c-i.dev-sandbox.fpcomplete.com"
      + type            = "A"
      + zone_id         = "Z962O7HXEQOHW"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_security_group_rule.asg_ext_alb_http_port_sg_rule will be created
  + resource "aws_security_group_rule" "asg_ext_alb_http_port_sg_rule" {
      + description              = "HTTP ingress for ext ALB"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"
    }

  # aws_security_group_rule.asg_int_alb_http_port_sg_rule will be created
  + resource "aws_security_group_rule" "asg_int_alb_http_port_sg_rule" {
      + description              = "HTTP ingress for int ALB"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"
    }

  # aws_security_group_rule.rds_sg_rule will be created
  + resource "aws_security_group_rule" "rds_sg_rule" {
      + description              = "PGSQL ingress for RDS"
      + from_port                = 5432
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 5432
      + type                     = "ingress"
    }

  # module.asg.data.aws_subnet.server-subnet will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet" "server-subnet"  {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = (known after apply)
      + availability_zone               = (known after apply)
      + availability_zone_id            = (known after apply)
      + cidr_block                      = (known after apply)
      + default_for_az                  = (known after apply)
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = (known after apply)
      + owner_id                        = (known after apply)
      + state                           = (known after apply)
      + tags                            = (known after apply)
      + vpc_id                          = (known after apply)
    }

  # module.asg-sg.aws_security_group.main will be created
  + resource "aws_security_group" "main" {
      + arn                    = (known after apply)
      + description            = "SG for ASG"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "asg-sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "asg-sg"
        }
      + vpc_id                 = (known after apply)
    }

  # module.asg-to-world.aws_security_group_rule.open_egress will be created
  + resource "aws_security_group_rule" "open_egress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "OPEN egress, all ports, all protocols"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"
    }

  # module.data-backup.aws_dlm_lifecycle_policy.ebs-lifecycle-policy will be created
  + resource "aws_dlm_lifecycle_policy" "ebs-lifecycle-policy" {
      + arn                = (known after apply)
      + description        = "DLM lifecycle policy"
      + execution_role_arn = (known after apply)
      + id                 = (known after apply)
      + state              = "ENABLED"

      + policy_details {
          + resource_types = [
              + "VOLUME",
            ]
          + target_tags    = (known after apply)

          + schedule {
              + copy_tags   = true
              + name        = "confluence One week of daily snapshots"
              + tags_to_add = {
                  + "SnapshotCreator" = "DLM lifecycle"
                }

              + create_rule {
                  + interval      = 24
                  + interval_unit = "HOURS"
                  + times         = [
                      + "23:45",
                    ]
                }

              + retain_rule {
                  + count = 14
                }
            }
        }
    }

  # module.data-backup.aws_iam_role.dlm_lifecycle_role will be created
  + resource "aws_iam_role" "dlm_lifecycle_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "dlm.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = "dlm-lifecycle-role"
      + path                  = "/"
      + unique_id             = (known after apply)
    }

  # module.data-backup.aws_iam_role_policy.dlm_lifecycle_policy will be created
  + resource "aws_iam_role_policy" "dlm_lifecycle_policy" {
      + id     = (known after apply)
      + name   = "dlm-lifecycle-policy"
      + policy = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ec2:CreateSnapshot",
                          + "ec2:DeleteSnapshot",
                          + "ec2:DescribeVolumes",
                          + "ec2:DescribeSnapshots",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                  + {
                      + Action   = [
                          + "ec2:CreateTags",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:ec2:*::snapshot/*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role   = (known after apply)
    }

  # module.ext-alb.aws_lb.alb will be created
  + resource "aws_lb" "alb" {
      + arn                        = (known after apply)
      + arn_suffix                 = (known after apply)
      + dns_name                   = (known after apply)
      + enable_deletion_protection = false
      + enable_http2               = true
      + id                         = (known after apply)
      + idle_timeout               = 60
      + internal                   = false
      + ip_address_type            = (known after apply)
      + load_balancer_type         = "application"
      + name                       = "confluence-ext-alb"
      + security_groups            = (known after apply)
      + subnets                    = (known after apply)
      + vpc_id                     = (known after apply)
      + zone_id                    = (known after apply)

      + subnet_mapping {
          + allocation_id = (known after apply)
          + subnet_id     = (known after apply)
        }
    }

