Terraform-New-Node-Aws

deploy/terraform-aws/iam.tf

@@ -0,0 +1,58 @@
+resource "aws_iam_role" "stellar_role" {
+  name = "stellar_assume_role"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+  tags = {
+      tag-key = "Stellar-Assume-Role"
+  }
+}
+
+resource "aws_iam_instance_profile" "stellar_profile" {
+  name = "stellar_profile"
+  role = "${aws_iam_role.stellar_role.name}"
+}
+
+resource "aws_iam_role_policy" "stellar_policy" {
+  name = "stellar_policy"
+  role = "${aws_iam_role.stellar_role.id}"
+  policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Action": [
+                "s3:PutObject",
+                "s3:DeleteObject"
+            ],
+            "Resource": "arn:aws:s3:::stellar-core-${var.NODENAME}-${var.SUFFIX}/*"
+        },
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Action": [
+                "cloudwatch:GetMetricData",
+                "cloudwatch:GetMetricStatistics",
+                "cloudwatch:ListMetrics"
+            ],
+            "Resource": "*"
+        }
+    ]
+ }
+EOF
+}
+

deploy/terraform-aws/main.tf

@@ -0,0 +1,24 @@
+###############################
+##   AWS  Connection config ##
+##############################
+
+provider "aws" {
+  region                  = "${var.aws_region}"
+  shared_credentials_file = "~/.aws/credentials"
+  profile                 = "default"
+}
+
+
+
+#terraform {
+#  backend "s3" {
+#    encrypt = true
+    # cannot contain interpolations
+     #bucket = "${aws_s3_bucket.tf_bucket.bucket}"
+    #bucket = "my-terraform-state-s3"
+     #region = "${aws_s3_bucket.tf_bucket.region}"
+#    region = "us-east-2"
+    # dynamodb_table = "example-iac-terraform-state-lock-dynamo"
+#    key = "terraform.tfstate"
+#  }
+#}

deploy/terraform-aws/output.tf

@@ -0,0 +1,9 @@
+output "aws_eip_natip" {
+  value = "${aws_eip.nat.public_ip}"
+  description = "The NAT IP address of the Stellar Subnet for Whitelisting"
+}
+
+
+
+
+

deploy/terraform-aws/query.tf

@@ -0,0 +1,18 @@
+#################################
+# Fetch latest Ubuntu in Region #
+#################################
+
+data "aws_ami" "latest-ubuntu" {
+most_recent = true
+owners = ["099720109477"] # Canonical
+
+  filter {
+      name   = "name"
+      values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
+  }
+
+  filter {
+      name   = "state"
+      values = ["available"]
+  }
+}

deploy/terraform-aws/rds.tf

@@ -0,0 +1,39 @@
+
+resource "aws_db_subnet_group" "postgres-subnet" {
+  name = "postgres-subnet"
+  description = "RDS subnet group"
+  subnet_ids = ["${aws_subnet.private-subnet.id}","${aws_subnet.private-subnet-b.id}"]
+}
+
+resource "aws_db_parameter_group" "postgres-parameters" {
+name = "postgres-parameters"
+family = "postgres9.6"
+description = "postgres parameter group"
+
+#parameter {
+  #name = "max_allowed_packet"
+  #value = "16777216"
+  #}
+}
+
+resource "aws_db_instance" "postgres" {
+  allocated_storage = 100 # 100 GB of storage, gives us more IOPS than a lower number
+  engine = "postgres"
+  engine_version = "9.6.11"
+  instance_class = "db.m4.xlarge"
+  identifier = "${var.DB_IDENTIFIER}"
+  name = "${var.DB_NAME}"
+  username = "${var.DB_USER}" 
+  password = "${var.DB_PASS}"
+  db_subnet_group_name = "${aws_db_subnet_group.postgres-subnet.name}"
+  parameter_group_name = "${aws_db_parameter_group.postgres-parameters.name}"
+  multi_az = "false" # set to true to have high availability: 2 instances synchronized with each other
+  vpc_security_group_ids = ["${aws_security_group.allow-postgres.id}"]
+  storage_type = "gp2"
+  #backup_retention_period = 30 
+  availability_zone = "${aws_subnet.private-subnet.availability_zone}" # prefered AZ
+
+tags {
+  Name = "postgres-instance"
+  }
+}

