moved images to s3 and added terraform scripts

infra/terraform/modules/catherine-fc/main/autoscaling-group.tf

@@ -0,0 +1,36 @@
+resource "aws_autoscaling_group" "es_asg" {
+    name = "${var.basename}-${terraform.workspace}"
+
+    availability_zones = ["ap-northeast-1a", "ap-northeast-1c", "ap-northeast-1d"]
+    vpc_zone_identifier = var.internal_subnet_ids
+
+    desired_capacity = var.asg_caps.desired
+    max_size = var.asg_caps.max
+    min_size = var.asg_caps.min
+
+    launch_configuration = aws_launch_configuration.catherine_fc_conf.name
+
+    tags = concat(var.asg_tags, [
+        {
+            key = "STAGE_ENVIRONMENT",
+            value = "${terraform.workspace}",
+            propagate_at_launch = true
+        },
+        {
+            key = "Name",
+            value = "${var.basename}-${terraform.workspace}",
+            propagate_at_launch = true
+        }
+    ])
+
+    enabled_metrics = [
+        "GroupMinSize",
+        "GroupMaxSize",
+        "GroupDesiredCapacity",
+        "GroupInServiceInstances",
+        "GroupPendingInstances",
+        "GroupTerminatingInstances",
+        "GroupStandbyInstances",
+        "GroupTotalInstances"
+    ]
+}

infra/terraform/modules/catherine-fc/main/data.tf

@@ -0,0 +1,12 @@
+data "aws_caller_identity" "self" { }
+
+data "aws_ami" "catherine_fc_ami" {
+    most_recent = true
+
+    filter {
+        name   = "name"
+        values = [ "catherine-fc" ]
+    }
+
+    owners = [ "353699021357" ]
+}

infra/terraform/modules/catherine-fc/main/iam.tf

@@ -0,0 +1,97 @@
+resource "aws_iam_instance_profile" "catherine_fc_profile" {
+  name_prefix = "${var.basename}-"
+  role = aws_iam_role.instance.name
+}
+
+resource "aws_iam_role" "instance" {
+    name = "${var.basename}-${terraform.workspace}"
+    path = "/"
+
+    assume_role_policy = <<EOF1
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": "sts:AssumeRole",
+            "Principal": {
+                "Service": "ec2.amazonaws.com"
+            },
+            "Effect": "Allow"
+        }
+    ]
+}
+EOF1
+
+    tags = var.tags
+}
+
+resource "aws_iam_role_policy" "catherine_fc_autoscaling" {
+    name = "catherine_fc_autoscaling_policy"
+    role = aws_iam_role.instance.id
+    policy = <<EOF2
+{
+    "Statement": [
+        {
+            "Action": [
+                "autoscaling:UpdateAutoScalingGroup"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "${var.asg_arn}"
+            ]
+        }
+    ],
+    "Version": "2012-10-17"
+}
+EOF2
+}
+
+resource "aws_iam_role_policy" "catherine_fc_ec2" {
+    name = "catherine_fc_ec2_policy"
+    role = aws_iam_role.instance.id
+    policy = <<EOF4
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+EOF4
+}
+
+resource "aws_iam_role_policy" "catherine_fc_s3" {
+    name = "catherine_fc_s3_policy"
+    role = aws_iam_role.instance.id
+    policy = <<EOF5
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "s3:GetObjectAcl",
+                "s3:GetObject",
+                "s3:ListBucket"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "arn:aws:s3:::catherine-fc-*"
+            ]
+        }
+    ]
+}
+EOF5
+}
+
+resource "aws_iam_role_policy_attachment" "GOV_ssm_basic" {
+    role = aws_iam_role.instance.id
+    policy_arn = "arn:aws:iam::${data.aws_caller_identity.self.account_id}:policy/GOV_ssm_basic"
+}

