Merge branch 'draft' of https://github.com/ned1313/Implementing-Terra…

…form-on-AWS into draft

1-dev-vpc/commands.txt

@@ -36,4 +36,4 @@ terraform apply "peer.tfplan"
 ren backend.tf.rename backend.tf
 
 # Update the region, bucket, and dynamodb table
-terraform init -backend-config="bucket=globo-12251" -backend-config="region=us-east-1" -backend-config="dynamodb_table=globo-tfstatelock-12251"
+terraform init -backend-config="bucket=BUCKET_NAME" -backend-config="region=REGION_NAME" -backend-config="dynamodb_table=TABLE_NAME"

8-app-deploy/backend.tf

@@ -0,0 +1,5 @@
+terraform {
+    backend "s3" {
+        key = "app/terraform.tfstate"
+    }
+}

8-app-deploy/commands.txt

@@ -1,3 +1,14 @@
+# Joshua McGee should have permissions to manage EC2, IAM, DynamoDB,
+# Lambda, CloudFormation, and RDS
+
 # Create a profile for Joshua McGee
 aws configure --profile app
 
+# Initialize the terraform configuration
+terraform init -backend-config="bucket=BUCKET_NAME" -backend-config="region=REGION_NAME" -backend-config="dynamodb_table=DYNAMODB_TABLE"
+
+# Plan the terraform deployment
+terraform plan -out app.tfplan
+
+# Apply the deployment
+terraform apply "app.tfplan"

8-app-deploy/main.tf

@@ -1,7 +1,3 @@
-# Deploy an ASG to two public subnets with nginx installed
-
-# Deploy RDS with a replica to two db subnets
-
 ##################################################################################
 # VARIABLES
 ##################################################################################
@@ -220,6 +216,13 @@ resource "aws_launch_configuration" "web_servers" {
   user_data       = file("${path.module}/user_data.txt")
 }
 
+resource "aws_lb_target_group" "web_servers" {
+  name     = "web-servers-tg"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = data.terraform_remote_state.network.outputs.vpc_id
+}
+
 resource "aws_autoscaling_group" "web_servers" {
   name = "web-servers-asg"
 
@@ -238,12 +241,6 @@ resource "aws_autoscaling_group" "web_servers" {
 
 }
 
-resource "aws_lb_target_group" "web_servers" {
-  name     = "web-servers-tg"
-  port     = 80
-  protocol = "HTTP"
-  vpc_id   = data.terraform_remote_state.network.outputs.vpc_id
-}
 
 ###############################################
 # Applicaiton load balancer

8-app-remote-state-setup/commands.txt

@@ -0,0 +1,10 @@
+terraform init
+
+terraform validate
+
+terraform plan -out state.tfplan
+
+terraform apply state.tfplan
+
+# Make note of the s3 bucket name and dynamodb table name
+

8-app-remote-state-setup/main.tf

@@ -0,0 +1,172 @@
+##################################################################################
+# VARIABLES
+##################################################################################
+
+variable "region" {
+  type    = string
+  default = "us-east-1"
+}
+
+#Bucket variables
+variable "aws_bucket_prefix" {
+  type    = string
+  default = "globo"
+}
+
+variable "aws_dynamodb_table" {
+  type    = string
+  default = "globo-tfstatelock"
+}
+
+variable "full_access_users" {
+  type    = list(string)
+  default = []
+
+}
+
+variable "read_only_users" {
+  type    = list(string)
+  default = []
+}
+
+##################################################################################
+# PROVIDERS
+##################################################################################
+
+provider "aws" {
+  version = "~>2.0"
+  region  = var.region
+  profile = "app"
+}
+
+##################################################################################
+# RESOURCES
+##################################################################################
+
+resource "random_integer" "rand" {
+  min = 10000
+  max = 99999
+}
+
+locals {
+
+  dynamodb_table_name = "${var.aws_dynamodb_table}-${random_integer.rand.result}"
+  bucket_name         = "${var.aws_bucket_prefix}-${random_integer.rand.result}"
+}
+
+resource "aws_dynamodb_table" "terraform_statelock" {
+  name           = local.dynamodb_table_name
+  read_capacity  = 20
+  write_capacity = 20
+  hash_key       = "LockID"
+
+  attribute {
+    name = "LockID"
+    type = "S"
+  }
+}
+
+resource "aws_s3_bucket" "state_bucket" {
+  bucket        = local.bucket_name
+  acl           = "private"
+  force_destroy = true
+
+  versioning {
+    enabled = true
+  }
+
+}
+
+resource "aws_iam_group" "bucket_full_access" {
+
+  name = "${local.bucket_name}-full-access"
+
+}
+
+resource "aws_iam_group" "bucket_read_only" {
+
+  name = "${local.bucket_name}-read-only"
+
+}
+
+# Add members to the group
+
+resource "aws_iam_group_membership" "full_access" {
+  name = "${local.bucket_name}-full-access"
+
+  users = var.full_access_users
+
+  group = aws_iam_group.bucket_full_access.name
+}
+
+resource "aws_iam_group_membership" "read_only" {
+  name = "${local.bucket_name}-read-only"
+
+  users = var.read_only_users
+
+  group = aws_iam_group.bucket_read_only.name
+}
+
+resource "aws_iam_group_policy" "full_access" {
+  name  = "${local.bucket_name}-full-access"
+  group = aws_iam_group.bucket_full_access.id
+
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "s3:*",
+            "Resource": [
+                "arn:aws:s3:::${local.bucket_name}",
+                "arn:aws:s3:::${local.bucket_name}/*"
+            ]
+        },
+                {
+            "Effect": "Allow",
+            "Action": ["dynamodb:*"],
+            "Resource": [
+                "${aws_dynamodb_table.terraform_statelock.arn}"
+            ]
+        }
+   ]
+}
+EOF
+}
+
+resource "aws_iam_group_policy" "read_only" {
+  name  = "${local.bucket_name}-read-only"
+  group = aws_iam_group.bucket_read_only.id
+
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:Get*",
+                "s3:List*"
+            ],
+            "Resource": [
+                "arn:aws:s3:::${local.bucket_name}",
+                "arn:aws:s3:::${local.bucket_name}/*"
+            ]
+        }
+   ]
+}
+EOF
+}
+
+##################################################################################
+# OUTPUT
+##################################################################################
+
+output "s3_bucket" {
+  value = aws_s3_bucket.state_bucket.bucket
+}
+
+output "dynamodb_statelock" {
+  value = aws_dynamodb_table.terraform_statelock.name
+}

