moved images to s3 and added terraform scripts

infra/custom_ami/packer/catherine-fc.json

@@ -38,7 +38,7 @@
 		{
 			"type": "shell",
 			"inline": [
-				"sudo yum update",
+				"sudo yum -y update",
 				"sudo yum -y install unzip",
 				"sudo yum -y install nano",
 				"sudo yum -y install dos2unix",

infra/custom_ami/platform-uploads/opt/web-init/web-init.sh

@@ -3,4 +3,5 @@
 aws s3 cp s3://catherine-fc-infra/build.tar.gz .
 tar zxf build.tar.gz
 rm build.tar.gz
-node build/server/index.js
+cd build
+node server/index.js

infra/terraform/environments/catherine-fc/.gitignore

@@ -0,0 +1 @@
+/.terraform/

infra/terraform/environments/catherine-fc/backend.tf

@@ -0,0 +1,8 @@
+terraform {
+    backend "s3" {
+        bucket = "catherine-fc-infra"
+        key = "catherine-fc-ec2/terraform.tfstate"
+        region = "ap-northeast-1"
+        encrypt = true
+    }
+}

infra/terraform/environments/catherine-fc/main.tf

@@ -0,0 +1,12 @@
+module "catherine-fc" {
+    source = "../../modules/catherine-fc/main"
+    vpc_id = var.vpc_id[terraform.workspace]
+    internal_subnet_ids = var.internal_subnet_ids[terraform.workspace]
+    tags = var.tags
+    asg_tags = var.asg_tags
+    basename = "catherine-fc"
+    asg_caps = var.asg_caps["catherine-fc"]
+    ec2_instance_type = "t2.micro"
+    key_name = var.key_name[terraform.workspace]
+    asg_arn = module.catherine-fc.asg_arn
+}

infra/terraform/environments/catherine-fc/output.tf

@@ -0,0 +1,3 @@
+output "asg_arn" {
+    value = module.catherine-fc.asg_arn
+}

infra/terraform/environments/catherine-fc/provider.tf

@@ -0,0 +1,4 @@
+provider "aws" {
+    region  = "ap-northeast-1"
+    version = "~> 2.0"
+}

infra/terraform/environments/catherine-fc/variable.tf

@@ -0,0 +1,46 @@
+variable "tags" {
+    type = map(string)
+    default = {
+        PROJECT = "CATHERINE_FC"
+    }
+}
+
+variable "asg_tags" {
+    type = list(object({key=string, value=string, propagate_at_launch=bool}))
+    default = [
+        {
+            key = "PROJECT",
+            value = "CATHERINE_FC",
+            propagate_at_launch = true
+        }
+    ]
+}
+variable "asg_caps" {
+    type = map(map(number))
+    default = {
+        "catherine-fc" = {
+            min = 1
+            max = 1
+            desired = 1
+        }
+    }
+}
+
+variable "vpc_id" {
+    type = map(string)
+    default = {
+        prod = "vpc-c54553a2"
+    }
+}
+variable "internal_subnet_ids" {
+    type = map(list(string))
+    default = {
+        prod = [ "subnet-0d0fdf45", "subnet-4dcecc16", "subnet-4dcecc16" ]
+    }
+}
+variable "key_name" {
+    type = map(string)
+    default = {
+        prod = "catherine-fc"
+    }
+}

infra/terraform/modules/catherine-fc/main/autoscaling-group.tf

@@ -0,0 +1,36 @@
+resource "aws_autoscaling_group" "es_asg" {
+    name = "${var.basename}-${terraform.workspace}"
+
+    availability_zones = ["ap-northeast-1a", "ap-northeast-1c", "ap-northeast-1d"]
+    vpc_zone_identifier = var.internal_subnet_ids
+
+    desired_capacity = var.asg_caps.desired
+    max_size = var.asg_caps.max
+    min_size = var.asg_caps.min
+
+    launch_configuration = aws_launch_configuration.catherine_fc_conf.name
+
+    tags = concat(var.asg_tags, [
+        {
+            key = "STAGE_ENVIRONMENT",
+            value = "${terraform.workspace}",
+            propagate_at_launch = true
+        },
+        {
+            key = "Name",
+            value = "${var.basename}-${terraform.workspace}",
+            propagate_at_launch = true
+        }
+    ])
+
+    enabled_metrics = [
+        "GroupMinSize",
+        "GroupMaxSize",
+        "GroupDesiredCapacity",
+        "GroupInServiceInstances",
+        "GroupPendingInstances",
+        "GroupTerminatingInstances",
+        "GroupStandbyInstances",
+        "GroupTotalInstances"
+    ]
+}

infra/terraform/modules/catherine-fc/main/data.tf

@@ -0,0 +1,12 @@
+data "aws_caller_identity" "self" { }
+
+data "aws_ami" "catherine_fc_ami" {
+    most_recent = true
+
+    filter {
+        name   = "name"
+        values = [ "catherine-fc" ]
+    }
+
+    owners = [ "353699021357" ]
+}

