fdio.infra.terraform/terraform-aws-fdio-csit-dash-env/main.tf

   1 data "vault_generic_secret" "fdio_docs" {
   2   path = "kv/secret/data/etl/fdio_docs"
   3 }
   4
   5 data "vault_aws_access_credentials" "creds" {
   6   backend = "${var.vault_name}-path"
   7   role    = "${var.vault_name}-role"
   8 }
   9
  10 module "elastic_beanstalk_application" {
  11   source = "../terraform-aws-elastic-beanstalk-application"
  12
  13   # application
  14   application_description                    = "FD.io CDASH M7G"
  15   application_name                           = "fdio-csit-dash-app-m7g"
  16   appversion_lifecycle_service_role_arn      = "arn:aws:iam::407116685360:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk"
  17   appversion_lifecycle_max_count             = 10
  18   appversion_lifecycle_delete_source_from_s3 = false
  19 }
  20
  21 module "elastic_beanstalk_environment" {
  22   source = "../terraform-aws-elastic-beanstalk-environment"
  23
  24   # environment
  25   application_name = "fdio-csit-dash-app-m7g"
  26
  27   # vpc
  28   vpc_cidr_block           = "10.0.0.0/16"
  29   vpc_enable_dns_hostnames = true
  30   vpc_enable_dns_support   = true
  31   vpc_instance_tenancy     = "default"
  32
  33   # subnet
  34   subnet_a_availability_zone = "eu-north-1a"
  35   subnet_a_cidr_block        = "10.0.0.0/20"
  36   subnet_b_availability_zone = "eu-north-1b"
  37   subnet_b_cidr_block        = "10.0.16.0/20"
  38
  39   # environment
  40   environment_application            = module.elastic_beanstalk_application.application_name
  41   environment_description            = module.elastic_beanstalk_application.application_description
  42   environment_name                   = "fdio-csit-dash-env-m7g"
  43   environment_solution_stack_name    = "64bit Amazon Linux 2023 v4.0.6 running Python 3.11"
  44   environment_tier                   = "WebServer"
  45   environment_wait_for_ready_timeout = "25m"
  46   environment_version_label          = ""
  47
  48   # aws:ec2:instances
  49   instances_instance_types = "m7g.2xlarge"
  50
  51   # aws:ec2:vpc
  52   associate_public_ip_address = true
  53   elb_scheme                  = "public"
  54
  55   # aws:elbv2:listener:default
  56   default_listener_enabled = true
  57
  58   # aws:elasticbeanstalk:environment
  59   environment_loadbalancer_type               = "application"
  60   environment_loadbalancer_ssl_certificate_id = "arn:aws:acm:eu-north-1:407116685360:certificate/3ef3c6ae-f1d4-49f0-a8cd-5d090991bf73"
  61
  62   # aws:elasticbeanstalk:environment:process:default
  63   environment_process_default_healthcheck_interval      = 10
  64   environment_process_default_healthy_threshold_count   = 3
  65   environment_process_default_port                      = 5000
  66   environment_process_default_unhealthy_threshold_count = 3
  67
  68   # aws:autoscaling:updatepolicy:rollingupdate
  69   autoscaling_updatepolicy_rolling_update_enabled  = true
  70   autoscaling_updatepolicy_rolling_update_type     = "Immutable"
  71   autoscaling_updatepolicy_min_instance_in_service = 1
  72
  73   # aws:elasticbeanstalk:command
  74   command_deployment_policy = "Rolling"
  75
  76   # aws:autoscaling:updatepolicy:rollingupdate
  77   updatepolicy_max_batch_size = 1
  78
  79   # aws:elasticbeanstalk:healthreporting:system
  80   healthreporting_system_type = "enhanced"
  81
  82   # aws:elasticbeanstalk:managedactions
  83   managedactions_managed_actions_enabled = true
  84   managedactions_preferred_start_time    = "Sun:10:00"
  85
  86   # aws:elasticbeanstalk:managedactions:platformupdate
  87   managedactions_platformupdate_update_level             = "minor"
  88   managedactions_platformupdate_instance_refresh_enabled = true
  89
  90   # aws:autoscaling:asg
  91   autoscaling_asg_minsize = 1
  92   autoscaling_asg_maxsize = 2
  93
  94   # aws:autoscaling:trigger
  95   autoscaling_trigger_measure_name                 = "CPUUtilization"
  96   autoscaling_trigger_statistic                    = "Average"
  97   autoscaling_trigger_unit                         = "Percent"
  98   autoscaling_trigger_lower_threshold              = 20
  99   autoscaling_trigger_lower_breach_scale_increment = -1
 100   autoscaling_trigger_upper_threshold              = 80
 101   autoscaling_trigger_upper_breach_scale_increment = 1
 102
 103   # aws:elasticbeanstalk:hostmanager
 104   hostmanager_log_publication_control = true
 105
 106   # aws:elasticbeanstalk:cloudwatch:logs
 107   cloudwatch_logs_stream_logs         = true
 108   cloudwatch_logs_delete_on_terminate = true
 109   cloudwatch_logs_retention_in_days   = 3
 110
 111   # aws:elasticbeanstalk:cloudwatch:logs:health
 112   cloudwatch_logs_health_health_streaming_enabled = true
 113   cloudwatch_logs_health_delete_on_terminate      = true
 114   cloudwatch_logs_health_retention_in_days        = 3
 115
 116   environment_type = "LoadBalanced"
 117
 118   # aws:elasticbeanstalk:application:environment
 119   environment_variables = {
 120     "AWS_ACCESS_KEY_ID"     = data.vault_generic_secret.fdio_docs.data["access_key"]
 121     "AWS_SECRET_ACCESS_KEY" = data.vault_generic_secret.fdio_docs.data["secret_key"]
 122     "AWS_DEFAULT_REGION"    = data.vault_generic_secret.fdio_docs.data["region"]
 123   }
 124 }