  # module.ext-alb.aws_security_group.alb_sg will be created
  + resource "aws_security_group" "alb_sg" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "confluence-ext-alb_sb"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # module.ext-alb-to-asg.aws_security_group_rule.open_egress will be created
  + resource "aws_security_group_rule" "open_egress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "OPEN egress, all ports, all protocols"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"
    }

  # module.ext-forwarder.aws_lb_listener.lb-listener will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-2016-08"

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.ext-forwarder.aws_lb_target_group.lb-tg will be created
  + resource "aws_lb_target_group" "lb-tg" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + deregistration_delay               = 300
      + id                                 = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + name                               = "confluence-ext-https-tg"
      + port                               = 80
      + protocol                           = "HTTP"
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + target_type                        = "instance"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = (known after apply)
          + healthy_threshold   = (known after apply)
          + interval            = (known after apply)
          + matcher             = (known after apply)
          + path                = (known after apply)
          + port                = (known after apply)
          + protocol            = (known after apply)
          + timeout             = (known after apply)
          + unhealthy_threshold = (known after apply)
        }

      + stickiness {
          + cookie_duration = (known after apply)
          + enabled         = (known after apply)
          + type            = (known after apply)
        }
    }

  # module.ext_alb_http_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "HTTP ingress for ALB (tcp)"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"
    }

  # module.ext_alb_https_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "HTTPS ingress for ALB (tcp)"
      + from_port                = 443
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 443
      + type                     = "ingress"
    }

  # module.ext_redirector.aws_lb_listener.lb-listener will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 80
      + protocol          = "HTTP"
      + ssl_policy        = (known after apply)

      + default_action {
          + order = (known after apply)
          + type  = "redirect"

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "443"
              + protocol    = "HTTPS"
              + query       = "#{query}"
              + status_code = "HTTP_301"
            }
        }
    }

  # module.int-alb.aws_lb.alb will be created
  + resource "aws_lb" "alb" {
      + arn                        = (known after apply)
      + arn_suffix                 = (known after apply)
      + dns_name                   = (known after apply)
      + enable_deletion_protection = false
      + enable_http2               = true
      + id                         = (known after apply)
      + idle_timeout               = 60
      + internal                   = true
      + ip_address_type            = (known after apply)
      + load_balancer_type         = "application"
      + name                       = "confluence-int-alb"
      + security_groups            = (known after apply)
      + subnets                    = (known after apply)
      + vpc_id                     = (known after apply)
      + zone_id                    = (known after apply)

      + subnet_mapping {
          + allocation_id = (known after apply)
          + subnet_id     = (known after apply)
        }
    }

  # module.int-alb.aws_security_group.alb_sg will be created
  + resource "aws_security_group" "alb_sg" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "confluence-int-alb_sb"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # module.int-alb-to-asg.aws_security_group_rule.open_egress will be created
  + resource "aws_security_group_rule" "open_egress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "OPEN egress, all ports, all protocols"
      + from_port                = 0
      + id                       = (known after apply)
      + protocol                 = "-1"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 0
      + type                     = "egress"
    }

  # module.int-forwarder.aws_lb_listener.lb-listener will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-2016-08"

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.int-forwarder.aws_lb_target_group.lb-tg will be created
  + resource "aws_lb_target_group" "lb-tg" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + deregistration_delay               = 300
      + id                                 = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + name                               = "confluence-int-https-tg"
      + port                               = 80
      + protocol                           = "HTTP"
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + target_type                        = "instance"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = (known after apply)
          + healthy_threshold   = (known after apply)
          + interval            = (known after apply)
          + matcher             = (known after apply)
          + path                = (known after apply)
          + port                = (known after apply)
          + protocol            = (known after apply)
          + timeout             = (known after apply)
          + unhealthy_threshold = (known after apply)
        }

      + stickiness {
          + cookie_duration = (known after apply)
          + enabled         = (known after apply)
          + type            = (known after apply)
        }
    }

  # module.int_alb_http_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "192.168.0.0/16",
        ]
      + description              = "HTTP ingress for ALB (tcp)"
      + from_port                = 80
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 80
      + type                     = "ingress"
    }

  # module.int_alb_https_port_sg_rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "192.168.0.0/16",
        ]
      + description              = "HTTPS ingress for ALB (tcp)"
      + from_port                = 443
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 443
      + type                     = "ingress"
    }