infra/terraform/modules/catherine-fc/main/iam.tf

@@ -0,0 +1,97 @@
+resource "aws_iam_instance_profile" "catherine_fc_profile" {
+  name_prefix = "${var.basename}-"
+  role = aws_iam_role.instance.name
+}
+
+resource "aws_iam_role" "instance" {
+    name = "${var.basename}-${terraform.workspace}"
+    path = "/"
+
+    assume_role_policy = <<EOF1
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {
+                "Service": "ec2.amazonaws.com"
+            },
+            "Effect": "Allow"
+        }
+    ]
+}
+EOF1
+
+    tags = var.tags
+}
+
+resource "aws_iam_role_policy" "catherine_fc_autoscaling" {
+    name = "catherine_fc_autoscaling_policy"
+    role = aws_iam_role.instance.id
+    policy = <<EOF2
+{
+    "Statement": [
+        {
+            "Action": [
+                "autoscaling:UpdateAutoScalingGroup"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "${var.asg_arn}"
+            ]
+        }
+    ],
+    "Version": "2012-10-17"
+}
+EOF2
+}
+
+resource "aws_iam_role_policy" "catherine_fc_ec2" {
+    name = "catherine_fc_ec2_policy"
+    role = aws_iam_role.instance.id
+    policy = <<EOF4
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+EOF4
+}
+
+resource "aws_iam_role_policy" "catherine_fc_s3" {
+    name = "catherine_fc_s3_policy"
+    role = aws_iam_role.instance.id
+    policy = <<EOF5
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "s3:GetObjectAcl",
+                "s3:GetObject",
+                "s3:ListBucket"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "arn:aws:s3:::catherine-fc-*"
+            ]
+        }
+    ]
+}
+EOF5
+}
+
+resource "aws_iam_role_policy_attachment" "GOV_ssm_basic" {
+    role = aws_iam_role.instance.id
+    policy_arn = "arn:aws:iam::${data.aws_caller_identity.self.account_id}:policy/GOV_ssm_basic"
+}

infra/terraform/modules/catherine-fc/main/launch-template.tf

@@ -0,0 +1,20 @@
+resource "aws_launch_configuration" "catherine_fc_conf" {
+    name_prefix = "catherine-fc-conf-"
+    image_id = data.aws_ami.catherine_fc_ami.id
+    instance_type = var.ec2_instance_type
+    iam_instance_profile = aws_iam_instance_profile.catherine_fc_profile.name
+    security_groups = [
+        aws_security_group.catherine_fc_ec2_sg.id
+    ]
+    user_data = <<-EOF
+                #!/bin/bash
+                yum -y update
+                EOF
+
+    root_block_device {
+        volume_type = "gp2"
+        volume_size = 16
+    }
+    associate_public_ip_address = false
+    key_name = var.key_name
+}

infra/terraform/modules/catherine-fc/main/load-balancer.tf

@@ -0,0 +1,23 @@
+resource "aws_lb" "catherine_fc_load_balancer" {
+  name               = "catherine-fc-lb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.catherine_fc_lb_sg]
+  subnets            = [var.internal_subnet_ids]
+
+  enable_deletion_protection = true
+
+  tags = var.tags
+}
+resource "aws_lb_listener" "front_end" {
+  load_balancer_arn = aws_lb.front_end.arn
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
+  certificate_arn   = "arn:aws:acm:ap-northeast-1:353699021357:certificate/df8e9911-1f45-4e3f-90cb-4c34f3ed3e50"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.target_group_web.arn
+  }
+}

infra/terraform/modules/catherine-fc/main/output.tf

@@ -0,0 +1,4 @@
+
+output "asg_arn" {
+    value = aws_autoscaling_group.es_asg.arn
+}

infra/terraform/modules/catherine-fc/main/security-group.tf

@@ -0,0 +1,55 @@
+resource "aws_security_group" "catherine_fc_asg_sg" {
+    description = "catherine fc security group"
+    vpc_id = var.vpc_id
+    tags = var.tags
+}
+
+resource "aws_security_group_rule" "catherine_fc_asg_sg_ingress" {
+    description = "lb security group"
+    type = "ingress"
+    from_port = 8080
+    to_port = 8080
+    protocol = "tcp"
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_asg_sg.id
+}
+
+resource "aws_security_group_rule" "catherine_fc_asg_sg_allow_egress" {
+    description = "allow all"
+    type = "egress"
+    protocol = "all"
+    from_port = 0
+    to_port = 65535
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_asg_sg.id
+}
+
+resource "aws_security_group" "catherine_fc_lb_sg" {
+    description = "catherine fc security group for load balancer"
+    vpc_id = var.vpc_id
+    tags = var.tags
+}
+
+resource "aws_security_group_rule" "catherine_fc_alb_sg_ingress" {
+    description = "alb security group"
+    type = "ingress"
+    from_port = 443
+    to_port = 443
+    protocol = "tcp"
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_lb_sg.id
+}
+
+resource "aws_security_group_rule" "catherine_fc_asg_sg_allow_egress" {
+    description = "allow all"
+    type = "egress"
+    protocol = "all"
+    from_port = 0
+    to_port = 65535
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_lb_sg.id
+}

infra/terraform/modules/catherine-fc/main/target-group.tf

@@ -0,0 +1,6 @@
+resource "aws_lb_target_group" "target_group_web" {
+  name     = "catherine-fc-tg"
+  port     = 8080
+  protocol = "HTTP"
+  vpc_id   = aws_vpc.main.id
+}

infra/terraform/modules/catherine-fc/main/variable.tf

@@ -0,0 +1,9 @@
+variable "vpc_id" {}
+variable "internal_subnet_ids" {}
+variable "tags" {}
+variable "asg_tags" {}
+variable "asg_caps" {}
+variable "basename" {}
+variable "ec2_instance_type" {}
+variable "key_name" {}
+variable "asg_arn" {}