First Commit

Author: stacksimplify

.gitignore

@@ -0,0 +1,29 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*

README.md

@@ -0,0 +1,2 @@
+# terraform-iacdevops-with-aws-codepipeline
+terraform-iacdevops-with-aws-codepipeline

buildspec-dev.yml

@@ -0,0 +1,43 @@
+version: 0.2
+
+env:
+  variables:
+    TERRAFORM_VERSION: "0.15.3"
+    TF_COMMAND: "apply"
+    #TF_COMMAND: "destroy"
+  parameter-store:
+    AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID"
+    AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY"
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.7
+    on-failure: ABORT       
+    commands:
+      - tf_version=$TERRAFORM_VERSION
+      - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip
+      - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip
+      - mv terraform /usr/local/bin/
+  pre_build:
+    on-failure: ABORT     
+    commands:
+      - echo terraform execution started on `date`            
+  build:
+    on-failure: ABORT   
+    commands:
+    # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS 
+      - cd "$CODEBUILD_SRC_DIR/terraform-manifests"
+      - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests"
+      - terraform --version
+      - terraform init -input=false --backend-config=dev.conf
+      - terraform validate
+      - terraform plan -lock=false -input=false -var-file=dev.tfvars           
+      - terraform $TF_COMMAND -input=false -var-file=dev.tfvars -auto-approve  
+  post_build:
+    on-failure: CONTINUE   
+    commands:
+      - echo terraform execution completed on `date`      
+
+
+    

buildspec-stag.yml

@@ -0,0 +1,43 @@
+version: 0.2
+
+env:
+  variables:
+    TERRAFORM_VERSION: "0.15.3"
+    TF_COMMAND: "apply"
+    #TF_COMMAND: "destroy"
+  parameter-store:
+    AWS_ACCESS_KEY_ID: "/CodeBuild/MY_AWS_ACCESS_KEY_ID"
+    AWS_SECRET_ACCESS_KEY: "/CodeBuild/MY_AWS_SECRET_ACCESS_KEY"
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.7
+    on-failure: ABORT       
+    commands:
+      - tf_version=$TERRAFORM_VERSION
+      - wget https://releases.hashicorp.com/terraform/"$TERRAFORM_VERSION"/terraform_"$TERRAFORM_VERSION"_linux_amd64.zip
+      - unzip terraform_"$TERRAFORM_VERSION"_linux_amd64.zip
+      - mv terraform /usr/local/bin/
+  pre_build:
+    on-failure: ABORT     
+    commands:
+      - echo terraform execution started on `date`            
+  build:
+    on-failure: ABORT   
+    commands:
+    # Project-1: AWS VPC, ASG, ALB, Route53, ACM, Security Groups and SNS 
+      - cd "$CODEBUILD_SRC_DIR/terraform-manifests"
+      - ls -lrt "$CODEBUILD_SRC_DIR/terraform-manifests"
+      - terraform --version
+      - terraform init -input=false --backend-config=stag.conf
+      - terraform validate
+      - terraform plan -lock=false -input=false -var-file=stag.tfvars           
+      - terraform $TF_COMMAND -input=false -var-file=stag.tfvars -auto-approve  
+  post_build:
+    on-failure: CONTINUE   
+    commands:
+      - echo terraform execution completed on `date`      
+
+
+    

terraform-manifests/app1-install.sh

@@ -0,0 +1,12 @@
+#! /bin/bash
+# Instance Identity Metadata Reference - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
+sudo yum update -y
+sudo yum install -y httpd
+sudo systemctl enable httpd
+sudo service httpd start  
+sudo echo '<h1>Welcome to StackSimplify - APP-1</h1>' | sudo tee /var/www/html/index.html
+sudo mkdir /var/www/html/app1
+sudo echo '<!DOCTYPE html> <html> <body style="background-color:rgb(250, 210, 210);"> <h1>Welcome to Stack Simplify - APP-1</h1> <p>Terraform Demo</p> <p>Application Version: V1</p> </body></html>' | sudo tee /var/www/html/app1/index.html
+sudo curl http://169.254.169.254/latest/dynamic/instance-identity/document -o /var/www/html/app1/metadata.html
+
+