  # module.int_redirector.aws_lb_listener.lb-listener will be created
  + resource "aws_lb_listener" "lb-listener" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 80
      + protocol          = "HTTP"
      + ssl_policy        = (known after apply)

      + default_action {
          + order = (known after apply)
          + type  = "redirect"

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "443"
              + protocol    = "HTTPS"
              + query       = "#{query}"
              + status_code = "HTTP_301"
            }
        }
    }

  # module.rds.aws_db_instance.default will be created
  + resource "aws_db_instance" "default" {
      + address                               = (known after apply)
      + allocated_storage                     = 20
      + apply_immediately                     = (known after apply)
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + backup_retention_period               = 7
      + backup_window                         = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + character_set_name                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + db_subnet_group_name                  = (known after apply)
      + delete_automated_backups              = true
      + endpoint                              = (known after apply)
      + engine                                = "postgres"
      + engine_version                        = "11"
      + hosted_zone_id                        = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = (known after apply)
      + identifier_prefix                     = "confluence"
      + instance_class                        = "db.m5.xlarge"
      + kms_key_id                            = (known after apply)
      + license_model                         = (known after apply)
      + maintenance_window                    = (known after apply)
      + monitoring_interval                   = 30
      + monitoring_role_arn                   = (known after apply)
      + multi_az                              = true
      + name                                  = "confluence"
      + option_group_name                     = (known after apply)
      + parameter_group_name                  = (known after apply)
      + password                              = (sensitive value)
      + performance_insights_enabled          = false
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + publicly_accessible                   = false
      + replicas                              = (known after apply)
      + resource_id                           = (known after apply)
      + skip_final_snapshot                   = false
      + status                                = (known after apply)
      + storage_type                          = "gp2"
      + timezone                              = (known after apply)
      + username                              = "confluence"
      + vpc_security_group_ids                = (known after apply)
    }

  # module.rds.aws_db_subnet_group.rds_private_subnet will be created
  + resource "aws_db_subnet_group" "rds_private_subnet" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + subnet_ids  = (known after apply)
    }

  # module.rds.aws_iam_role.rds_enhanced_monitoring will be created
  + resource "aws_iam_role" "rds_enhanced_monitoring" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "monitoring.rds.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = "confluence"
      + path                  = "/"
      + unique_id             = (known after apply)
    }

  # module.rds.aws_iam_role_policy_attachment.rds_enhanced_monitoring will be created
  + resource "aws_iam_role_policy_attachment" "rds_enhanced_monitoring" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
      + role       = (known after apply)
    }

  # module.rds-sg.aws_security_group.main will be created
  + resource "aws_security_group" "main" {
      + arn                    = (known after apply)
      + description            = "SG for RDS"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "rds-sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "rds-sg"
        }
      + vpc_id                 = (known after apply)
    }

  # module.ssh-port-sg-rule.aws_security_group_rule.tcp_ingress[0] will be created
  + resource "aws_security_group_rule" "tcp_ingress" {
      + cidr_blocks              = [
          + "0.0.0.0/0",
        ]
      + description              = "SSH from anywhere, for debug. (tcp)"
      + from_port                = 22
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 22
      + type                     = "ingress"
    }

  # module.asg.module.init-attach-ebs.data.template_file.init_snippet will be read during apply
  # (config refers to values not yet known)
 <= data "template_file" "init_snippet"  {
      + id       = (known after apply)
      + rendered = (known after apply)
      + template = <<~EOT
            # start snippet - attach EBS volume
            ${init_prefix}
            export AWS_DEFAULT_REGION=${region}
            VOLUME_ID=${volume_id}
            INSTANCE_ID="$(wget -O- http://169.254.169.254/latest/meta-data/instance-id || curl http://169.254.169.254/latest/meta-data/instance-id)"
            echo "${log_prefix} will attach $${VOLUME_ID} via the AWS API in ${region}"
            while ! aws ec2 attach-volume                     \
                      --volume-id "$${VOLUME_ID}"     \
                      --instance-id "$${INSTANCE_ID}" \
                      --device '${device_path}'; do
              echo "Attaching command failed to run. Retrying."
              sleep '${wait_interval}'
            done
            echo "${log_prefix} $${VOLUME_ID} attached."
            
