Uploading files

Author: mauricios

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Aplyca
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,28 @@
+Terraform AWS ElasticSearch domian
+==================================
+
+Create a ElasticSearch domain
+
+
+Example:
+
+```
+module "search" {
+  source  = "Aplyca/elasticsearch/aws"
+
+  name    = "My ES cluster"
+  vpc_id  = "vpc-bsasdsf"
+  newbits  = 10
+  netnum  = 16
+  azs     = ["us-east1"]
+  rt_id   = "rt-adfarwr"
+  access_sg_ids = ["sg-rewr4sre"]
+  access_cidrs = ["172.168.0.0/26"]
+  storage = 25
+
+  tags {
+    App = "my App"
+    Environment = "Prod"
+  }
+}
+```

data.tf

@@ -0,0 +1,3 @@
+data "aws_vpc" "this" {
+  id = "${var.vpc_id}"
+}

main.tf

@@ -0,0 +1,160 @@
+locals {
+  id = "${replace(var.name, " ", "-")}"
+}
+
+# -----------------------------------------------
+# Create Private subnets
+# -----------------------------------------------
+resource "aws_subnet" "this" {
+  count = "${length(var.azs)}"
+  vpc_id = "${data.aws_vpc.this.id}"
+  cidr_block = "${cidrsubnet(data.aws_vpc.this.cidr_block, var.newbits, var.netnum + count.index)}"
+	availability_zone = "${element(var.azs, count.index)}"
+	map_public_ip_on_launch = false
+  tags = "${merge(var.tags, map("Name", "${var.name} ES ${count.index}"))}"
+}
+
+resource "aws_route_table_association" "this" {
+  count = "${length(aws_subnet.this.*.id)}"
+  subnet_id = "${element(aws_subnet.this.*.id, count.index)}"
+  route_table_id = "${var.rt_id}"
+}
+
+# ---------------------------------------
+# Network ACL DB
+# ---------------------------------------
+resource "aws_network_acl" "this" {
+  vpc_id = "${data.aws_vpc.this.id}"
+  subnet_ids = ["${aws_subnet.this.*.id}"]
+  tags = "${merge(var.tags, map("Name", "${var.name} ES"))}"
+}
+
+# ---------------------------------------
+# Network ACL Inbound/Outbound DB
+# ---------------------------------------
+resource "aws_network_acl_rule" "inbound_https" {
+  count = "${length(var.access_cidrs)}"
+  network_acl_id = "${aws_network_acl.this.id}"
+  rule_number    = "${100+count.index}"
+  egress         = false
+  protocol       = "tcp"
+  rule_action    = "allow"
+  cidr_block     = "${element(var.access_cidrs, count.index)}"
+  from_port      = 443
+  to_port        = 443
+}
+
+resource "aws_network_acl_rule" "inbound_http" {
+  count = "${length(var.access_cidrs)}"
+  network_acl_id = "${aws_network_acl.this.id}"
+  rule_number    = "${(200+count.index)}"
+  egress         = false
+  protocol       = "tcp"
+  rule_action    = "allow"
+  cidr_block     = "${element(var.access_cidrs, count.index)}"
+  from_port      = 80
+  to_port        = 80
+}
+
+resource "aws_network_acl_rule" "outbound" {
+  count = "${length(var.access_cidrs)}"
+  network_acl_id = "${aws_network_acl.this.id}"
+  rule_number    = "${(count.index+1)*100}"
+  egress         = true
+  protocol       = "tcp"
+  rule_action    = "allow"
+  cidr_block     = "${element(var.access_cidrs, count.index)}"
+  from_port      = 1024
+  to_port        = 65535
+}
+
+# Security group Database access
+resource "aws_security_group" "this" {
+  name = "${local.id}-ES"
+  description = "Access to ElasticSearch port"
+  vpc_id = "${data.aws_vpc.this.id}"
+
+  tags = "${merge(var.tags, map("Name", "${var.name} ES"))}"
+}
+
+resource "aws_security_group_rule" "egress" {
+  type            = "egress"
+  security_group_id = "${aws_security_group.this.id}"
+  from_port       = 0
+  to_port         = 0
+  protocol        = "-1"
+  cidr_blocks     = ["0.0.0.0/0"]
+  description = "Access to all egress targets"
+}
+
+resource "aws_security_group_rule" "ingress_https" {
+  count = "${length(var.access_sg_ids)}"
+  type            = "ingress"
+  security_group_id = "${aws_security_group.this.id}"
+  from_port       = "443"
+  to_port         = "443"
+  protocol        = "tcp"
+  source_security_group_id = "${element(var.access_sg_ids, count.index)}"
+  description = "Access from Source"
+}
+
+resource "aws_security_group_rule" "ingress_http" {
+  count = "${length(var.access_sg_ids)}"
+  type            = "ingress"
+  security_group_id = "${aws_security_group.this.id}"
+  from_port       = "80"
+  to_port         = "80"
+  protocol        = "tcp"
+  source_security_group_id = "${element(var.access_sg_ids, count.index)}"
+  description = "Access from Source"
+}
+
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "${lower(local.id)}"
+  elasticsearch_version = "${var.es_version}"
+  cluster_config {
+    instance_type = "${var.type}"
+    instance_count = "${var.instances}"
+  }
+
+  vpc_options {
+    security_group_ids = ["${aws_security_group.this.id}"]
+    subnet_ids = ["${aws_subnet.this.*.id}"]
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "${var.storage}"
+  }
+
+  snapshot_options {
+    automated_snapshot_start_hour = 1
+  }
+
+  tags = "${merge(var.tags, map("Name", var.name))}"
+}
+
+
+resource "aws_elasticsearch_domain_policy" "this" {
+  domain_name = "${aws_elasticsearch_domain.this.domain_name}"
+
+  access_policies = <<POLICIES
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "*"
+        ]
+      },
+      "Action": [
+        "es:*"
+      ],
+      "Resource": "${aws_elasticsearch_domain.this.arn}/*"
+    }
+  ]
+}
+POLICIES
+}

outputs.tf

@@ -0,0 +1,3 @@
+output "endpoint" {
+  value = "${aws_elasticsearch_domain.this.endpoint}"
+}

variables.tf

@@ -0,0 +1,65 @@
+variable "name" {
+  description = "Name prefix for all EFS resources."
+  default     = "App"
+}
+
+variable "azs" {
+  description = "A list of availability zones to associate with."
+  type        = "list"
+  default     = []
+}
+
+variable "access_sg_ids" {
+  description = "A list of security groups Ids to grant access."
+  type        = "list"
+  default     = []
+}
+
+variable "vpc_id" {
+  description = "VPC Id where the EFS resources will be deployed."
+}
+
+variable "newbits" {
+  description = "newbits in the cidrsubnet function."
+  default = 26
+}
+
+variable "netnum" {
+  description = "netnum in the cidrsubnet function."
+  default = 0
+}
+
+variable "rt_id" {
+  description = "Route Table Id to assing to the EFS subnet."
+}
+
+variable "access_cidrs" {
+  description = "A list of Subnets CIDR Blocks to grant access"
+  type        = "list"
+  default     = []
+}
+
+variable "tags" {
+  description = "A mapping of tags to assign to the resource."
+  default     = {}
+}
+
+variable "es_version" {
+  description = "Version"
+  default     = "6.2"
+}
+
+variable "storage" {
+  description = "Storage size"
+  default     = 10
+}
+
+variable "type" {
+  description = "Instance type"
+  default     = "t2.small.elasticsearch"
+}
+
+variable "instances" {
+  description = "Instance count"
+  default     = 1
+}