terraform-manifests/c1-versions.tf

@@ -0,0 +1,35 @@
+# Terraform Block
+terraform {
+  required_version = "~> 0.14" # which means any version equal & above 0.14 like 0.15, 0.16 etc and < 1.xx
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+    null = {
+      source = "hashicorp/null"
+      version = "~> 3.0"
+    }    
+    random = {
+      source = "hashicorp/random"
+      version = "~> 3.0"
+    }            
+  }
+  # Adding Backend as S3 for Remote State Storage
+  backend "s3" {}      
+}
+
+# Provider Block
+provider "aws" {
+  region  = var.aws_region
+  profile = "default"
+}
+/*
+Note-1:  AWS Credentials Profile (profile = "default") configured on your local desktop terminal  
+$HOME/.aws/credentials
+*/
+
+# Create Random Pet Resource
+resource "random_pet" "this" {
+  length = 2
+}

terraform-manifests/c10-01-ALB-application-loadbalancer-variables.tf

@@ -0,0 +1,3 @@
+# Terraform AWS Application Load Balancer Variables
+# Place holder file for AWS ALB Variables
+

terraform-manifests/c10-02-ALB-application-loadbalancer.tf

@@ -0,0 +1,106 @@
+# Terraform AWS Application Load Balancer (ALB)
+module "alb" {
+  source  = "terraform-aws-modules/alb/aws"
+  #version = "5.16.0"
+  version = "6.0.0" 
+
+  name = "${local.name}-alb"
+  load_balancer_type = "application"
+  vpc_id = module.vpc.vpc_id
+  /*Option-1: Give as list with specific subnets or in next line, pass all public subnets 
+  subnets = [
+    module.vpc.public_subnets[0],
+    module.vpc.public_subnets[1]
+  ]*/
+  subnets = module.vpc.public_subnets
+  #security_groups = [module.loadbalancer_sg.this_security_group_id]
+  security_groups = [module.loadbalancer_sg.security_group_id]
+  # Listeners
+  # HTTP Listener - HTTP to HTTPS Redirect
+    http_tcp_listeners = [
+    {
+      port               = 80
+      protocol           = "HTTP"
+      action_type = "redirect"
+      redirect = {
+        port        = "443"
+        protocol    = "HTTPS"
+        status_code = "HTTP_301"
+      }
+    }
+  ]  
+  # Target Groups
+  target_groups = [
+    # App1 Target Group - TG Index = 0
+    {
+      name_prefix          = "app1-"
+      backend_protocol     = "HTTP"
+      backend_port         = 80
+      target_type          = "instance"
+      deregistration_delay = 10
+      health_check = {
+        enabled             = true
+        interval            = 30
+        path                = "/app1/index.html"
+        port                = "traffic-port"
+        healthy_threshold   = 3
+        unhealthy_threshold = 3
+        timeout             = 6
+        protocol            = "HTTP"
+        matcher             = "200-399"
+      }
+      protocol_version = "HTTP1"
+     /* # App1 Target Group - Targets
+      targets = {
+        my_app1_vm1 = {
+          target_id = module.ec2_private_app1.id[0]
+          port      = 80
+        },
+        my_app1_vm2 = {
+          target_id = module.ec2_private_app1.id[1]
+          port      = 80
+        }
+      }
+      tags =local.common_tags # Target Group Tags*/
+    },  
+  ]
+
+  # HTTPS Listener
+  https_listeners = [
+    # HTTPS Listener Index = 0 for HTTPS 443
+    {
+      port               = 443
+      protocol           = "HTTPS"
+      #certificate_arn    = module.acm.this_acm_certificate_arn
+      certificate_arn    = module.acm.acm_certificate_arn
+      action_type = "fixed-response"
+      fixed_response = {
+        content_type = "text/plain"
+        message_body = "Fixed Static message - for Root Context"
+        status_code  = "200"
+      }
+    }, 
+  ]
+
+  # HTTPS Listener Rules
+  https_listener_rules = [
+    # Rule-1: /app1* should go to App1 EC2 Instances
+    { 
+      https_listener_index = 0
+      priority = 1
+      actions = [
+        {
+          type               = "forward"
+          target_group_index = 0
+        }
+      ]
+      conditions = [{
+        path_patterns = ["/*"]
+      }]
+    },  
+  ]
+  tags = local.common_tags # ALB Tags
+}
+
+
+