            vol_id="$(echo "$${VOLUME_ID}" | tr -d '-')"
            while [ ! -e /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} ]; do
              sleep '${wait_interval}' 
            done
            
            dev_id="$(ls /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} | head -1)"
            dev_name="/dev/$(readlink "$${dev_id}" | tr / '\n' | tail -1)"
            [ "$${dev_name}" == "${device_path}" ] || ln -s "$${dev_name}" "${device_path}"
            
            ${init_suffix}
        EOT
      + vars     = {
          + "device_path"   = "/dev/xvdf"
          + "init_prefix"   = ""
          + "init_suffix"   = ""
          + "log_level"     = "info"
          + "log_prefix"    = "OPS: "
          + "region"        = "ap-northeast-1"
          + "volume_id"     = (known after apply)
          + "wait_interval" = "5"
        }
    }

  # module.asg.module.instance_profile.aws_iam_instance_profile.profile will be created
  + resource "aws_iam_instance_profile" "profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + roles       = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.asg.module.instance_profile.aws_iam_role.role will be created
  + resource "aws_iam_role" "role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ec2.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + path                  = "/"
      + unique_id             = (known after apply)
    }

  # module.asg.module.server.aws_autoscaling_group.cluster will be created
  + resource "aws_autoscaling_group" "cluster" {
      + arn                       = (known after apply)
      + availability_zones        = (known after apply)
      + default_cooldown          = (known after apply)
      + desired_capacity          = (known after apply)
      + force_delete              = true
      + health_check_grace_period = 300
      + health_check_type         = "EC2"
      + id                        = (known after apply)
      + launch_configuration      = (known after apply)
      + load_balancers            = (known after apply)
      + max_size                  = 1
      + metrics_granularity       = "1Minute"
      + min_size                  = 1
      + name                      = (known after apply)
      + name_prefix               = (known after apply)
      + protect_from_scale_in     = false
      + service_linked_role_arn   = (known after apply)
      + tags                      = [
          + (known after apply),
        ]
      + target_group_arns         = (known after apply)
      + termination_policies      = []
      + vpc_zone_identifier       = (known after apply)
      + wait_for_capacity_timeout = "10m"
    }

  # module.asg.module.server.aws_launch_configuration.cluster will be created
  + resource "aws_launch_configuration" "cluster" {
      + arn                         = (known after apply)
      + associate_public_ip_address = false
      + ebs_optimized               = (known after apply)
      + enable_monitoring           = true
      + iam_instance_profile        = (known after apply)
      + id                          = (known after apply)
      + image_id                    = "ami-045f38c93733dd48d"
      + instance_type               = "m5.xlarge"
      + key_name                    = "shida-tokyo"
      + name                        = (known after apply)
      + security_groups             = (known after apply)
      + user_data                   = (known after apply)

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + no_device             = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + root_block_device {
          + delete_on_termination = true
          + encrypted             = false
          + iops                  = (known after apply)
          + volume_size           = 8
          + volume_type           = "gp2"
        }
    }

  # module.asg.module.service-data.data.aws_iam_policy_document.attach_ebs_policy_doc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "attach_ebs_policy_doc"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:AttachVolume",
              + "ec2:DetachVolume",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ec2:ap-northeast-1:793514493597:instance/*",
              + (known after apply),
            ]
        }
    }

  # module.asg.module.service-data.aws_ebs_volume.main will be created
  + resource "aws_ebs_volume" "main" {
      + arn               = (known after apply)
      + availability_zone = (known after apply)
      + encrypted         = true
      + id                = (known after apply)
      + iops              = (known after apply)
      + kms_key_id        = (known after apply)
      + size              = 50
      + snapshot_id       = (known after apply)
      + tags              = (known after apply)
      + type              = "gp2"
    }

  # module.asg.module.service-data.aws_iam_policy.attach_ebs will be created
  + resource "aws_iam_policy" "attach_ebs" {
      + arn    = (known after apply)
      + id     = (known after apply)
      + name   = (known after apply)
      + path   = "/"
      + policy = (known after apply)
    }

  # module.asg.module.service-data.aws_iam_role_policy_attachment.attach_ebs will be created
  + resource "aws_iam_role_policy_attachment" "attach_ebs" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = (known after apply)
    }