deploy/terraform-aws/resources.tf

@@ -0,0 +1,111 @@
+
+# Define SSH key pair for our instances
+resource "aws_key_pair" "default" {
+  key_name = "default-key"
+  public_key = "${file("${var.key_path}")}"
+}
+
+##################
+# EC2 Instances ##
+##################
+# Define stellar inside the private subnet
+
+resource "aws_instance" "stellar" {
+   ami = "${data.aws_ami.latest-ubuntu.id}"
+   instance_type = "t3.medium"
+   key_name = "${aws_key_pair.default.id}"
+   subnet_id = "${aws_subnet.private-subnet.id}"
+   vpc_security_group_ids = ["${aws_security_group.stellar-sg.id}"]
+   associate_public_ip_address = false
+   source_dest_check = false
+   iam_instance_profile = "${aws_iam_instance_profile.stellar_profile.name}"
+root_block_device {
+    volume_size = "100"
+    volume_type = "standard"
+  }   
+
+  tags {
+    Name = "Stellar-core"
+  }
+}
+
+# Define database inside the private subnet
+resource "aws_instance" "bastion" {
+   ami = "${data.aws_ami.latest-ubuntu.id}"
+   instance_type = "t2.micro"
+   key_name = "${aws_key_pair.default.id}"
+   subnet_id = "${aws_subnet.dmz-subnet.id}"
+   vpc_security_group_ids = ["${aws_security_group.bastion-sg.id}"]
+   source_dest_check = false
+root_block_device {
+    volume_size = "8"
+    volume_type = "standard"
+  }
+
+  tags {
+    Name = "Bastion-Host"
+  }
+}
+###################################
+
+######################
+# Define Stellar NLB #
+######################
+resource "aws_lb" "stellar-nlb" {
+  name               = "stellar-nlb"
+  internal           = false
+  load_balancer_type = "network"
+  subnets            = ["${aws_subnet.public-subnet.id}"]
+
+  enable_deletion_protection = true
+
+  tags = {
+    Environment = "production"
+  }
+}
+
+resource "aws_lb_listener" "stellar_front_end" {
+  load_balancer_arn = "${aws_lb.stellar-nlb.arn}"
+  port              = "11625"
+  protocol          = "TCP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = "${aws_lb_target_group.stellar-nlb-tg.arn}"
+  }
+}
+
+
+resource "aws_lb_target_group" "stellar-nlb-tg" {
+  name     = "stellar-nlb-tg"
+  port     = 11625
+  protocol = "TCP"
+  target_type = "instance"
+  vpc_id   = "${aws_vpc.Application-VPC.id}"
+}
+
+resource "aws_lb_target_group_attachment" "attach" {
+  target_group_arn = "${aws_lb_target_group.stellar-nlb-tg.arn}"
+  target_id        = "${aws_instance.stellar.id}"
+  port             = 11625
+}
+
+###################################
+# Define NAT gateway to Private Subnet
+###################################
+
+resource "aws_eip" "nat" {
+  #instance = "${aws_instance.web.id}"
+  vpc      = true
+}
+
+
+resource "aws_nat_gateway" "stellar_nat_gw" {
+  allocation_id = "${aws_eip.nat.id}"
+  subnet_id     = "${aws_subnet.public-subnet.id}"
+
+  tags = {
+    Name = "gw NAT"
+  }
+}
+

deploy/terraform-aws/s3.tf

@@ -0,0 +1,49 @@
+resource "aws_s3_bucket" "tf_bucket" {
+  bucket = "${var.NODENAME}-${var.SUFFIX}-tf-state"
+  acl    = "private"
+  tags = {
+    Name        = "TF-bucket"
+  }
+}
+
+resource "aws_s3_bucket" "stellar_bucket" {
+  bucket = "stellar-core-${var.NODENAME}-${var.SUFFIX}"
+  acl    = "public-read"
+  policy = <<EOF
+{
+  "Id": "bucket_policy_site",
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "bucket_policy_site_main",
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Effect": "Allow",
+      "Resource": "arn:aws:s3:::stellar-core-${var.NODENAME}-${var.SUFFIX}/*",
+      "Principal": "*"
+    }
+  ]
+}
+EOF
+  tags = {
+    Name        = "My-TF-bucket"
+  }
+}
+
+resource "aws_s3_bucket" "cloudtrail" {
+  bucket = "${var.NODENAME}-${var.SUFFIX}-cloudtrail-logs"
+  acl    = "private"
+  tags = {
+    Name        = "Cloudtrail-bucket"
+  }
+}
+
+resource "aws_s3_bucket" "conf_bucket" {
+  bucket = "${var.NODENAME}-${var.SUFFIX}-config-bucket"
+  acl    = "private"
+
+  tags = {
+    Name        = "Config-bucket"
+  }
+}