Merge pull request #7 from mokshasoft/aws-IaC

Add an IHP terraform configuration for AWS

Author: mpscholten

Application/Migration/1720937042.sql

@@ -0,0 +1,124 @@
+resource "aws_vpc" "main" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+
+  tags = {
+    Name = "${var.prefix}-main"
+  }
+}
+
+resource "aws_subnet" "public" {
+  availability_zone = var.az_1
+  vpc_id     = aws_vpc.main.id
+  cidr_block = "10.0.1.0/24"
+  map_public_ip_on_launch = true  # This enables auto-assign public IPs for instances launched in this subnet
+
+  tags = {
+    Name = "${var.prefix}-public"
+  }
+}
+
+resource "aws_internet_gateway" "main" {
+  vpc_id = aws_vpc.main.id
+
+  tags = {
+    Name = "${var.prefix}-main"
+  }
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = aws_vpc.main.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.main.id
+  }
+
+  tags = {
+    Name = "${var.prefix}-public"
+  }
+}
+
+resource "aws_route_table_association" "public" {
+  subnet_id      = aws_subnet.public.id
+  route_table_id = aws_route_table.public.id
+}
+
+resource "aws_security_group" "ec2_sg" {
+  vpc_id = aws_vpc.main.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.prefix}-ec2_sg"
+  }
+}
+
+resource "aws_instance" "ihp_app" {
+  availability_zone = var.az_1
+  ami = "ami-075111b79058282b7" # nixos/23.11
+  instance_type = "t3.medium"
+  key_name = "${var.key_name}"
+  subnet_id = aws_subnet.public.id
+  vpc_security_group_ids = [aws_security_group.ec2_sg.id]
+  associate_public_ip_address = true
+
+  # Add an EBS volume with 30GB of storage
+  ebs_block_device {
+    device_name = "/dev/xvda"
+    volume_size = 30          # Size in GB
+    volume_type = "gp2"       # General Purpose SSD
+  }
+
+  tags = {
+    Name = "${var.prefix}-ihp_app"
+  }
+}

IaC/aws/ec2.tf

@@ -0,0 +1,16 @@
+provider "aws" {
+  region = var.region
+}
+
+provider "local" {}
+
+resource "local_file" "db_info" {
+  content = <<EOF
+Instance URL: ${aws_instance.ihp_app.public_dns}
+DB Endpoint: ${aws_db_instance.postgres.address}
+DB Username: ${aws_db_instance.postgres.username}
+DB Password: ${aws_db_instance.postgres.password}
+EOF
+
+  filename = "${path.module}/db_info.txt"
+}

IaC/aws/provider.tf

@@ -0,0 +1,76 @@
+# Define Subnet in Availability Zone 1
+resource "aws_subnet" "private_1" {
+  vpc_id                  = aws_vpc.main.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone       = var.az_1
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "${var.prefix}-private-1"
+  }
+}
+
+# Define Subnet in Availability Zone 2
+resource "aws_subnet" "private_2" {
+  vpc_id                  = aws_vpc.main.id
+  cidr_block              = "10.0.3.0/24"
+  availability_zone       = var.az_2
+  map_public_ip_on_launch = false
+  tags = {
+    Name = "${var.prefix}-private-2"
+  }
+}
+
+resource "aws_db_subnet_group" "main" {
+  name       = "main"
+  subnet_ids = [
+    aws_subnet.private_1.id,
+    aws_subnet.private_2.id
+  ]
+
+  tags = {
+    Name = "${var.prefix}-main"
+  }
+}
+
+# Define a security group for RDS
+resource "aws_security_group" "rds_sg" {
+  description = "Allow inbound traffic to RDS"
+  vpc_id = aws_vpc.main.id
+
+  ingress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    security_groups = [aws_security_group.ec2_sg.id]  # Allow traffic from EC2 security group
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.prefix}-rds_sg"
+  }
+}
+
+# Define the RDS instance
+resource "aws_db_instance" "postgres" {
+  identifier              = "${var.prefix}-postgres-db"
+  allocated_storage       = 20
+  engine                  = "postgres"
+  engine_version          = "16.3"
+  instance_class          = "db.t3.micro"
+  username                = "postgres_user"
+  password                = var.db_password
+  db_subnet_group_name    = aws_db_subnet_group.main.name
+  vpc_security_group_ids  = [aws_security_group.rds_sg.id]
+  skip_final_snapshot     = true
+  publicly_accessible     = false
+
+  tags = {
+    Name = "${var.prefix}-PostgresDB"
+  }
+}

IaC/aws/rds.tf

@@ -0,0 +1,30 @@
+variable "prefix" {
+  description = "Project prefix for the resource names"
+  type        = string
+}
+
+variable "region" {
+  description = "AWS Region to deploy to."
+  type        = string
+}
+
+variable "az_1" {
+  description = "Availability Zone 1. Used by the EBS (disk) and RDS (database) resource."
+  type        = string
+}
+
+variable "az_2" {
+  description = "Availability Zone 2. Used by the RDS resource. "
+  type        = string
+}
+
+variable "key_name" {
+  description = "The key name of the SSH key-pair"
+  type        = string
+}
+
+variable "db_password" {
+  description = "The password for the RDS database"
+  type        = string
+  sensitive   = true
+}

IaC/aws/variables.tf

@@ -51,7 +51,7 @@
             # Used to deploy the IHP application to AWS.
             #
             # Change the `CHANGE-ME` to your correct config.
-            flake.nixosConfigurations."qa" = nixpkgs.lib.nixosSystem {
+            flake.nixosConfigurations."ihp-app" = nixpkgs.lib.nixosSystem {
                 system = "x86_64-linux";
                 specialArgs = inputs;
                 modules = [
@@ -136,7 +136,7 @@
                         # @see https://nixos.wiki/wiki/Automatic_system_upgrades
                         system.autoUpgrade.enable = true;
                         # Keep as is. See https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
-                        system.stateVersion = "23.05";
+                        system.stateVersion = lib.mkForce "23.11";
                     })
                 ];
             };