  # module.vpc.module.nat-gateway.data.aws_subnet.public[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet" "public"  {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = (known after apply)
      + availability_zone               = (known after apply)
      + availability_zone_id            = (known after apply)
      + cidr_block                      = (known after apply)
      + default_for_az                  = (known after apply)
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = (known after apply)
      + owner_id                        = (known after apply)
      + state                           = (known after apply)
      + tags                            = (known after apply)
      + vpc_id                          = (known after apply)
    }

  # module.vpc.module.nat-gateway.data.aws_subnet.public[1] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet" "public"  {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = (known after apply)
      + availability_zone               = (known after apply)
      + availability_zone_id            = (known after apply)
      + cidr_block                      = (known after apply)
      + default_for_az                  = (known after apply)
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = (known after apply)
      + owner_id                        = (known after apply)
      + state                           = (known after apply)
      + tags                            = (known after apply)
      + vpc_id                          = (known after apply)
    }

  # module.vpc.module.nat-gateway.aws_eip.nat[0] will be created
  + resource "aws_eip" "nat" {
      + allocation_id     = (known after apply)
      + association_id    = (known after apply)
      + domain            = (known after apply)
      + id                = (known after apply)
      + instance          = (known after apply)
      + network_interface = (known after apply)
      + private_dns       = (known after apply)
      + private_ip        = (known after apply)
      + public_dns        = (known after apply)
      + public_ip         = (known after apply)
      + public_ipv4_pool  = (known after apply)
      + vpc               = true
    }

  # module.vpc.module.nat-gateway.aws_eip.nat[1] will be created
  + resource "aws_eip" "nat" {
      + allocation_id     = (known after apply)
      + association_id    = (known after apply)
      + domain            = (known after apply)
      + id                = (known after apply)
      + instance          = (known after apply)
      + network_interface = (known after apply)
      + private_dns       = (known after apply)
      + private_ip        = (known after apply)
      + public_dns        = (known after apply)
      + public_ip         = (known after apply)
      + public_ipv4_pool  = (known after apply)
      + vpc               = true
    }

  # module.vpc.module.nat-gateway.aws_nat_gateway.nat[0] will be created
  + resource "aws_nat_gateway" "nat" {
      + allocation_id        = (known after apply)
      + id                   = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip           = (known after apply)
      + public_ip            = (known after apply)
      + subnet_id            = (known after apply)
      + tags                 = {
          + "Name" = "confluence-01"
        }
    }

  # module.vpc.module.nat-gateway.aws_nat_gateway.nat[1] will be created
  + resource "aws_nat_gateway" "nat" {
      + allocation_id        = (known after apply)
      + id                   = (known after apply)
      + network_interface_id = (known after apply)
      + private_ip           = (known after apply)
      + public_ip            = (known after apply)
      + subnet_id            = (known after apply)
      + tags                 = {
          + "Name" = "confluence-02"
        }
    }

  # module.vpc.module.nat-gateway.aws_route.private_nat_gateway[0] will be created
  + resource "aws_route" "private_nat_gateway" {
      + destination_cidr_block     = "0.0.0.0/0"
      + destination_prefix_list_id = (known after apply)
      + egress_only_gateway_id     = (known after apply)
      + gateway_id                 = (known after apply)
      + id                         = (known after apply)
      + instance_id                = (known after apply)
      + instance_owner_id          = (known after apply)
      + nat_gateway_id             = (known after apply)
      + network_interface_id       = (known after apply)
      + origin                     = (known after apply)
      + route_table_id             = (known after apply)
      + state                      = (known after apply)
    }

  # module.vpc.module.nat-gateway.aws_route.private_nat_gateway[1] will be created
  + resource "aws_route" "private_nat_gateway" {
      + destination_cidr_block     = "0.0.0.0/0"
      + destination_prefix_list_id = (known after apply)
      + egress_only_gateway_id     = (known after apply)
      + gateway_id                 = (known after apply)
      + id                         = (known after apply)
      + instance_id                = (known after apply)
      + instance_owner_id          = (known after apply)
      + nat_gateway_id             = (known after apply)
      + network_interface_id       = (known after apply)
      + origin                     = (known after apply)
      + route_table_id             = (known after apply)
      + state                      = (known after apply)
    }