terraform-manifests/c10-03-ALB-application-loadbalancer-outputs.tf

@@ -0,0 +1,65 @@
+# Terraform AWS Application Load Balancer (ALB) Outputs
+output "lb_id" {
+  description = "The ID and ARN of the load balancer we created."
+  value       = module.alb.lb_id
+}
+
+output "lb_arn" {
+  description = "The ID and ARN of the load balancer we created."
+  value       = module.alb.lb_arn
+}
+
+output "lb_dns_name" {
+  description = "The DNS name of the load balancer."
+  value       = module.alb.lb_dns_name
+}
+
+output "lb_arn_suffix" {
+  description = "ARN suffix of our load balancer - can be used with CloudWatch."
+  value       = module.alb.lb_arn_suffix
+}
+
+output "lb_zone_id" {
+  description = "The zone_id of the load balancer to assist with creating DNS records."
+  value       = module.alb.lb_zone_id
+}
+
+output "http_tcp_listener_arns" {
+  description = "The ARN of the TCP and HTTP load balancer listeners created."
+  value       = module.alb.http_tcp_listener_arns
+}
+
+output "http_tcp_listener_ids" {
+  description = "The IDs of the TCP and HTTP load balancer listeners created."
+  value       = module.alb.http_tcp_listener_ids
+}
+
+output "https_listener_arns" {
+  description = "The ARNs of the HTTPS load balancer listeners created."
+  value       = module.alb.https_listener_arns
+}
+
+output "https_listener_ids" {
+  description = "The IDs of the load balancer listeners created."
+  value       = module.alb.https_listener_ids
+}
+
+output "target_group_arns" {
+  description = "ARNs of the target groups. Useful for passing to your Auto Scaling group."
+  value       = module.alb.target_group_arns
+}
+
+output "target_group_arn_suffixes" {
+  description = "ARN suffixes of our target groups - can be used with CloudWatch."
+  value       = module.alb.target_group_arn_suffixes
+}
+
+output "target_group_names" {
+  description = "Name of the target group. Useful for passing to your CodeDeploy Deployment Group."
+  value       = module.alb.target_group_names
+}
+
+output "target_group_attachments" {
+  description = "ARNs of the target group attachment IDs."
+  value       = module.alb.target_group_attachments
+}

terraform-manifests/c11-acm-certificatemanager.tf

@@ -0,0 +1,23 @@
+# ACM Module - To create and Verify SSL Certificates
+module "acm" {
+  source  = "terraform-aws-modules/acm/aws"
+  #version = "2.14.0"
+  version = "3.0.0"
+
+  domain_name  = trimsuffix(data.aws_route53_zone.mydomain.name, ".")
+  zone_id      = data.aws_route53_zone.mydomain.zone_id 
+
+  subject_alternative_names = [
+    #"*.devopsincloud.com"
+    var.dns_name 
+  ]
+  tags = local.common_tags
+}
+
+# Output ACM Certificate ARN
+output "this_acm_certificate_arn" {
+  description = "The ARN of the certificate"
+  #value       = module.acm.this_acm_certificate_arn
+  value       = module.acm.acm_certificate_arn
+}
+

terraform-manifests/c12-route53-dnsregistration.tf

@@ -0,0 +1,16 @@
+# DNS Name Input Variable
+variable "dns_name" {
+  description = "DNS Name to support multiple environments"
+  type = string   
+}
+# DNS Registration 
+resource "aws_route53_record" "apps_dns" {
+  zone_id = data.aws_route53_zone.mydomain.zone_id 
+  name    = var.dns_name 
+  type    = "A"
+  alias {
+    name                   = module.alb.lb_dns_name
+    zone_id                = module.alb.lb_zone_id
+    evaluate_target_health = true
+  }  
+}

terraform-manifests/c13-01-autoscaling-with-launchtemplate-variables.tf

@@ -0,0 +1,2 @@
+# Autoscaling Input Variables
+## Placeholder file