m7-9 done

.gitignore

@@ -16,6 +16,7 @@
 
 # Consul data directories
 **/network_config/*
+**/application_config/*
 
 # .hcl files
 *.hcl

m7/application_config_example/.github/workflows/terraform.yml

@@ -0,0 +1,44 @@
+name: 'Terraform'
+
+on: push
+
+env:
+  TF_LOG: INFO
+  TF_INPUT: false
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+
+    # Use the Bash shell regardless whether the GitHub Actions runner is 
+    # ubuntu-latest, macos-latest, or windows-latest
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+    # Checkout the repository to the GitHub Actions runner
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    # Install the preferred version of Terraform CLI 
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+
+    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+    - name: Terraform Init
+      id: init
+      run: terraform init
+
+    # Run a terraform fmt for push
+    - name: Terraform Format
+      id: fmt
+      run: terraform fmt -check
+
+    # Run a terraform validate
+    # Run even if formatting fails
+    - name: Terraform Validate
+      id: validate
+      if: (success() || failure())
+      run: terraform validate

m7/application_config_example/datasources.tf

@@ -0,0 +1,12 @@
+##################################################################################
+# DATA SOURCES
+##################################################################################
+
+#data "tfe_outputs" "networking" {
+#  organization = var.tfe_organization
+#  workspace    = var.tfe_workspace_name
+#}
+
+data "aws_ssm_parameter" "amzn2_linux" {
+  name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
+}

m7/application_config_example/keys.tf

@@ -0,0 +1,8 @@
+# Create SSH Key pair for aws instances using a module
+module "ssh_keys" {
+  source  = "terraform-aws-modules/key-pair/aws"
+  version = "~>2.0.0"
+
+  key_name           = "${local.name_prefix}-tdd-keys"
+  create_private_key = true
+}

m7/application_config_example/outputs.tf

@@ -0,0 +1,11 @@
+output "public_lb_dns" {
+  value = aws_lb.main.dns_name
+}
+
+output "webapp_instance0_public_ip" {
+  value = aws_instance.main[0].public_ip
+}
+
+output "private_key_pem" {
+  value = nonsensitive(module.ssh_keys.private_key_pem)
+}

m7/application_config_example/resources.tf

@@ -0,0 +1,130 @@
+##################################################################################
+# PROVIDERS
+##################################################################################
+
+provider "aws" {
+  region = var.region
+}
+
+##################################################################################
+# LOCALS
+##################################################################################
+
+locals {
+
+  common_tags = {
+    Environment = var.environment
+    BillingCode = var.billing_code
+  }
+
+  name_prefix = "${var.prefix}-${var.environment}"
+
+}
+
+##################################################################################
+# RESOURCES
+##################################################################################
+
+resource "aws_instance" "main" {
+  count         = length(var.public_subnets)
+  ami           = nonsensitive(data.aws_ssm_parameter.amzn2_linux.value)
+  instance_type = var.instance_type
+  subnet_id     = var.public_subnets[count.index]
+  vpc_security_group_ids = [
+    aws_security_group.webapp_http_inbound_sg.id,
+    aws_security_group.webapp_ssh_inbound_sg.id,
+    aws_security_group.webapp_outbound_sg.id,
+  ]
+
+  key_name = module.ssh_keys.key_pair_name
+
+  tags = merge(local.common_tags, {
+    "Name" = "${local.name_prefix}-webapp-${count.index}"
+  })
+
+  # Provisioner Stuff
+  connection {
+    type        = "ssh"
+    user        = "ec2-user"
+    port        = "22"
+    host        = self.public_ip
+    private_key = module.ssh_keys.private_key_openssh
+  }
+
+  provisioner "file" {
+    source      = "./templates/userdata.sh"
+    destination = "/home/ec2-user/userdata.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "chmod +x /home/ec2-user/userdata.sh",
+      "sh /home/ec2-user/userdata.sh",
+    ]
+    on_failure = continue
+  }
+
+}
+
+resource "null_resource" "webapp" {
+
+  triggers = {
+    webapp_server_count = length(aws_instance.main.*.id)
+    web_server_names    = join(",", aws_instance.main.*.id)
+  }
+
+  provisioner "file" {
+    content = templatefile("./templates/application.config.tpl", {
+      hosts     = aws_instance.main.*.private_dns
+      site_name = "${local.name_prefix}-taco-wagon"
+      api_key   = var.api_key
+    })
+    destination = "/home/ec2-user/application.config"
+  }
+
+  connection {
+    type        = "ssh"
+    user        = "ec2-user"
+    port        = "22"
+    host        = aws_instance.main[0].public_ip
+    private_key = module.ssh_keys.private_key_openssh
+  }
+
+}
+
+resource "aws_lb" "main" {
+  name               = "${local.name_prefix}-webapp"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.webapp_http_inbound_sg.id]
+  subnets            = var.public_subnets
+
+  enable_deletion_protection = false
+
+  tags = local.common_tags
+}
+
+resource "aws_lb_listener" "main" {
+  load_balancer_arn = aws_lb.main.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.main.arn
+  }
+}
+
+resource "aws_lb_target_group" "main" {
+  name        = "${local.name_prefix}-webapp"
+  port        = 80
+  target_type = "instance"
+  protocol    = "HTTP"
+  vpc_id      = var.vpc_id
+}
+
+resource "aws_alb_target_group_attachment" "main" {
+  count            = length(aws_instance.main.*.id)
+  target_group_arn = aws_lb_target_group.main.arn
+  target_id        = aws_instance.main[count.index].id
+}