  # module.vpc.module.nat-gateway.aws_route_table.private[0] will be created
  + resource "aws_route_table" "private" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Name" = "confluence-private-00"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.module.nat-gateway.aws_route_table.private[1] will be created
  + resource "aws_route_table" "private" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Name" = "confluence-private-01"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.module.nat-gateway.aws_route_table_association.private-rta[0] will be created
  + resource "aws_route_table_association" "private-rta" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.module.nat-gateway.aws_route_table_association.private-rta[1] will be created
  + resource "aws_route_table_association" "private-rta" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.module.private-subnets.aws_subnet.main[0] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "192.168.100.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-private-01-ap-northeast-1a"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.module.private-subnets.aws_subnet.main[1] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "192.168.101.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-private-02-ap-northeast-1c"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.module.public-gateway.aws_internet_gateway.public will be created
  + resource "aws_internet_gateway" "public" {
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name" = "confluence-public"
        }
      + vpc_id   = (known after apply)
    }

  # module.vpc.module.public-gateway.aws_route.public will be created
  + resource "aws_route" "public" {
      + destination_cidr_block     = "0.0.0.0/0"
      + destination_prefix_list_id = (known after apply)
      + egress_only_gateway_id     = (known after apply)
      + gateway_id                 = (known after apply)
      + id                         = (known after apply)
      + instance_id                = (known after apply)
      + instance_owner_id          = (known after apply)
      + nat_gateway_id             = (known after apply)
      + network_interface_id       = (known after apply)
      + origin                     = (known after apply)
      + route_table_id             = (known after apply)
      + state                      = (known after apply)
    }

  # module.vpc.module.public-gateway.aws_route_table.public will be created
  + resource "aws_route_table" "public" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Name" = "confluence-public-public"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.module.public-gateway.aws_route_table_association.public[0] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.module.public-gateway.aws_route_table_association.public[1] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.module.public-subnets.aws_subnet.main[0] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "192.168.0.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-public-01-ap-northeast-1a"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.module.public-subnets.aws_subnet.main[1] will be created
  + resource "aws_subnet" "main" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "192.168.1.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Name" = "confluence-public-02-ap-northeast-1c"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.module.vpc.aws_vpc.main will be created
  + resource "aws_vpc" "main" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = "192.168.0.0/16"
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = true
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
      + tags                             = {
          + "Name" = "confluence"
        }
    }

  # module.vpc.module.vpc.aws_vpc_dhcp_options.main will be created
  + resource "aws_vpc_dhcp_options" "main" {
      + domain_name         = "ap-northeast-1.compute.internal"
      + domain_name_servers = [
          + "AmazonProvidedDNS",
        ]
      + id                  = (known after apply)
      + ntp_servers         = []
      + owner_id            = (known after apply)
      + tags                = {
          + "Name" = "confluence"
        }
    }

  # module.vpc.module.vpc.aws_vpc_dhcp_options_association.main will be created
  + resource "aws_vpc_dhcp_options_association" "main" {
      + dhcp_options_id = (known after apply)
      + id              = (known after apply)
      + vpc_id          = (known after apply)
    }

Plan: 67 to add, 0 to change, 0 to destroy.

@Magicloud
Copy link
Contributor Author

WebUI seen.
Screenshot_2020-03-04 Get apps - Confluence

ketzacoatl
ketzacoatl approved these changes Mar 3, 2020
View reviewed changes
Copy link
Contributor

@ketzacoatl ketzacoatl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

ketzacoatl
ketzacoatl suggested changes Mar 3, 2020
View reviewed changes
Copy link
Contributor

@ketzacoatl ketzacoatl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to get the dependent PRs merged and update the references in this PR.

mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
mcgirr
mcgirr reviewed Mar 5, 2020
View reviewed changes
examples/confluence/main.tf Outdated Show resolved Hide resolved
@Magicloud Magicloud force-pushed the confluence branch 3 times, most recently from 25f16a7 to 03552c9 Compare March 6, 2020 02:59
@ketzacoatl
Copy link
Contributor

@Magicloud please review/update.

@Magicloud
Copy link
Contributor Author

@ketzacoatl The module ref in this example are all fixed. The example itself is ready to merge.

@Magicloud Magicloud mentioned this pull request Mar 10, 2020
Merged
7 tasks
@Magicloud
New example: Confluence
45970f2 
The example runs Confluence Docker image in a single node ASG, with a RDS, and two ALBs (internal and external). The ALBs have domain names set, and TLS cert (from ACM).
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mcgirr mcgirr mcgirr left review comments

@ketzacoatl ketzacoatl ketzacoatl requested changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Magicloud @ketzacoatl @mcgirr