8-app-remote-state-setup/terraform.tfvars.example

@@ -0,0 +1,7 @@
+full_access_users = ["JoMcGee"]
+
+read_only_users = ["ElVasquez"]
+
+aws_bucket_prefix = "globo-app"
+
+aws_dynamodb_table = "globo-app-tfstatelock"

9-cf-template/backend.tf

@@ -0,0 +1,5 @@
+terraform {
+    backend "s3" {
+        key = "lambda/terraform.tfstate"
+    }
+}

9-cf-template/commands.txt

@@ -0,0 +1,10 @@
+# Rename terraform.tfvars.example to terraform.tfvars and update values
+
+# Initialize the terraform configuration
+terraform init -backend-config="bucket=_BUCKET_NAME" -backend-config="region=REGION_NAME" -backend-config="dynamodb_table=DYNAMODB_TABLE"
+
+# Plan the terraform deployment
+terraform plan -out stack.tfplan
+
+# Apply the deployment
+terraform apply "stack.tfplan"

9-cf-template/lambda.template

@@ -73,10 +73,6 @@
                     {
                         "AttributeName": "Timestamp",
                         "AttributeType": "S"
-                    },
-                    {
-                        "AttributeName": "Message",
-                        "AttributeType": "S"
                     }
                 ],
                 "KeySchema": [
@@ -182,7 +178,18 @@
                                     "Resource": [
                                         "*"
                                     ]
-                                }
+                                },
+                                {
+                                 "Effect": "Allow",
+                                 "Action": [
+                                     "ec2:CreateNetworkInterface",
+                                     "ec2:DescribeNetworkInterfaces",
+                                     "ec2:DeleteNetworkInterface"
+                                 ],
+                                 "Resource": [
+                                     "*"
+                                 ]
+                             }
                             ]
                         }
                     }

9-cf-template/main.tf

@@ -2,11 +2,33 @@
 # VARIABLES
 ##################################################################################
 
+variable "region" {
+  type    = string
+  default = "us-east-1"
+}
+
 variable "aws_bucket_prefix" {
   type    = string
   default = "globo"
 }
 
+variable "network_state_bucket" {
+  type        = string
+  description = "name of bucket used for network state"
+}
+
+variable "network_state_key" {
+  type        = string
+  description = "name of key used for network state"
+  default     = "networking/dev-vpc/terraform.tfstate"
+}
+
+variable "network_state_region" {
+  type        = string
+  description = "region used for network state"
+  default     = "us-east-1"
+}
+
 locals {
   bucket_name = "${var.aws_bucket_prefix}-lambda-${random_integer.rand.result}"
 }
@@ -71,13 +93,22 @@ resource "aws_security_group" "lambda_sg" {
 
 resource "aws_cloudformation_stack" "orders_stack" { 
   name = "orders-stack"
+  capabilities = ["CAPABILITY_IAM"]
 
   parameters = {
       FunctionBucket = local.bucket_name
       FunctionKey = "publishOrders.zip"
       LambdaSecurityGroup = aws_security_group.lambda_sg.id
-      SubnetIds = data.terraform_remote_state.network.outputs.public_subnets
+      SubnetIds = join(",",data.terraform_remote_state.network.outputs.public_subnets)
   }
 
   template_body = file("${path.module}/lambda.template")
+}
+
+##################################################################################
+# OUTPUT
+##################################################################################
+
+output "template_output" {
+  value = aws_cloudformation_stack.orders_stack.outputs
 }

9-cf-template/terraform.tfvars.example

@@ -0,0 +1 @@
+network_state_bucket = "STATE_BUCKET_NAME"