m7/application_config_example/security_groups.tf

@@ -0,0 +1,58 @@
+##################################################################################
+# RESOURCES
+##################################################################################
+
+resource "aws_security_group" "webapp_http_inbound_sg" {
+  name        = "${local.name_prefix}-http-inbound"
+  description = "Allow HTTP from Anywhere"
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  vpc_id = var.vpc_id
+
+  tags = local.common_tags
+}
+
+resource "aws_security_group" "webapp_ssh_inbound_sg" {
+  name        = "${local.name_prefix}-ssh-inbound"
+  description = "Allow SSH from certain ranges"
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [var.ip_range]
+  }
+
+  vpc_id = var.vpc_id
+
+  tags = local.common_tags
+}
+
+resource "aws_security_group" "webapp_outbound_sg" {
+  name        = "${local.name_prefix}-webapp-outbound"
+  description = "Allow outbound connections"
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  vpc_id = var.vpc_id
+
+  tags = local.common_tags
+}

m7/application_config_example/templates/application.config.tpl

@@ -0,0 +1,11 @@
+# Change every time hosts are added or removed
+host_list {
+    %{ for host in hosts ~}
+    hostname ${host}
+    %{ endfor ~}
+}
+
+app_config {
+    site_name = "${site_name}"
+    api_key = "${api_key}"
+}

m7/application_config_example/templates/userdata.sh

@@ -0,0 +1,5 @@
+#! /bin/bash
+sudo amazon-linux-extras install -y nginx1
+sudo service nginx start
+sudo rm /usr/share/nginx/html/index.html
+echo '<html><head><title>Taco Team Server</title></head><body style=\"background-color:#1F778D\"><p style=\"text-align: center;\"><span style=\"color:#FFFFFF;\"><span style=\"font-size:28px;\">You did it! Have a &#127790;</span></span></p></body></html>' | sudo tee /usr/share/nginx/html/index.html

m7/application_config_example/terraform.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~>5.0"
+    }
+  }
+}

m7/application_config_example/terraform.tfvars.example

@@ -0,0 +1,6 @@
+prefix = "globo-dev"
+environment = "testing"
+billing_code = "8652147555"
+public_subnets = [ "SUBNET_1","SUBNET_2" ]
+vpc_id = "VPC_ID"
+api_key = "Tac0$AreDel!c1ous"

m7/application_config_example/variables.tf

@@ -0,0 +1,50 @@
+
+variable "region" {
+  type        = string
+  description = "(Optional) AWS Region to deploy in. Defaults to us-east-1."
+  default     = "us-east-1"
+}
+
+variable "prefix" {
+  type        = string
+  description = "(Required) Prefix to use for all resources in this module."
+}
+
+variable "environment" {
+  type        = string
+  description = "(Required) Environment of all resources"
+}
+
+variable "billing_code" {
+  type        = string
+  description = "(Required) Billing code for network resources"
+}
+
+# Application variables
+
+variable "ip_range" {
+  default = "0.0.0.0/0"
+}
+
+variable "instance_type" {
+  type        = string
+  description = "(Optional) EC2 Instance type to use for web app. Defaults to t3.micro."
+  default     = "t3.micro"
+}
+
+variable "api_key" {
+  type        = string
+  description = "(Required) API key for web app to talk to SaaS platform."
+}
+
+variable "public_subnets" {
+  type        = list(string)
+  description = "(Required) List of subnet IDs for EC2 instance deployments."
+}
+
+variable "vpc_id" {
+  type        = string
+  description = "(Required) VPC ID of VPC for application deployment."
+}
+
+