infra/terraform/modules/catherine-fc/main/launch-template.tf

@@ -0,0 +1,20 @@
+resource "aws_launch_configuration" "catherine_fc_conf" {
+    name_prefix = "catherine-fc-conf-"
+    image_id = data.aws_ami.catherine_fc_ami.id
+    instance_type = var.ec2_instance_type
+    iam_instance_profile = aws_iam_instance_profile.catherine_fc_profile.name
+    security_groups = [
+        aws_security_group.catherine_fc_ec2_sg.id
+    ]
+    user_data = <<-EOF
+                #!/bin/bash
+                yum -y update
+                EOF
+
+    root_block_device {
+        volume_type = "gp2"
+        volume_size = 16
+    }
+    associate_public_ip_address = false
+    key_name = var.key_name
+}

infra/terraform/modules/catherine-fc/main/load-balancer.tf

@@ -0,0 +1,23 @@
+resource "aws_lb" "catherine_fc_load_balancer" {
+  name               = "catherine-fc-lb"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.catherine_fc_lb_sg]
+  subnets            = [var.internal_subnet_ids]
+
+  enable_deletion_protection = true
+
+  tags = var.tags
+}
+resource "aws_lb_listener" "front_end" {
+  load_balancer_arn = aws_lb.front_end.arn
+  port              = "443"
+  protocol          = "HTTPS"
+  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
+  certificate_arn   = "arn:aws:acm:ap-northeast-1:353699021357:certificate/df8e9911-1f45-4e3f-90cb-4c34f3ed3e50"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.target_group_web.arn
+  }
+}

infra/terraform/modules/catherine-fc/main/output.tf

@@ -0,0 +1,4 @@
+
+output "asg_arn" {
+    value = aws_autoscaling_group.es_asg.arn
+}

infra/terraform/modules/catherine-fc/main/security-group.tf

@@ -0,0 +1,55 @@
+resource "aws_security_group" "catherine_fc_asg_sg" {
+    description = "catherine fc security group"
+    vpc_id = var.vpc_id
+    tags = var.tags
+}
+
+resource "aws_security_group_rule" "catherine_fc_asg_sg_ingress" {
+    description = "lb security group"
+    type = "ingress"
+    from_port = 8080
+    to_port = 8080
+    protocol = "tcp"
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_asg_sg.id
+}
+
+resource "aws_security_group_rule" "catherine_fc_asg_sg_allow_egress" {
+    description = "allow all"
+    type = "egress"
+    protocol = "all"
+    from_port = 0
+    to_port = 65535
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_asg_sg.id
+}
+
+resource "aws_security_group" "catherine_fc_lb_sg" {
+    description = "catherine fc security group for load balancer"
+    vpc_id = var.vpc_id
+    tags = var.tags
+}
+
+resource "aws_security_group_rule" "catherine_fc_alb_sg_ingress" {
+    description = "alb security group"
+    type = "ingress"
+    from_port = 443
+    to_port = 443
+    protocol = "tcp"
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_lb_sg.id
+}
+
+resource "aws_security_group_rule" "catherine_fc_asg_sg_allow_egress" {
+    description = "allow all"
+    type = "egress"
+    protocol = "all"
+    from_port = 0
+    to_port = 65535
+    cidr_blocks = [ "0.0.0.0/0" ]
+
+    security_group_id = aws_security_group.catherine_fc_lb_sg.id
+}

infra/terraform/modules/catherine-fc/main/target-group.tf

@@ -0,0 +1,6 @@
+resource "aws_lb_target_group" "target_group_web" {
+  name     = "catherine-fc-tg"
+  port     = 8080
+  protocol = "HTTP"
+  vpc_id   = aws_vpc.main.id
+}

infra/terraform/modules/catherine-fc/main/variable.tf

@@ -0,0 +1,9 @@
+variable "vpc_id" {}
+variable "internal_subnet_ids" {}
+variable "tags" {}
+variable "asg_tags" {}
+variable "asg_caps" {}
+variable "basename" {}
+variable "ec2_instance_type" {}
+variable "key_name" {}
+variable "asg_arn" {}