-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathmain.tf
153 lines (128 loc) · 5.22 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
data "aws_vpc" "network" {
filter {
name = "tag:Name"
values = [module.project_config.network_configs[var.environment_name].vpc_name]
}
}
# docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet
data "aws_subnets" "private" {
filter {
name = "vpc-id"
values = [data.aws_vpc.network.id]
}
filter {
name = "tag:subnet_type"
values = ["private"]
}
}
# docs: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet
data "aws_subnets" "public" {
filter {
name = "vpc-id"
values = [data.aws_vpc.network.id]
}
filter {
name = "tag:subnet_type"
values = ["public"]
}
}
locals {
# The prefix key/value pair is used for Terraform Workspaces, which is useful for projects with multiple infrastructure developers.
# By default, Terraform creates a workspace named “default.” If a non-default workspace is not created this prefix will equal “default”,
# if you choose not to use workspaces set this value to "dev"
prefix = terraform.workspace == "default" ? "" : "${terraform.workspace}-"
# Add environment specific tags
tags = merge(module.project_config.default_tags, {
environment = var.environment_name
description = "Application resources created in ${var.environment_name} environment"
})
service_name = "${local.prefix}${module.app_config.app_name}-${var.environment_name}"
is_temporary = startswith(terraform.workspace, "t-")
environment_config = module.app_config.environment_configs[var.environment_name]
service_config = local.environment_config.service_config
database_config = local.environment_config.database_config
incident_management_service_integration_config = local.environment_config.incident_management_service_integration
domain = local.environment_config.domain
}
terraform {
required_version = ">= 1.2.0, < 2.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.34.0"
}
}
backend "s3" {
encrypt = "true"
}
}
provider "aws" {
region = local.service_config.region
default_tags {
tags = local.tags
}
}
module "project_config" {
source = "../../project-config"
}
module "app_config" {
source = "../app-config"
}
data "aws_rds_cluster" "db_cluster" {
count = module.app_config.has_database ? 1 : 0
cluster_identifier = local.database_config.cluster_name
}
data "aws_acm_certificate" "cert" {
count = local.domain != null ? 1 : 0
domain = local.domain
}
data "aws_iam_policy" "app_db_access_policy" {
count = module.app_config.has_database ? 1 : 0
name = local.database_config.app_access_policy_name
}
data "aws_iam_policy" "migrator_db_access_policy" {
count = module.app_config.has_database ? 1 : 0
name = local.database_config.migrator_access_policy_name
}
# Retrieve url for external incident management tool (e.g. Pagerduty, Splunk-On-Call)
data "aws_ssm_parameter" "incident_management_service_integration_url" {
count = module.app_config.has_incident_management_service ? 1 : 0
name = local.incident_management_service_integration_config.integration_url_param_name
}
module "service" {
source = "../../modules/service"
service_name = local.service_name
is_temporary = local.is_temporary
image_repository_name = module.app_config.image_repository_name
image_tag = local.image_tag
vpc_id = data.aws_vpc.network.id
public_subnet_ids = data.aws_subnets.public.ids
private_subnet_ids = data.aws_subnets.private.ids
cpu = 1024
memory = 2048
cert_arn = local.domain != null ? data.aws_acm_certificate.cert[0].arn : null
db_vars = module.app_config.has_database ? {
security_group_ids = data.aws_rds_cluster.db_cluster[0].vpc_security_group_ids
app_access_policy_arn = data.aws_iam_policy.app_db_access_policy[0].arn
migrator_access_policy_arn = data.aws_iam_policy.migrator_db_access_policy[0].arn
connection_info = {
host = data.aws_rds_cluster.db_cluster[0].endpoint
port = data.aws_rds_cluster.db_cluster[0].port
user = local.database_config.app_username
db_name = data.aws_rds_cluster.db_cluster[0].database_name
schema_name = local.database_config.schema_name
}
} : null
extra_environment_variables = local.service_config.extra_environment_variables
secrets = local.service_config.secrets
}
module "monitoring" {
source = "../../modules/monitoring"
#Email subscription list:
email_alerts_subscription_list = ["[email protected]"]
# Module takes service and ALB names to link all alerts with corresponding targets
service_name = local.service_name
load_balancer_arn_suffix = module.service.load_balancer_arn_suffix
incident_management_service_integration_url = module.app_config.has_incident_management_service ? data.aws_ssm_parameter.incident_management_service_integration_url[0].value : null
}